我想为我的网站创建一个基本的登录脚本,我卡住了。我的代码如下:在php登录脚本错误sql查询
<?php
$myServer = "localhost";
$myUser = "root";
$myPass = "*******";
$myDB = "social_bookmarking";
//connection to the database
libxml_use_internal_errors(true);
$connect = mysqli_connect($myServer,$myUser, $myPass)
or die("Couldn't connect to SQLServer on $myServer");
//select a database to work with
$selected = mysqli_select_db($connect, $myDB)
or die("Couldn't open database $myDB");
$email = $_POST['email'];
var_dump($email);
$password = $_POST['passwd'];
var_dump($password);
$query = mysqli_query($connect, "SELECT * FROM users WHERE email='$email'");
var_dump($query);
if(!$query)
{
die("Query failed:");
}
else
{
$row = mysqli_fetch_array($query, MYSQLI_NUM);
var_dump($row);
if($email == $row['email'])
{
if($email=='' || $password == '')
{
header("Location: index.php?id=Some fields are empty");
}
else if ($email==$row['email'] && $password =$row['password']) {
# code...
header("Location: main.php?id=$email");
}
}
else
{
//mysqli_query("alter table users auto_increment = 1");
}
}
?>
这里是我的代码返回:
string '[email protected]' (length=24)
string '*********' (length=10)
object(mysqli_result)[2]
public 'current_field' => null
public 'field_count' => null
public 'lengths' => null
public 'num_rows' => null
public 'type' => null
array (size=5)
0 => string '1' (length=1)
1 => string 'Palade Radu' (length=11)
2 => string 'pa10der4du' (length=10)
3 => string 'Radu' (length=4)
4 => string '[email protected]' (length=24)
这是我的表:
http://i.stack.imgur.com/nDaBX.png
我不知道为什么都那些变量'null'。现在我得到var_dump ['row']下的未定义索引'email'。我在哪里得到全部错误?
请将结果粘贴到问题中,而不是图像。 –
你有这个电子邮件的注册表吗? –
在没有准备好语句的情况下使用'mysqli'会打开SQL注入攻击。 –