我有一个小问题,我的登录&注册系统,但我不知道问题出在哪里。当我按“登录”或“注册”时,下一页是白色的。我只看到我的消息:“再试一次!”。我做了3 PHP文件:登录和注册系统
1)的index.php
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<form action="logreg.php" metodh="post" accept-charset="utf-8">
\t <label>Username:</label><input type="text" name="username" placeholder="Username">
\t <br>
\t <label>Password:</label><input type="password" name="password" placeholder="Password">
\t <br>
\t <input type="submit" name="login" value="Login">
\t <input type="submit" name="register" value="Register">
</form>
\t
</body>
</html>
我认为这个问题是在未来的文件:
2)logreg.php
<?php
$servername = "localhost";
$username = "alex";
$password = "calamar28";
$database = "register/login";
$conn = mysqli_connect($servername, $username, $password, $database);
if(!$conn){
\t die("Connection failde:".mysqli_connect_error());
}
if(isset($_POST["login"])) {
\t $user = $_POST['username'];
\t $pass = $_POST['password'];
\t
\t $sql = "SELECT * FROM users WHERE username='$user' AND password='$pass';";
\t
\t $result = mysqli_query($conn, $sql);
\t $count = mysqli_num_rows($result);
\t
\t if ($count == 1)
\t {
\t \t header("Location: personal.php");
\t }
\t else
\t {
\t \t echo "Username or password is incorrect!";
\t }
\t
}
else if(isset($_POST["register"])) {
\t $user = $_POST['username'];
\t $pass = $_POST['password'];
\t
\t $sql = "INSERT INTO users (id, username, password) VALUES ('', '$user', '$pass')";
\t
\t $result = mysqli_query($conn, $sql);
}
else
{
\t echo "Try again!";
} \t
?>
3)personal.php
<?php
if(isset($_POST["login"])){
\t echo "Welcome to you personal area !";
\t echo '<a href = "proiect4.php">Your proiect</a>';
}
else
{
\t echo "You are not logged in!";
}
?>
错字在'form'标签 - 'metodh = “后”'。 – andrewsi
用于mysqli的安全哈希密码的登录存根[此处](http://stackoverflow.com/a/33665819)。 PDO链接在底部。如果您在“where”子句中输入了密码,则表示您做错了(即:明文密码或定时攻击漏洞)。因此,作为试金石,如果在'where'条款中以任何方式*引用密码,则该系统设计得不好。 – Drew
更不用提你的设置的整个SQL注入问题。看看它对这个人做了什么[这里](http://stackoverflow.com/questions/38297105/mysql-real-escape-string-not-working-for-this-specific-example-mysql-real-escap?noredirect = 1#comment64014116_38297105) – Drew