我过去一直在使用MYSQL而且不是专家,但已设法生成一个简单的MySQL登录脚本。但是我知道我的脚本是基本的和过时的,我应该使用MYSQLI,
然而,MYSQLI对我没有任何意义,因为我在MySQL中尝试了以下代码,但我似乎无法使其工作,并且我得到了未定义的索引错误。
<?php
session_start();
include("config.php");
if (mysqli_connect_errno())
{
echo 'MySQLi Connection was not established:';
}
// checking the user
$myusername = mysqli_real_escape_string($conn,$_POST[‘myusername’]);
$pass = mysqli_real_escape_string($conn,$_POST[‘mypassword’]);
$sel_user = 'select * from supplier_users where username=’$myusername’ AND password=’$pass';
$run_user = mysqli_query($conn, $sel_user);
$check_user = mysqli_num_rows($run_user);
if($check_user>0){
$_SESSION[‘user’]=$myusername;
echo “success”;
}
else {
echo “fail”;
}
?>
这是我的MySQL登录脚本,工作正常:
<?php
session_start();
include("config.php");
$tbl_name="internal_users";
$tbl_name2="supplier_users";
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql = "select * from $tbl_name where username = '$myusername' and password = '$mypassword'
union
select * from $tbl_name2 where username = '$myusername' and password = '$mypassword'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
$row=mysql_fetch_array($result);
if($count==1){
session_start();
include("variables.php");
if($result){
$sql2 = "UPDATE $tbl_name2 SET online = 'online' WHERE online = 'offline' AND username = '$myusername'";
$result2=mysql_query($sql2);
$sql21 = "UPDATE $tbl_name SET online = 'online' WHERE online = 'offline' AND username = '$myusername'";
$result21=mysql_query($sql21); }
else
$_SESSION['val']=1;
header("location:../dashboard.php");
}
else {
$_SESSION['message2'] = '<div id="message_box2"><div class="boxclose" id="boxclose" onclick="this.parentNode.parentNode.removeChild(this.parentNode);">✖</div><h23>Oooops!</h23><p>The Username and Password Combination do not match. Please try again.</p> </div>';
header("location:../index.php");
}
ob_end_flush();
?>
我的config.php文件如下所示:
<?php
$host="localhost";
$username="mark";
$password="password";
$db_name="hewden1";
$conn = mysql_connect($host, $username, $password) or die("Could Not Connect to Server");
$db = mysql_select_db($db_name)or die("Cannot Connect the Database");
?>
我的问题是,有人可以告诉我如何将我的简单登录脚本从MYSQL转换为MYSQLI,并以我上面尝试的方式使其更加安全吗?我真的很感激任何人对此的帮助,因为我真的很难理解。
由于
答案 0 :(得分:0)
您发布的Mysqli代码似乎有点格式错误,引号是一些其他编码类型的引号:'当它应该是'IDK,如果这有意义的话。 同样在你的select语句中:
$sel_user = 'select * from supplier_users where username=’$myusername’ AND password=’$pass';
最后缺少一个引用,它应该像
$sel_user = "select * from supplier_users where username='$myusername' AND password='$pass'";
并且使用mysql()而不是mysqli()是没有意义的,因为前者是折旧的。