1. 首頁
  2. 問答
  3. 檢查是否值在數據庫中存在的,如果不使用PHP

檢查是否值在數據庫中存在的,如果不使用PHP

2016-06-01 31 views
0 
<?php 
    require_once("!cache.php"); 
    $connection = mysqli_connect ('localhost', 'twa137', 'twa137hu',  'westernhotel137'); 

    if(!$connection) { 
     die("connection failed: " . mysqli_connect_error()); 
    } 

    $username=""; 
    $password=""; 
    $usmg=""; 
    $pasmg=""; 
    $logincorrect = ""; 

    if (isset($_POST["submit"])) { 
     // Here we only validate that username and password are not empty. 

     $username = $_POST["username"]; 
     if (empty($username)) $usmg = '<span class="error"> This field is mandatory. Please enter staff ID.</span>'; 

     $password = $_POST["password"]; 
     if (empty($password)) $pasmg = '<span class="error"> This field is mandatory. Please enter password.</span>'; 

     if (strlen($usmg)==0 && strlen($pasmg)==0) { 
      // sanitize them before passing to database 
      $username = mysqli_real_escape_string($connection, $username); 
      $password = mysqli_real_escape_string($connection, $password); 
      $sql = "select username, password from customers where username = '$username' and password = '$password'"; 
      $rs = mysqli_query($connection, $sql) 
       or die("Error when looking up username and password" . mysqli_error($connection)); 

      if (mysqli_num_rows($rs) > 0) { 
       // username and password correct 
       session_start(); 
       $_SESSION["who1"] = $username; 

       $_SESSION["password"] = $password; 
       mysqli_close($connection); 
       $logincorrect = true; 

       header("location: browse.php"); 
      } 

      mysqli_close($connection); 
     } 
    } 
?> 

<!DOCTYPE html> 
<html lang="en"> 
    <head> 
     <meta charset="utf-8"> 
     <title>Login</title> 
     <style type="text/css"> 
      input[type="text"] { 
       border: 2px solid black; 
      } 
      .error { 
       color:red; 
      } 
     </style> 
    </head> 
    <body> 
     <h2>Login page </h2> 

     <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post"> 
      <p> 
      Admin name: <input type="text" name="username" value="<?php echo htmlspecialchars($username) ?>" /> 
      <?php echo $usmg; ?> 
      </p> 
      <p> 
      Password: <input type="password" name="password" value="<?php echo htmlspecialchars($password) ?>" /> 
      <?php echo $pasmg; ?> 
      </p> 
      <p> 
      <input type="submit" value="Submit" name="submit"/> 
      </p> 
      <p> 
      <input type="reset" value="Reset" name="reset"/> 
      </p> 
     </form> 

     <?php 
      if (isset($_POST['submit']) && !$logincorrect) { 
       echo "<p> <span class='error'>Login details incorrect. Please try again!</span></p>"; 
      } 
     ?> 
    </body> 
    </html>

重定向到一個頁面,我需要檢查,如果該值存在,並且如果它,它會重定向到另一個頁面,但是當我嘗試測試我的輸入它總是顯示登錄信息不正確,即使該值在數據庫檢查是否值在數據庫中存在的,如果不使用PHP

來源

2016-06-01 Imtiaz Khandaker

+0

爲什麼'在這裏輸入代碼'行是有這麼多次.... PLZ編輯問題 –

+0

是你的數據庫密碼散列或在任何文字,加密? – keziah

+0

對不起,我這裏是新的@DrManishJoshi –

回答

0 
<?php 
session_start(); 
?><html> 
<head> 
<style type="text/css"> 
input{ 
border:1px solid olive; 
border-radius:5px; 
} 
h1{ 
    color:darkgreen; 
    font-size:22px; 
    text-align:center; 
} 
</style> 
</head> 
<body> 
<h1>Login<h1> 
<form action='' method='post'> 
<table cellspacing='5' align='center'> 
<tr><td>User name:</td><td><input type='text' name='username'/></td></tr> 
<tr><td>Password:</td><td><input type='password' name='password'/></td></tr> 
<tr><td></td><td><input type='submit' name='submit' value='Submit'/></td></tr> 
</table> 

</form> 
<?php 
if(isset($_POST['submit'])) 
{ 
$connection=mysqli_connect('localhost','twa137','twa137hu','westernhotel137'); 

$username=$_POST['username']; 
$password=$_POST['password']; 
if($username!=''&&$password!='') 
{ 
    $query=mysqli_query($connection,"select * from login where username='".$username."' and password='".$password."'"); 
    $res=mysqli_num_rows($query); 
    if($res>0) 
    { 
    $_SESSION["username"] = $username; 
    header('location:browse.php'); 
    } 
    else 
    { 
    echo'You entered username or password is incorrect'; 
    } 
} 
else 
{ 
    echo'Enter both username and password'; 
} 
} 
?> 
</body> 
</html>

來源

2016-06-01 06:35:14 Mani

+0

它顯示一個錯誤「警告:mysqli_num_rows()期望參數1爲mysqli_result,布爾在I:\ twa \ twa137 \ assignment1 \ adminlogin.php中給出的第37行您輸入的用戶名或密碼不正確「 也應該在哪裏開始會話? –

+0

我修改了會話的代碼。檢查數據庫連接,表和字段名稱是否正確。 – Mani

+0

謝謝,現在工作。 –

0

存在節省用戶名和密碼進入數據庫,你可以做到這一點之前。這是安全的表單提交:

$username=$_POST['username']; 
$password=$_POST['password']; 

$username = stripslashes($username);// This prevents accidental sql injection 
$password = stripslashes($password); 
$username = mysqli_real_escape_string($username); 
$password = mysqli_real_escape_string($password); 
$password = md5($password); //Optional but secured as you are hashing the password 
//here add your SQL query to save into database

同樣的方法,你可以使用登錄名和用戶名和密碼註冊。在表單中,您可以刪除值,因爲您將輸入值。我還建議你開始使用PDO,因爲它更安全。

來源

2016-06-01 07:23:28

+0

現在工作,謝謝你們。 –

相關問題

 相關問題