检查是否值在数据库中存在的，如果不使用PHP

<?php 
    require_once("!cache.php"); 
    $connection = mysqli_connect ('localhost', 'twa137', 'twa137hu',  'westernhotel137'); 

    if(!$connection) { 
     die("connection failed: " . mysqli_connect_error()); 
    } 

    $username=""; 
    $password=""; 
    $usmg=""; 
    $pasmg=""; 
    $logincorrect = ""; 

    if (isset($_POST["submit"])) { 
     // Here we only validate that username and password are not empty. 

     $username = $_POST["username"]; 
     if (empty($username)) $usmg = '<span class="error"> This field is mandatory. Please enter staff ID.</span>'; 

     $password = $_POST["password"]; 
     if (empty($password)) $pasmg = '<span class="error"> This field is mandatory. Please enter password.</span>'; 

     if (strlen($usmg)==0 && strlen($pasmg)==0) { 
      // sanitize them before passing to database 
      $username = mysqli_real_escape_string($connection, $username); 
      $password = mysqli_real_escape_string($connection, $password); 
      $sql = "select username, password from customers where username = '$username' and password = '$password'"; 
      $rs = mysqli_query($connection, $sql) 
       or die("Error when looking up username and password" . mysqli_error($connection)); 

      if (mysqli_num_rows($rs) > 0) { 
       // username and password correct 
       session_start(); 
       $_SESSION["who1"] = $username; 

       $_SESSION["password"] = $password; 
       mysqli_close($connection); 
       $logincorrect = true; 

       header("location: browse.php"); 
      } 

      mysqli_close($connection); 
     } 
    } 
?> 

<!DOCTYPE html> 
<html lang="en"> 
    <head> 
     <meta charset="utf-8"> 
     <title>Login</title> 
     <style type="text/css"> 
      input[type="text"] { 
       border: 2px solid black; 
      } 
      .error { 
       color:red; 
      } 
     </style> 
    </head> 
    <body> 
     <h2>Login page </h2> 

     <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post"> 
      <p> 
      Admin name: <input type="text" name="username" value="<?php echo htmlspecialchars($username) ?>" /> 
      <?php echo $usmg; ?> 
      </p> 
      <p> 
      Password: <input type="password" name="password" value="<?php echo htmlspecialchars($password) ?>" /> 
      <?php echo $pasmg; ?> 
      </p> 
      <p> 
      <input type="submit" value="Submit" name="submit"/> 
      </p> 
      <p> 
      <input type="reset" value="Reset" name="reset"/> 
      </p> 
     </form> 

     <?php 
      if (isset($_POST['submit']) && !$logincorrect) { 
       echo "<p> <span class='error'>Login details incorrect. Please try again!</span></p>"; 
      } 
     ?> 
    </body> 
    </html>

重定向到一个页面，我需要检查，如果该值存在，并且如果它，它会重定向到另一个页面，但是当我尝试测试我的输入它总是显示登录信息不正确，即使该值在数据库检查是否值在数据库中存在的，如果不使用PHP

来源

2016-06-01 Imtiaz Khandaker

为什么'在这里输入代码'行是有这么多次.... PLZ编辑问题 –

是你的数据库密码散列或在任何文字，加密？ – keziah

对不起，我这里是新的@DrManishJoshi –

<?php 
session_start(); 
?><html> 
<head> 
<style type="text/css"> 
input{ 
border:1px solid olive; 
border-radius:5px; 
} 
h1{ 
    color:darkgreen; 
    font-size:22px; 
    text-align:center; 
} 
</style> 
</head> 
<body> 
<h1>Login<h1> 
<form action='' method='post'> 
<table cellspacing='5' align='center'> 
<tr><td>User name:</td><td><input type='text' name='username'/></td></tr> 
<tr><td>Password:</td><td><input type='password' name='password'/></td></tr> 
<tr><td></td><td><input type='submit' name='submit' value='Submit'/></td></tr> 
</table> 

</form> 
<?php 
if(isset($_POST['submit'])) 
{ 
$connection=mysqli_connect('localhost','twa137','twa137hu','westernhotel137'); 

$username=$_POST['username']; 
$password=$_POST['password']; 
if($username!=''&&$password!='') 
{ 
    $query=mysqli_query($connection,"select * from login where username='".$username."' and password='".$password."'"); 
    $res=mysqli_num_rows($query); 
    if($res>0) 
    { 
    $_SESSION["username"] = $username; 
    header('location:browse.php'); 
    } 
    else 
    { 
    echo'You entered username or password is incorrect'; 
    } 
} 
else 
{ 
    echo'Enter both username and password'; 
} 
} 
?> 
</body> 
</html>

来源

2016-06-01 06:35:14 Mani

它显示一个错误“警告：mysqli_num_rows（）期望参数1为mysqli_result，布尔在I：\ twa \ twa137 \ assignment1 \ adminlogin.php中给出的第37行您输入的用户名或密码不正确“ 也应该在哪里开始会话？ –

我修改了会话的代码。检查数据库连接，表和字段名称是否正确。 – Mani

谢谢，现在工作。 –

存在节省用户名和密码进入数据库，你可以做到这一点之前。这是安全的表单提交：

$username=$_POST['username']; 
$password=$_POST['password']; 

$username = stripslashes($username);// This prevents accidental sql injection 
$password = stripslashes($password); 
$username = mysqli_real_escape_string($username); 
$password = mysqli_real_escape_string($password); 
$password = md5($password); //Optional but secured as you are hashing the password 
//here add your SQL query to save into database

同样的方法，你可以使用登录名和用户名和密码注册。在表单中，您可以删除值，因为您将输入值。我还建议你开始使用PDO，因为它更安全。

来源

2016-06-01 07:23:28

现在工作，谢谢你们。 –

检查是否值在数据库中存在的，如果不使用PHP

回答

相关问题