所以我在html中做了如下的基本登錄表單。我明白現在缺少安全措施,但我只是希望它能夠首先登錄。然後,我將構建更高級的功能。Mysql登錄表
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Jotorres Login Form</title>
</head>
<body>
<form method="post" action="login.php" >
<table border="1" >
<tr>
<td><label for="users_name">Username</label></td>
<td><input type="text"
name="users_name" id="users_name"></td>
</tr>
<tr>
<td><label for="users_pass">Password</label></td>
<td><input name="users_pass"
type="password" id="users_pass"></input></td>
</tr>
<tr>
<td><input type="submit" value="Submit"/>
<td><input type="reset" value="Reset"/>
</tr>
</table>
</form>
</body>
</html>
然後我打電話給login.php。我有一個名爲「tommytest」的RDS數據庫中的用戶,密碼是「tommytest」,但它不起作用。保持說不正確的用戶名或密碼。但如果我將表格留空並點擊提交,表示我已驗證。
<?php
// Grab User submitted information
$name = $_POST["users_name"];
$pass = $_POST["users_pass"];
// Connect to the database
$con = mysql_connect("localhost","username","password");
// Make sure we connected succesfully
if(! $con)
{
die('Connection Failed'.mysql_error());
}
// Select the database to use
mysql_select_db("ist421test",$con);
$result = mysql_query("SELECT userName AND password FROM users_tbl WHERE userName = '$name'");
$row = mysql_fetch_array($result);
if($row["userName"]==$name && $row["password"]==$pass)
echo"You are a validated user.";
else
echo"Sorry, your credentials are not valid, Please try again.";
?>
好吧,如果您將表單留空,則查詢結果將爲空白。 $ name和$ pass也是如此。所以當比較一個空的$ name到一個空的$ row ['userName']時,該等式爲TRUE。空白等於空白。我將在 – Rottingham
之下放置一個更準確的方法使用'WHERE userName ='$ name'AND password ='$ pass'「);'或'WHERE userName ='$ name'」);'它需要用引號。 –