我有一个代码,询问数据库中是否存在一行,如果它存在,它会回显一条消息。但是,没有不管我把什么输入回荡PHP如果声明mysqli_num_rows不起作用
这里是我的代码:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<?php
$mysqlhost="host";
$mysqldatabase="b33_15887129_Accounts";
$mysqlusername="username";
$mysqlpassword="password";
$connect=new mysqli($mysqlhost,$mysqlusername,$mysqlpassword);
if (!$connect) {
die("Connection failed: " . $connect->connect_error);
}
echo "Connected Successfully";
mysqli_select_db($connect,"b33_15887129_Accounts");
$loginusername=$_POST['loginusername'];
$loginpassword=$_POST['loginpassword'];
$checkifexist="SELECT * FROM Users WHERE Username='$loginusername' AND 'Password=$loginpassword'";
$runquery=mysqli_query($connect,$checkifexist);
$numofrows=mysqli_num_rows($runquery);
if($numofrows==1){
echo "Successfully logged in!";
}else{
echo "Failed to log in";
}
?>
</body>
</html>
它管理呼应Connected successfully
但Successfully logged in
和Failed to log in
没有出现无论什么输入。任何帮助?
''Password = $ loginpassword''。这应该是正确的,'密码='$ loginpassword'' – Ranjith 2015-03-02 09:21:16
在数据库上的明文密码恐怖的尖叫,惊恐地注入$ _POST值直接到SQL语句 – 2015-03-02 09:27:25