[英]Error in php login Form Using prepared Statement
I am new to programming Here i am creating simple registration and login form,My registration form works right it register the input given by user in the database properly,But when i use the same username and password in my login form it doesn't work,It doesn't login the user,I am using prepared statement,Any help would be appreciated,Forgive me if i had made some obvious mistake.I look up several tutorials but can't figure it out.... 我是编程新手,这里我正在创建简单的注册和登录表单,我的注册表单可以正确地将用户提供的输入正确地登录到数据库中,但是当我在登录表单中使用相同的用户名和密码时,它不起作用,它没有登录用户,我使用的是准备好的语句,请您提供任何帮助,如果我犯了一些明显的错误,请原谅我。我查阅了一些教程,但找不到答案。...
Thanks.... 谢谢....
This is my HTML code 这是我的HTML代码
<!DOCTYPE html>
<html>
<head>
<title>Login page</title>
</head>
<body>
<form method="POST" action="register.php">
<div class="container">
<label>Username :</label>
<input type="text" name="username" placeholder="Username"><br><br>
<label>Password :</label>
<input type="Password" name="password" placeholder="Password"><br><br>
<button type="sumbit" value="sumbit" name="sumbit">Register</button>
</div>
</form>
<br><br>
<form method="POST" action="login.php">
<div class="container">
<label>Username :</label>
<input type="text" name="username" placeholder="Username"><br><br>
<label>Password :</label>
<input type="Password" name="password" placeholder="Password"><br><br>
<button type="sumbit" value="sumbit" name="login">Login</button>
</div>
</form>
</body>
This is my code for login: 这是我的登录代码:
<?php
include "register.php";
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users where username ='$username' && password='$password'";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':username',$username);
$stmt->bindParam(':password',$password);
$stmt->execute();
$stmt->bind_result($username,$password);
$stmt->store_result();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->row ==1){
$_SESSION['login'] = $username;
header("location: home.php");
}else{
echo "Username and password is incorrect";
}
?>
You are binding parameters and the parameters are not in the query string. 您正在绑定参数,并且参数不在查询字符串中。
Change 更改
SELECT * FROM users where username ='$username' && password='$password'
to 至
SELECT * FROM users where username =:username && password=:password
You mistaken in your sql query and mixed methods of mysqli 您在sqli查询和mysqli的混合方法中弄错了
<?php
include "register.php";
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users where username =':username' && password=':password'";
$stmt = $conn->prepare($sql); $stmt->bindParam(':username',$username); $stmt->bindParam(':password',$password); $stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if($row){
$_SESSION['login'] = $username;
header("location: home.php");
}else{
echo "Username and password is incorrect";
} ?>
That's it. 而已。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.