我想写一个mysql php代码 如果我把ID和passwd放在一起,它会检查数据库 并链接到登录成功或登录失败。 但是我的代码即使id和passwd正确也无法进入登录成功
$mysqli = new mysqli('localhost', 'root', '', 'project');
$username = $_POST['username'];
$password = $_POST['password'];
//to check whether the username exists or not
$stmt = $mysqli->stmt_init();
$stmt->prepare("select pid, password from person where pid = '$username' and passwd = '$password'");
$stmt->bind_param('ss', $username, MD5($password));
$stmt->bind_result($result,$result2);
$stmt->execute();
**
if ($stmt->fetch())
{
session_start();
$_SESSION['pid'] = $username;//login id
header('Location: Login Successfully.php');
exit();
}else{
$_SESSION['pid'] = $username;
header('Location: Failed to login.php');
}
** 这是我的获取。但它始终是登录失败的.php
在执行上面的代码之前,这是我的login.php。它获取输入id和passwd并将其传递给fetch代码。
登录:
在下面输入您的用户名和密码:
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" value="Submit" />
答案 0 :(得分:0)
使用prepare()时,您需要使用占位符?而不是实际变量。此外,passwd看起来应该是password。所以你想要改变
$stmt->prepare("select pid, password from person where pid = '$username' and passwd = '$password'");
到
$stmt->prepare("select pid, password from person where pid = ? and password = ?");