很抱歉,如果這是一個常見問題,但我很難過。爲什麼我的代碼總是返回「錯誤的用戶名和密碼」?
<?php
session_start();
unset($_SESSION['logerror']);
$host="localhost"; // Host name
$db_name="website_database.sqlite"; // Database name
$tbl_name="User"; // Table name
$con= sqlite_open("Website_Database.sqlite");
// username and password sent from form
$username=$_POST['Username'];
$password=$_POST['Password'];
$sql="SELECT * FROM ".$tbl_name." WHERE Username='".$username."' and Password='".$password."'";
$result= sqlite_query($con,$sql);
// Mysql_num_row is counting table row
$count= sqlite_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
// Register username, $password and redirect to file "login_success.php"
session_register("username");
session_register("password");
echo "Login Successful";
}
else {
echo "does this work nikhil";
}
?>
我正在使用SQLite,它運行的是USB。該文件是website_database.sqlite
表是用戶。內的數據是用戶名:000001和密碼:password
POST數據從先前的形式來爲這個
<form action="checklogin.php" method="post">
<div class="wrap"> <!--make a container that will have all our elements and will be the main stucture of you pages-->
<div class="logo"></div><!--The logo container-->
<div class="header_text">Room Booking</div><!--The main header of the fomr-->
<div class="logins_details_container"><!--The top container-->
<table class="fields_container"> <!--A simple 2x2 table for the form. We choose to use table as for this simple kind of stuff helps us to be everything well stuctured and putting less attributes at the css-->
<tr>
<td><span>Username</span></td>
<td><input class="field" id="Username" name="Username" value="" placeholder="" type="text" /></td>
</tr>
<tr>
<td><span>Password</span></td>
<td><input class="field" id="Password" type="Password" name="Password" value="" placeholder="" /></td>
</tr>
</table>
<div class="remeber_me_container"><!--A container for the Remember me text and the checkbox-->
<div class="remember_me">Remember Me?</div>
<input id="remeber_me" name="" value="" type="checkbox" />
</div>
<div class="login_btn"><!-- The login button-->
<input name="login_btn" value="Login" type="submit" />
</div>
</div>
<form/><!-- End of the logins_details_container -->
對於SQL注入攻擊,你是**開放的**,如果你還沒有被攻擊,你將被黑客入侵。請使用準備好的/參數化的查詢來防止這種情況發生。另請參閱:[如何防止SQL注入PHP?](http://stackoverflow.com/questions/60174/) –
簡單:您的密碼的表單元素的空白'name =「」' –
如果有疑問,總是'print_r ($ _POST);'看看用戶名和密碼是否被POST。正如弗雷德在上面指出的那樣,您的密碼名稱「屬性」是空的。如果你[啓用**錯誤報告**](http://stackoverflow.com/a/6575502/1438393),你會很容易發現這一點。 –