使用预准备语句登录

时间:2018-01-28 16:45:12

标签: php

我是准备好的声明中的新手,每次我都会在正确的输入中登录它给我最后一个声明$ _SESSION [“message”]但为什么?

$user = $_POST["username"];
$pass = $_POST["password"];


$stmt = mysqli_prepare($conn, "SELECT * FROM user WHERE username = ? AND password = ?");
mysqli_stmt_bind_param($stmt, "ss", $user, $pass);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);

if(mysqli_stmt_num_rows($stmt) > 0){
$row = mysqli_stmt_fetch($stmt);

 if($row["user_type"]=="admin"){
 $_SESSION["username"] = $user;
 $_SESSION["user_type"] = $row["user_type"];
 header("Location: adminpage.php");

 }elseif($row["user_type"]=="secretary"){
 $_SESSION["username"] = $user;
 $_SESSION["user_type"] = $row["user_type"];
 header("Location: dashboard.php");
        }
        }else{
    $_SESSION["message"] = "Invalid username or password";
   header("Location: index.php");
      mysqli_stmt_close($stmt);
    }




    mysqli_close($conn);

0 个答案:

没有答案
相关问题
最新问题