PHP错误:代码始终返回相同的值
[英]PHP Error: Code always returning the same value
问题描述
I've made this code to login in to a site, but my code always returns Onjuiste gegevens (incorrect data) . 
我已经使此代码登录到站点,但是我的代码始终返回Onjuiste gegevens (不正确的数据) 。 I don't know why. 我不知道为什么
In my database I have made 1 account with username: sander and password: sander. 在我的数据库中,我创建了1个帐户,用户名:sander和密码:sander。 When I enter this in the form I still get "Onjuiste gegevens". 当我以表格形式输入时,我仍然会收到“ Onjuiste gegevens”。 Could someone please help me to fix this? 有人可以帮我解决这个问题吗?
<?php
$conn = mysqli_connect("localhost", "root", "", "login");
if (isset($_POST['inloggen'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM users WHERE username = '$username' AND '$password'";
$result = mysqli_query($conn, $query);
if (mysqli_num_rows($result) == 1) {
echo "Juiste gegevens!";
} else {
echo "Onjuiste gegevens!";
}
echo "<br />";
}
?>
<form method="post" action="">
<label>Username</label>
<input type="text" name="username"/><br />
<label>Password</label>
<input type="password" name="password"/><br />
<input type="submit" name="inloggen" value="Inloggen"/>
</form>
4 个解决方案
解决方案1
4 已采纳 2016-02-22 12:48:08
There's a problem with your query , you've missed out password , it should be: 您的query有问题,您错过了password ,应该是:
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
Also, you should prevent MySQL Injection : 另外,您应该防止MySQL Injection :
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
Read more about mysqli_real_escape_string() at http://www.w3schools.com/php/func_mysqli_real_escape_string.asp . 在http://www.w3schools.com/php/func_mysqli_real_escape_string.asp上阅读有关mysqli_real_escape_string()更多信息。
Also read up on MySQLi Prepared Statements : http://php.net/manual/en/mysqli.quickstart.prepared-statements.php , it's a good way to prevent MySQL Injection . 另请阅读MySQLi Prepared Statements : http : //php.net/manual/en/mysqli.quickstart.prepared-statements.php ,这是防止MySQL Injection的好方法。
Tip: Remember to store passwords hashed for security purposes. 提示:为安全起见,请记住存储散列的密码。 Do not store them as plain-text. 不要将它们存储为纯文本格式。
解决方案2
0 2016-02-22 12:47:20
您的查询逻辑错误,您忘记了password :
SELECT * FROM users WHERE username = '$username' AND password='$password'
解决方案3
0 2016-02-22 12:47:46
Your query is not valid. 您的查询无效。 You're forgetting the password column in your database. 您忘记了数据库中的密码列。
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
Besides having a wrong query, the query is open for sql injections. 除了有错误的查询外,该查询还可以进行sql注入。
解决方案4
0 2016-02-22 13:12:56
Try this 尝试这个
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
which improves security by using mysqli_real_escape_string() for post variables. 通过将mysqli_real_escape_string()用于post变量可以提高安全性。
mysqli_real_escape_string() - Escapes special characters in a string for use in an SQL statement, mysqli_real_escape_string() -转义字符串中的特殊字符以用于SQL语句,
http://php.net/manual/en/mysqli.real-escape-string.php http://php.net/manual/zh/mysqli.real-escape-string.php
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.