我试图使用MySql登录webPage,但是,由于某种原因,我无法从数据库中查询
I keep getting the error "failure"
这是我的代码php:
<?PHP
include_once("connection.php");
if (isset($_POST['txtUsername']) && isset($_POST['txtPassword'])) {
$username = $_POST['txtUsername'];
$password = $_POST['txtPassword'];
$query = "SELECT username, password FROM tbl_client ".
" WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($conn, $query);
if ($result->num_rows > 0) {
echo "success";
}
echo "failure ";
}
?>
HTML代码是:
<html>
<head>
<title>Login</title>
</head>
<body>
<h1>Login Example <a <br />
<form action="<?PHP $_PHP_SELF ?>" method="post">
Username <input type="text" name="txtUsername" value="" /><br />
Password <input type="password" name="txtPassword" value="" /><br />
<input type="submit" name="btnSubmit" value="Login" />
</form>
</body>
</html>
我的值是:用户名:测试和密码:测试
但继续得到这个错误:HTML
如果你确定你的$username和$password存在于数据库中,那么在你弄清楚用户提供了错误的凭据之后你可能想要return。像这样的东西:
$result = mysqli_query($conn, $query);
if ($result->num_rows == 0) {
echo "failure";
return;
}
echo "success";
/**
* keep doing stuff for logged user
*/
切勿以纯文本形式存储密码,并使用占位符和转义以将用户数据发送到数据库。 Google SQL注入并查看real_escape_string