我正在为我的网站登录,当我登录时不检查用户是否已经存在于数据库中。即使您尚未注册,它也允许任何人登录。
这是登录的代码。
<?php
//database details
$servername = "localhost";
$username = "myname";
$password = "******";
$dbname = "mydb";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
session_start();
if(isset($_POST['email']))
{
$email = $_POST ['email'];
$password =$_POST ['password'];
$query = "SELECT * FROM Users WHERE Email='$email' AND Password='$password'";
$result = mysqli_query($conn, $query);
if($result==1)
{
header('Location: profile.php');
exit();
}
else
{
header('Location: failedlogin.html');
exit();
}
}
&GT;