回聲一個PHP文件

Question

我試圖打開我的「index.php」文件，當我登錄我的網站上的正確信息，但我不斷收到錯誤。

這裏是我的代碼：

<?php 
session_start(); 
include 'dbase.php'; 

$uid = $_POST['uid']; 
$pwd = $_POST['pwd']; 

$sql = "SELECT * FROM user WHERE uid = '$uid' AND pwd = '$pwd'"; 
$result = $conn->query($sql); 

if (!$row = mysqli_fetch_assoc($result)) 
{ 
    echo "Your username or password is incorrect!"; 
} 
else 
    { 
    echo fgets($index); 

} 

Answer 1

你也應該考慮使用預處理語句和PDO。準備好的語句，將有助於防止對SQL Injection 你dbase.php會像

try { 
    $db = new PDO('mysql:host=localhost;dbname=yourDBName', 'username', 'password'); 
} catch (PDOException $e) { 
    echo $e->getMessage(); 
} 

然後你實現

include 'dbase.php'; 

$uid = $_POST['uid']; 
$pwd = $_POST['pwd']; 

$sql = "SELECT * FROM `user` WHERE `uid` = :uid AND `pwd` = :pwd"; 
$statement = $db->prepare($sql); 
$userData = [ 
    'uid'=>$uid, 
    'pwd'=>$pwd 
]; 

$statement->execute($userData); 

if($statement->rowCount() > 0){ 
    header('Location: index.php'); 
    exit(); 
}else{ 
    echo "Your username or password is wrong!"; 
} 

Answer 2

在其他條件塊，重定向到索引文件

if (!$row = mysqli_fetch_assoc($result)) 
{ 
    echo "Your username or password is incorrect!"; 
} 
else 
    { 
    header("location: index.php"); 
    exit(); 

}