用戶名和密碼驗證PHP MySql

Question

我試過這段代碼，它似乎沒有工作，所以我會很感激，如果有人可以幫我解決任何錯誤。

簡要概述，我的數據庫根目錄是'localhost'，數據庫名'ee2800'密碼'secret'，我需要它來驗證用戶名和密碼。

以下是我似乎沒有工作。

<?php 
 
    $conn = new mysqli("localhost", "ee2800", "secret", "ee2800"); 
 

 
    if (mysqli_connect_errno()) { 
 
     echo "Connection Failed. Try again." . mysqli_connect_error(); 
 
     exit(); 
 
    } /* else { 
 
     echo "Connection Successful <br/> "; 
 
     } */ 
 

 
    // Connect to database server 
 
    mysql_connect("localhost", "ee2800", "secret") or die(mysql_error()); 
 

 
    $UserName = mysql_real_escape_string($_POST['UserName']); 
 
    $Password = mysql_real_escape_string($_POST['Password']); 
 

 
    $sql = "SELECT * FROM users WHERE UserName = '$UserName' AND Password = '$Password' "; 
 
    $result = mysql_query($sql) or die(mysql_error()); 
 
    $numrows = mysql_num_rows($result); 
 
    if ($numrows > 1) { 
 
    else if ($numrows = 0) { 
 
     echo "wrong username or password" 
 
    } else { 
 
     echo "welcome" 
 
    } 
 

 
    // Close the database connection 
 
    mysql_close(); 
 
    ?>

謝謝

Answer 1

出於安全的愛，請不要在密碼純文本格式存儲。對用戶輸入和最初存儲的值使用相同的加密方法，以進一步防止用戶密碼泄漏。這個代碼應該對你有所幫助。

<?php 

$dbLink = mysqli_connect("localhost", "ee2800", "secret", "ee2800"); 
if (!$dbLink) { 
    echo "Connection Failed. Try again." . mysqli_connect_error(); 
    exit(); 
} else { 
    echo "Connection Successful <br />"; 
} 

$UserName = mysqli_real_escape_string($_POST['UserName']); 
$Password = mysqli_real_escape_string($_POST['Password']); //NOTE FOR THE FUTURE - PLEASE ADD ENCRYPTION TO THIS 

$sql = "SELECT * FROM users WHERE UserName = '$UserName' AND Password = '$Password' "; 
$result = mysqli_query($dbLink, $sql) or die(mysqli_error()); 
$numrows = mysqli_num_rows($result, MYSQLI_ASSOC); 

if ($numrows == 0) { 
    echo "wrong username or password"; 
} else { 
    echo "welcome"; 
} 

// Close the database connection 
mysqli_close(); 

>