这是我的代码,即使点击提交按钮后,登录成功。提供错误的用户名和密码时登录成功
$username = isset($_POST['username']);
$password = isset($_POST['password']);
//sql dtabase conn
$conn = mysqli_connect("localhost","root","","login");
//query the dtabase for user
$result = mysqli_query($conn, "select * from users where username =
'$username' and password = '$password'")or die("failed to query database".mysqli_connect_error());
$row = mysqli_fetch_array ($result);
if($row['username'] == $username && $row['password'] == $password && (""
!== $username || "" !== $password)){
echo "Login success".$row['username'];
}else{
echo "Failed to login";
}
我是初学者。请帮助我
不要使用isset来分配变量。使用一些转义函数或其他东西。你应该把isset放在if语句上 –
首先修复这行两行'$ username = isset($ _ POST ['username'])? $ _POST ['username']:“”; $ password = isset($ _ POST ['password'])? $ _ POST [ '密码']: “”;' –