[英]PHP Error: Code always returning the same value
I've made this code to login in to a site, but my code always returns Onjuiste gegevens
(incorrect data) . 我已经使此代码登录到站点,但是我的代码始终返回
Onjuiste gegevens
(不正确的数据) 。 I don't know why. 我不知道为什么
In my database I have made 1 account with username: sander and password: sander. 在我的数据库中,我创建了1个帐户,用户名:sander和密码:sander。 When I enter this in the form I still get "Onjuiste gegevens".
当我以表格形式输入时,我仍然会收到“ Onjuiste gegevens”。 Could someone please help me to fix this?
有人可以帮我解决这个问题吗?
<?php
$conn = mysqli_connect("localhost", "root", "", "login");
if (isset($_POST['inloggen'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM users WHERE username = '$username' AND '$password'";
$result = mysqli_query($conn, $query);
if (mysqli_num_rows($result) == 1) {
echo "Juiste gegevens!";
} else {
echo "Onjuiste gegevens!";
}
echo "<br />";
}
?>
<form method="post" action="">
<label>Username</label>
<input type="text" name="username"/><br />
<label>Password</label>
<input type="password" name="password"/><br />
<input type="submit" name="inloggen" value="Inloggen"/>
</form>
There's a problem with your query
, you've missed out password
, it should be: 您的
query
有问题,您错过了password
,应该是:
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
Also, you should prevent MySQL Injection
: 另外,您应该防止
MySQL Injection
:
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
Read more about mysqli_real_escape_string()
at http://www.w3schools.com/php/func_mysqli_real_escape_string.asp . 在http://www.w3schools.com/php/func_mysqli_real_escape_string.asp上阅读有关
mysqli_real_escape_string()
更多信息。
Also read up on MySQLi Prepared Statements
: http://php.net/manual/en/mysqli.quickstart.prepared-statements.php , it's a good way to prevent MySQL Injection
. 另请阅读
MySQLi Prepared Statements
: http : //php.net/manual/en/mysqli.quickstart.prepared-statements.php ,这是防止MySQL Injection
的好方法。
Tip: Remember to store passwords hashed for security purposes. 提示:为安全起见,请记住存储散列的密码。 Do not store them as plain-text.
不要将它们存储为纯文本格式。
您的查询逻辑错误,您忘记了password
:
SELECT * FROM users WHERE username = '$username' AND password='$password'
Your query is not valid. 您的查询无效。 You're forgetting the password column in your database.
您忘记了数据库中的密码列。
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
Besides having a wrong query, the query is open for sql injections. 除了有错误的查询外,该查询还可以进行sql注入。
Try this 尝试这个
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
which improves security by using mysqli_real_escape_string() for post variables. 通过将mysqli_real_escape_string()用于post变量可以提高安全性。
mysqli_real_escape_string() - Escapes special characters in a string for use in an SQL statement, mysqli_real_escape_string() -转义字符串中的特殊字符以用于SQL语句,
http://php.net/manual/en/mysqli.real-escape-string.php http://php.net/manual/zh/mysqli.real-escape-string.php
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.