<?php
//CONNECT TO DATABASE
$db_host="localhost";
$db_username="root";
$db_pass="";
$db_name="admin";
@mysql_connect("$db_host","$db_username","$db_pass","$db_name")
or die ("not connect");
@mysql_select_db("$db_name") or die ("no database");
echo "succesful connection";
//THEN I CHECK THE VALUES FROM MY FORM
if($_SERVER ['REQUEST_METHOD']=='POST'){
$username=$_POST['username'];
$password=$_POST['password'];
$username=htmlspecialchars($username);
$password=htmlspecialchars($password);
//SEARCH INTO MY DATABASE TABLE
$SQL="SELECT * FROM members WHERE`` username=$username AND password=$password ";
$result=mysql_query($SQL);
//BASED ON MY RESULTS I GIVE TO SESSION VARIABLE A VALUE 1 OR "" AND REDIRECT TO INDEX.PHP
if($result){
$num_rows=mysql_num_rows($result);
if($num_rows>0){
session_start();
$_SESSION['check']="1";
header ("Location:index.php");
}
else{
session_start();
$_SESSION['check']="";
header ("Location:index.php");
}
}
}
?>
答案 0 :(得分:0)
@mysql_connect
和@mysql_select_db
:请不要这样做,
使用mysqli代替不推荐使用的mysql扩展,请参阅Why shouldn't I use mysql_* functions in PHP?
为什么函数可能会抛出错误,你应该处理它,而不是使用@所以它们不会出现。
解决您的问题:
看看你的sql语句:
$SQL="SELECT * FROM members WHERE`` username=$username AND password=$password ";
这不起作用,您将$password
作为密码的纯文本传递,而不是此var的值,请尝试:
$SQL='SELECT * FROM members WHERE username="' . $username . '" AND password="' . $password . '";
答案 1 :(得分:-1)
我认为你的sql查询有问题。所以试试这个
$SQL="SELECT * FROM members WHERE `username`='".$username."' AND `password`='".$password."' ";
问题:
1)您使用的是直接$username
而没有单引号,因此如果用户名是字符串,则无法使用
2)在WHERE