我已经看到了一些类似的帖子,但我不能与之相关的,所以这里有云:参数错误 - PHP,MySQLi的登录表单
建筑形式登录,用PHP。我不熟悉MySQli,我知道我的一些代码有点混合。无论如何,我不断收到:
mysqli_query()预计参数1是mysqli的,串给出线15个
mysqli_num_rows()期望的是1个参数,2给出线16
你能大纲,显然,我要去哪里错了!除此之外,我知道我需要添加一些更好的安全性,但它只是想让它工作,因为我已经尝试了这么久了。
任何其他的想法是大量赞赏!
<?php
include "connect.php";
// Checking to see if the login form has been submitted
if (isset($_POST['username'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username = $username AND password = $password LIMIT 1";
$result=mysqli_query($sql);
$num_rows = mysqli_num_rows($result);
$row=mysqli_fetch_assoc($result);
// If login information is correct
if ($num_rows == 1) {
echo "You have successfully logged in.";
exit();
}
// If login information is invalid
else {
echo "Invalid login information. Please return to the previous page.";
exit();
}
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<h1>Login</h1>
<form method="post" action="login.php">
Username: <input type="text" name="username" /><br /><br />
Password: <input type="password" name="password" /><br /><br />
<input type="submit" name="submit" value="Log In" />
</form>
</body>
</html>
感谢您的关注。
检查文档的'mysqli_query':http://php.net/manual/en/mysqli.query.php(提示:它比'的mysql_query不同') – 2014-12-04 21:16:42
您必须将链接传递到您的连接:)它存储在connection.php – Toumash 2014-12-04 21:17:54
您需要设置编码aswell并且转义POST变量+把引号放在像''SELECT * FROM users WHERE username ='“ 。 mysqli_real_escape_string($ username)。 “'AND ...' – DanFromGermany 2014-12-04 21:18:03