用户名和密码验证PHP MySql

Question

我试过这段代码，它似乎没有工作，所以我会很感激，如果有人可以帮我解决任何错误。

简要概述，我的数据库根目录是'localhost'，数据库名'ee2800'密码'secret'，我需要它来验证用户名和密码。

以下是我似乎没有工作。

<?php 
 
    $conn = new mysqli("localhost", "ee2800", "secret", "ee2800"); 
 

 
    if (mysqli_connect_errno()) { 
 
     echo "Connection Failed. Try again." . mysqli_connect_error(); 
 
     exit(); 
 
    } /* else { 
 
     echo "Connection Successful <br/> "; 
 
     } */ 
 

 
    // Connect to database server 
 
    mysql_connect("localhost", "ee2800", "secret") or die(mysql_error()); 
 

 
    $UserName = mysql_real_escape_string($_POST['UserName']); 
 
    $Password = mysql_real_escape_string($_POST['Password']); 
 

 
    $sql = "SELECT * FROM users WHERE UserName = '$UserName' AND Password = '$Password' "; 
 
    $result = mysql_query($sql) or die(mysql_error()); 
 
    $numrows = mysql_num_rows($result); 
 
    if ($numrows > 1) { 
 
    else if ($numrows = 0) { 
 
     echo "wrong username or password" 
 
    } else { 
 
     echo "welcome" 
 
    } 
 

 
    // Close the database connection 
 
    mysql_close(); 
 
    ?>

谢谢

Answer 1

出于安全的爱，请不要在密码纯文本格式存储。对用户输入和最初存储的值使用相同的加密方法，以进一步防止用户密码泄漏。这个代码应该对你有所帮助。

<?php 

$dbLink = mysqli_connect("localhost", "ee2800", "secret", "ee2800"); 
if (!$dbLink) { 
    echo "Connection Failed. Try again." . mysqli_connect_error(); 
    exit(); 
} else { 
    echo "Connection Successful <br />"; 
} 

$UserName = mysqli_real_escape_string($_POST['UserName']); 
$Password = mysqli_real_escape_string($_POST['Password']); //NOTE FOR THE FUTURE - PLEASE ADD ENCRYPTION TO THIS 

$sql = "SELECT * FROM users WHERE UserName = '$UserName' AND Password = '$Password' "; 
$result = mysqli_query($dbLink, $sql) or die(mysqli_error()); 
$numrows = mysqli_num_rows($result, MYSQLI_ASSOC); 

if ($numrows == 0) { 
    echo "wrong username or password"; 
} else { 
    echo "welcome"; 
} 

// Close the database connection 
mysqli_close(); 

>