1. 首页
  2. 问答
  3. 使用mysql的php登录表单

使用mysql的php登录表单

2017-08-01 73 views
0

我在000webhost上创建了一个帐户来创建具有登录表单的html页面。但是当我尝试将表单连接到数据库时,我遇到了错误。使用mysql的php登录表单

下面是HTML代码:

<html> 

    <head> 
     <title>Login Page</title> 

     <style type = "text/css"> 
     body { 
      font-family:Arial, Helvetica, sans-serif; 
      font-size:14px; 
     } 

     label { 
      font-weight:bold; 
      width:100px; 
      font-size:14px; 
     } 

     .box { 
      border:#666666 solid 1px; 
     } 
     </style> 

    </head> 

    <body bgcolor = "#FFFFFF"> 




     <div align = "center"> 
     <div style = "width:300px; border: solid 1px #333333; " align = "left"> 
      <div style = "background-color:#333333; color:#FFFFFF; padding:3px;"><b>Login</b></div> 

      <div style = "margin:30px"> 

       <form method="POST" action="C1.php"> 
        <label>UserName :</label><input type = "text" name = "username" required = "box"/><br /><br /> 
        <label>Password :</label><input type = "password" name = "password" required = "box" /><br/><br /> 


        <input type = "submit" name="submit" value = " Login "/><br /> 

       </form> 

       <div style = "font-size:11px; color:#cc0000; margin-top:10px"><?php echo $error; ?></div> 

      </div> 

     </div> 

     </div> 
    </body> 
</html>

这里是我的PHP页面

 <?php 
session_start(); 
$servername = "localhost"; 
$username = "******"; 
$password = "******"; 

// Create connection 
$database_name = "id2425621_login"; 
$conn = mysqli_connect($servername, $username, $password, $database_name); 

if (isset($_POST['submit'])) 
     {  

    $username='king'; 
    $password='king123'; 

    $query = mysqli_query($conn, "SELECT * FROM mylogin WHERE username='$username' and password='$password'"); 
    if (mysqli_num_rows($query) != 0) 
    { 
    echo "sucess"; 
     } 
     else 
     { 
    echo "fail"; 
    } 
    } 
    ?>

MySQL有一个名为mylogin表的值有:

INSERT INTO `mylogin`(`username`, `password`) VALUES ('king','king123')

我不能” t连接数据库,提前感谢您的帮助

谢谢

来源

2017-08-01 turki

+1

'如果(mysqli_connect_errno()){ 回声 “无法连接到MySQL:”。 mysqli_connect_error(); }' 使用这个,并检查你得到一个错误。 – Virb

+0

显示空白页 – turki

+0

@turki在session_start()之后查看错误日志或页面顶部的内容。写入error_reporting(E_ALL);看到错误 –

回答

1

您已开放给sql注入。因此使用准备的查询。

替换你的PHP代码:

<?php 
session_start(); 
$servername = "localhost"; 
$username = "******"; 
$password = "******"; 

// Create connection 
$database_name = "id2425621_login"; 
if(isset($_POST['submit'])){ 
    $conn = mysqli_connect($servername, $username, $password, $database_name); 
    if (mysqli_connect_errno()) { 
     printf("Connect failed: %s\n", mysqli_connect_error()); 
     exit(); 
    } 
    $username=$_POST['username']; // username value get by form using $_POST 
    $password=$_POST['password']; // password value get by form using $_POST 
    $stmt = mysqli_prepare($conn, "SELECT * FROM mylogin WHERE username=? AND password=?"); 
    mysqli_stmt_bind_param($stmt, 'ss', $username, $password); 
    mysqli_stmt_execute($stmt); 
    if (mysqli_stmt_affected_rows($stmt) > 0){ 
     echo "sucess"; 
    } else { 
     echo "fail"; 
    } 
    mysqli_stmt_close($stmt); 
    mysqli_close($link); 
}

来源

2017-08-01 05:06:15

0

检查连接。检查错误日志是否有任何线索。

$conn = mysqli_connect($servername, $username, $password, $database_name); 
// Check connection 
if (!$conn) 
{ 
    die("Connection error: " . mysqli_connect_error()); 
}

希望这对你有所帮助。 For reference

来源

2017-08-01 04:53:15 JunieL

+0

无论输入用户名和密码,我都会收到消息“成功” – turki

+0

我认为你的问题在这里,'$ username ='king'; $ password ='king123';' 尝试使用另一个变量,因为它可能与数据库中的'$ username'和'$ password'混淆。 – JunieL

+0

你有什么建议,我真的被卡住了 – turki

0

你改进的代码是在这里:

100%工作和测试代码。

<?php 

session_start(); 
$db_host = "localhost"; 
$db_name = "id2425621_login"; 
$db_user = "root"; 
$db_pass = ""; 

if(isset($_POST['submit'])){ 
    $username = $_POST['username']; 
    $password = $_POST['password']; 

    // Create connection 
    $conn = new mysqli($db_host, $db_user, $db_pass, $db_name); 

    //Output any connection error 
    if ($conn->connect_error) { 
     die('Error : ('. $conn->connect_errno .') '. $conn->connect_error); 
    } 

    $stmt = $conn->prepare("SELECT * FROM mylogin WHERE username=? AND password=? LIMIT 1"); 
    $stmt->bind_param('ss', $username, $password); 
    $stmt->execute(); 
    $stmt->store_result(); 
    if($stmt->num_rows == 1) //To check if the row exists 
     { 
      $_SESSION['Logged'] = 1; 
      $_SESSION['username'] = $username; 
      echo 'Success!'; 
      exit(); 
    } 
    else { 
     echo "Invalid username or password"; 
    } 
    $stmt->close(); 
} 
else 
{ 
    //Nothing 
} 
$conn->close(); 

?>

来源

2017-08-01 04:58:44

+0

即使我输入了错误的数据,我也会收到消息成功 – turki

+0

现在再次更新你的代码。 –

+0

这是严重打开SQL注入攻击。改用带有值占位符的准备好的语句。 –

0

这里是你的答案

<?php 
session_start(); 
$servername = "localhost"; 
$username = "******"; 
$password = "******"; 

// Create connection 
$database_name = "id2425621_login"; 
$conn = mysqli_connect($servername, $username, $password, $database_name); 
if (!$conn) { 
    die(mysqli_error($conn)); 
} 
if (isset($_POST['submit'])) 
{  
    $username='abc'; 
    $password='abc123'; 

    $query = mysqli_query($conn, "SELECT * FROM mylogin WHERE username='$username' and password='$password'"); 
    if(!$query){ 
     echo("Error description: " . mysqli_error($conn)); 
    } else if(mysqli_num_rows($query) > 0){ 
     echo "success"; 
    } else { 
     echo "invalid user name or password"; 
    } 
} 
?>

来源

2017-08-01 05:12:10

相关问题

 相关问题