Question

我创建了一个简单的PHP登录系统，我在代码交叉检查用户名和密码方面遇到了一些问题。由于页面未将我移至management.php页面，因此无法按预期工作。

我已成功确认与数据库的成功连接。查询也是正确的，因为我能够将数据库查询回显到页面上（早期测试）。但是，现在我已经向前移动并开始插入if语句以获得某种形式的身份验证，该页面不再重定向我...有人可以仔细看看吗？

<?php
session_start(); 
if(isset($_POST['submit'])){
$db = mysqli_connect("localhost","root","root","customer");
if($db){
  $username = strip_tags($_POST['username']); 
  $password = strip_tags($_POST['password']); 
  $username = stripslashes($username); 
  $password = stripslashes($password); 
  $username = mysqli_real_escape_string($db,$_POST['username']); 
  $password = mysqli_real_escape_string($db,$_POST['password']); 
  $sql = "SELECT * FROM customers WHERE username='$username' AND password='$password';";
  $query = mysqli_query($db, $sql);
  $row = mysqli_fetch_array($query);

  }elseif($username == $row['username'] && $password == $row['password']) {
    header("Location: management.php");
    echo $username;
  }else{


    die("Connection Failed" . mysqli_connect_error());
  }
}
?>

下面是我应该触发我的PHP代码的表单。一切都应该在这里工作。

＆＃13;

<form method="POST" action="index.php">
<table>
  <tr>
    <td>username</td>
    <td><input type="text" name="username" class="textinput"/></td>
  </tr>
  <tr>
    <td>password</td>
    <td><input type="password" name="password" class="textinput"/></td>
  </tr>
  <tr>
    <td><input type="submit" value="submit" name="submit"/></td>
  </tr>
</table>
</form>

＆＃13;

请批评并帮助找到我出错的地方。

Answer 1

我修改了你的代码。试试这个

<?php
session_start(); 
if(isset($_POST['submit'])){
$db = mysqli_connect("localhost","root","root","customer");
if($db){
  $username = strip_tags($_POST['username']); 
  $password = strip_tags($_POST['password']); 
  $username = stripslashes($username); 
  $password = stripslashes($password); 
  $username = mysqli_real_escape_string($db,$_POST['username']); 
  $password = mysqli_real_escape_string($db,$_POST['password']); 
  $sql = "SELECT * FROM customers WHERE username='$username' AND password='$password';";
  $query = mysqli_query($db, $sql);
  $row = mysqli_fetch_array($query);



 if($username == $row['username'] && $password == $row['password']) {
    header("Location: management.php");

  }else{


    die("Connection Failed" . mysqli_connect_error());
  }
 }
}

Answer 2

您的查询中的问题是在elseif您的查询中目前所说的是，如果数据库已连接执行sql查询然后您有一个elseif语句，您的代码运行我怀疑它是否会到达elseif因为if（$ db）总是如此。

注意：正如我在上面的评论中所述，从不存储密码文本，php提供了更好的哈希密码方法 password_hash();和password_verify()您可以阅读它们 php手册

1. Password_hash();

2. Password_verify();

您还需要了解使用mysqli / pdo

准备好的语句

Here是对prepared statements的介绍。

<?php
    session_start();
    if (isset($_POST['submit'])) {
        $db = mysqli_connect("localhost", "root", "root", "customer");
        if ($db) {
            $username = strip_tags($_POST['username']);
            $password = strip_tags($_POST['password']);
            $username = stripslashes($username);
            $password = stripslashes($password);
            $username = mysqli_real_escape_string($db, $_POST['username']);
            $password = mysqli_real_escape_string($db, $_POST['password']);
            $sql      = "SELECT * FROM customers WHERE username='$username' AND password='$password'";
            $query    = mysqli_query($db, $sql);
            $row      = mysqli_fetch_array($query, MYSQLI_ASSOC);


            if (mysqli_num_rows($result) > 0) {
                header("Location: management.php");
                echo $username;
            } else {

                die("Incorrect username / password");
            }
        } else {


            die("Connection Failed" . mysqli_connect_error());
        }
    }
    ?>

PHP if if我的简单登录系统无法按预期工作

2 个答案: