[英]PHP Loging form mysql and bootstrap style gives Error
我正在從任何會話進行簡單登錄,這是我的PHP代碼:
<?php
$mysqli = new mysqli( 'localhost', 'cshrnaf_user2', '=cXlIBsdMkdr', 'cshrnaf_mis_db' );
if (isset($_POST['Username'])) {
$sql = "SELECT * FROM user WHERE email= '{$mysqli->real_escape_string($_POST['Username'])}' AND password= '{$mysqli->real_escape_string($_POST['Password'])}' LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows($res) == 1) {
echo "YOu have log in";
exit();
} else {
echo "not log in";
exit();
}
}
?>
和我的Bootstrap代碼:
</head>
<body class="gray-bg">
<div class="middle-box text-center loginscreen animated fadeInDown">
<div>
<h3>Welcome</h3>
<p>Login to your account.</p>
<form method="post" class="m-t" role="form">
<div class="form-group">
<input type="email" class="form-control" name=Username required="">
</div>
<div class="form-group">
<input type="password" class="form-control" name=Password required="">
</div>
<button type="submit" class="btn btn-primary block full-width m-b">Login</button>
</form>
</div>
</div>
</body>
</head>
它給了我3錯誤:
警告:mysql_query():在第7行的/home/cc/public_html/MIS_cc/login.php中拒絕用戶“ @'localhost”(使用密碼:NO)的訪問
警告:mysql_query():在第7行的/home/cc/public_html/MIS_cc/login.php中無法建立到服務器的鏈接
警告:mysql_num_rows()期望參數1為資源,第9行的/home/cc/public_html/MIS_cc/login.php中給出的布爾值無法登錄
對於您的編碼,將其更改為:
<?php
if (isset($_POST['Username'])) {
$sql = "SELECT * FROM user WHERE email= '{$mysqli->real_escape_string($_POST['Username'])}' AND password= '{$mysqli->real_escape_string($_POST['Password'])}' LIMIT 1";
$res = mysqli_query($mysqli , $sql); // Edited this line
if (mysqli_num_rows($res) == 1) { //Edited this line
echo "YOu have log in";
exit();
} else {
echo "not log in";
exit();
}
}
?>
但是,您實際上應該考慮使用准備好的語句,因為轉義字符串不足以保護自己免受sql注入。
使用代碼使用預准備語句的示例:
<?php
if(isset($_POST['Username'])) {
$username = $mysqli->real_escape_string($_POST['Username']);
$password = $mysqli->real_escape_string($_POST['Password']);
// Wrapping the prepared statement in an IF so if the sql statement is wrong it will return false and allows for error handling.
if ($stmt = $mysqli->prepare("SELECT * FROM user WHERE email = ? AND password = ? LIMIT 1")) {
// Bind the above $username and $password to the prepared query
$stmt->bind_param('ss', $username, $password);
// Execute the prepared query.
$stmt->execute()
// Store result of prepared statement
$stmt->store_result();
if ($stmt->num_rows == 1) {
echo "You have logged in.";
exit();
} else {
echo "Log in failed.";
exit();
}
$stmt->close();
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.