2
嗨所有睡衣都在那里:),如何登录一个用户对MySQL数据库验证用户名和密码?
我需要在我的数据库表(名为regdata)上对登录页面上提供的用户名和密码进行身份验证。成功验证后,用户将被带到/countdown_clock/countdown.html。当我运行该页面时,我没有被带到指定的countdown.html,但是同一个页面使用/authlogin.php刷新到URL的末尾。有人可以建议如何补救以下代码?
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
$Database = array(
"Host" => 'myhost',
"User" => 'myuser',
"Password" => 'mypass',
"Name" => 'mydb'
);
$mysqli = new mysqli($Database['Host'], $Database['User'], $Database['Password'], $Database['Name']);
if ($mysqli->connect_error)
{
?><span class="error">Connect Error (<?php echo $mysqli->connect_errno; ?>) <?php echo $mysqli->connect_error; ?></span><?php
exit();
}
$result = mysqli->prepare("SELECT username, password from regdata where username = $_POST['user_name'] and password = $_POST['password']");
if ($result && 0)
{
$result->execute();
$result->close();
header("Location: http://www.mydomain.com/countdown_clock/countdown.html");
}
else
{
$_SESSION['error'] = "Sorry, we cannot process your login at this time. Please try back later.";
header("Location: http://www.mydomain.com/");
}
?>
我的login.php呼吁authlogin.php如下:
<form id="form1" name="form1" method="post" action="authlogin.php">
<input type="submit" class="form_login" alt="Login" value="" /></p></form>
感谢, 希德
编辑:修订后的声明
$result = mysqli->prepare("SELECT username, password from regdata where username = '" . $_POST['email_address'] . "' and password = '" . $_POST['password']."'
");
这是正确的方法是什么?