我创建了一个简单的PHP登录系统,我在代码交叉检查用户名和密码方面遇到了一些问题。由于页面未将我移至management.php
页面,因此无法按预期工作。
我已成功确认与数据库的成功连接。查询也是正确的,因为我能够将数据库查询回显到页面上(早期测试)。但是,现在我已经向前移动并开始插入if语句以获得某种形式的身份验证,该页面不再重定向我...有人可以仔细看看吗?
<?php
session_start();
if(isset($_POST['submit'])){
$db = mysqli_connect("localhost","root","root","customer");
if($db){
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($db,$_POST['username']);
$password = mysqli_real_escape_string($db,$_POST['password']);
$sql = "SELECT * FROM customers WHERE username='$username' AND password='$password';";
$query = mysqli_query($db, $sql);
$row = mysqli_fetch_array($query);
}elseif($username == $row['username'] && $password == $row['password']) {
header("Location: management.php");
echo $username;
}else{
die("Connection Failed" . mysqli_connect_error());
}
}
?>
下面是我应该触发我的PHP代码的表单。一切都应该在这里工作。
<form method="POST" action="index.php">
<table>
<tr>
<td>username</td>
<td><input type="text" name="username" class="textinput"/></td>
</tr>
<tr>
<td>password</td>
<td><input type="password" name="password" class="textinput"/></td>
</tr>
<tr>
<td><input type="submit" value="submit" name="submit"/></td>
</tr>
</table>
</form>
&#13;
请批评并帮助找到我出错的地方。
答案 0 :(得分:0)
我修改了你的代码。试试这个
<?php
session_start();
if(isset($_POST['submit'])){
$db = mysqli_connect("localhost","root","root","customer");
if($db){
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($db,$_POST['username']);
$password = mysqli_real_escape_string($db,$_POST['password']);
$sql = "SELECT * FROM customers WHERE username='$username' AND password='$password';";
$query = mysqli_query($db, $sql);
$row = mysqli_fetch_array($query);
if($username == $row['username'] && $password == $row['password']) {
header("Location: management.php");
}else{
die("Connection Failed" . mysqli_connect_error());
}
}
}
答案 1 :(得分:0)
您的查询中的问题是在elseif
您的查询中目前所说的是,如果数据库已连接执行sql查询然后您有一个elseif语句,您的代码运行我怀疑它是否会到达elseif因为if($ db)总是如此。
注意:正如我在上面的评论中所述,从不存储密码 文本,php提供了更好的哈希密码方法
password_hash();
和password_verify()
您可以阅读它们 php手册
您还需要了解使用mysqli / pdo
准备好的语句Here是对prepared statements的介绍。
<?php
session_start();
if (isset($_POST['submit'])) {
$db = mysqli_connect("localhost", "root", "root", "customer");
if ($db) {
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$sql = "SELECT * FROM customers WHERE username='$username' AND password='$password'";
$query = mysqli_query($db, $sql);
$row = mysqli_fetch_array($query, MYSQLI_ASSOC);
if (mysqli_num_rows($result) > 0) {
header("Location: management.php");
echo $username;
} else {
die("Incorrect username / password");
}
} else {
die("Connection Failed" . mysqli_connect_error());
}
}
?>