如何检查数据库是否包含用户名和密码？

Question

我有下面的代码 -

<?php 
$con=mysqli_connect("localhost","root","","my_db"); 
// Check connection 
if (mysqli_connect_errno()) 
{ 
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
} 

mysql_select_db("my_db"); 
$myusername=mysql_real_escape_string($_POST['myusername']); 
$mypassword=mysql_real_escape_string($_POST['mypassword']); 

echo $myusername . " " . $mypassword; 

$sql="SELECT id FROM EMPLOYEE WHERE username='" . $myusername . "' and password='" . $mypassword . "'"; 

$result=mysqli_query($con, $sql); 

// If result matched $myusername and $mypassword, table row must be 1 row 

if (mysql_num_rows($result) > 0) { 
    // Register $myusername, $mypassword and redirect to file "login_success.php" 
    $_SESSION["username"] = $myusername; 
    $_SESSION["password"] = $mypassword; 
    header("location:login_success.php"); 
} else { 
    echo "Wrong Username or Password"; 
} 

mysqli_close($con); 
?> 

EMPLOYEE表包含 1个ADMIN PASS 为ID的用户名和密码

如果我将其输入到表格并点击提交，它开辟了这个代码是check_login.php 我已经echo'd用户名和密码来检查它是否正确输入。 并在屏幕上显示ADMIN PASS。所以用户名和密码是正确的。

现在唯一的问题是在employee表中检查用户名和密码。它不起作用。

请帮忙。

Answer 1

在这里你去：

<?php 
    $con=mysqli_connect("127.0.0.1", "root", "", "my_db"); 
    if (mysqli_connect_errno($con)) 
    { 
     echo "MySql Error: " . mysqli_connect_error(); 
     } 

    $query=mysqli_query($con,"SELECT * FROM employee WHERE username='$_POST[myusername]' && password='$_POST[mypassword]'"); 
    $count=mysqli_num_rows($query); 
    $row=mysqli_fetch_array($query); 

    if ($count==1) 
    { 
     session_start(); 
     $_SESSION['username'] = $_POST['myusername']; 
     $_SESSION['password'] = $_POST['mypassword']; 
     header("location: login_success.php"); 
     } 
    else 
    { 
     echo "Invalid username or password"; 
     } 

    mysqli_close($con); 
    ?>