【发布时间】:2020-10-29 20:08:04
【问题描述】:
我正在尝试从我的数据库中获取数据,但我无法这样做。有时我没有得到任何结果,或者有时我没有按提交按钮就失败了。请查看此代码。我知道我做错了什么,但由于我是新手并且在学习过程中,所以我无法解决。请看一下我的 html 和 php。尽管与 DB 连接没有错误,但我已经检查了三次它可以正常工作以建立与 db 的连接。这是我的php代码
<?php
if (isset($_POST['login']))
{
include "config.php";
$username=mysqli_real_escape_string ($conn,$_POST['user']);
$password=$_POST['user'];
$sql="SELECT username, password FROM user WHERE username='{$username}' AND password='{$password}'";
$result = mysqli_query($conn,$sql) or die("Query failed");
if (mysqli_num_rows($result)>0)
{
while( $row=mysqli_fetch_assoc($result))
{
echo "Successful";
}
}
else
{
echo 'failed ';
}
}
?>
我的数据库配置成功,config.php中没有错误。
html在这里
<!DOCTYPE html>
<html class="no-js">
<head>
<meta charset="utf-8">
<title>Login | Charity</title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- Fonts -->
<link href='http://fonts.googleapis.com/css?family=Open+Sans:400,300,700' rel='stylesheet' type='text/css'>
<link href='http://fonts.googleapis.com/css?family=Dosis:400,700' rel='stylesheet' type='text/css'>
<!-- Bootsrap -->
<link rel="stylesheet" href="assets/css/bootstrap.min.css">
<!-- Font awesome -->
<link rel="stylesheet" href="assets/css/font-awesome.min.css">
<!-- Template main Css -->
<link rel="stylesheet" href="assets/css/style.css">
<!-- Custom Style -->
<link rel="stylesheet" href="assets/css/login-style.css">
<!-- Modernizr -->
<script src="assets/js/modernizr-2.6.2.min.js"></script>
</head>
<body>
<!-- NAVBAR
================================================== -->
<header class="main-header">
<nav class="navbar navbar-static-top">
<div class="navbar-top">
<div class="container">
<div class="row">
<div class="col-sm-6 col-xs-12">
<ul class="list-unstyled list-inline header-contact">
<li> <i class="fa fa-phone"></i> <a href="tel:">+123 456 789 </a> </li>
<li> <i class="fa fa-envelope"></i> <a href="mailto:contact@sadaka.org">contact@test.org</a> </li>
</ul> <!-- /.header-contact -->
</div>
<div class="col-sm-6 col-xs-12 text-right">
<ul class="list-unstyled list-inline header-social">
<li> <a href="#" target="_blank"> <i class="fa fa-facebook"></i> </a> </li>
<li> <a href="#" target="_blank"> <i class="fa fa-twitter"></i> </a> </li>
<li> <a href="#" target="_blank"> <i class="fa fa-google"></i> </a> </li>
<li> <a href="#" target="_blank"> <i class="fa fa-youtube"></i> </a> </li>
<li> <a href="#" target="_blank"> <i class="fa fa fa-pinterest-p"></i> </a> </li>
</ul> <!-- /.header-social -->
</div>
</div>
</div>
</div>
<div class="navbar-main">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="index.html"><img src="assets/images/sadaka-logo.png" alt=""></a>
</div>
<div id="navbar" class="navbar-collapse collapse pull-right">
<ul class="nav navbar-nav">
<li><a href="index.html">HOME</a></li>
<li><a href="about.html">ABOUT</a></li>
<li class="has-child"><a href="#">CAUSES</a>
<ul class="submenu">
<li class="submenu-item"><a href="causes.html">Causes list </a></li>
<li class="submenu-item"><a href="causes-single.html">Single cause </a></li>
<li class="submenu-item"><a href="causes-single.html">Single cause </a></li>
<li class="submenu-item"><a href="causes-single.html">Single cause </a></li>
</ul>
</li>
<li><a href="gallery.html">GALLERY</a></li>
<li><a href="contact.html">CONTACT</a></li>
<li><a class="is-active" href="login.html">LOGIN</a></li>
</ul>
</div> <!-- /#navbar -->
</div> <!-- /.container -->
</div> <!-- /.navbar-main -->
</nav>
</header> <!-- /. main-header -->
<div class="main-container">
<div class="login-content">
<!-----start-main---->
<div class="login-form">
<div class="head">
<img src="./assets/images/gallery/thumb/employee-avatar.png" alt="Employee Avatar"/>
</div>
<div class="login-header">
<p><span class="welcome-label">WELCOME </span><br>
<span class="description"> Logon to system for best experience</span></p>
</div>
<form class="input-form">
<li>
<input type="text" name="user" class="text" placeholder="Email" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'Email';}" ><a href="#" class=" icon user"></a>
</li>
<li>
<input type="password" name="" placeholder="Password" onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'Password';}"><a href="#" class=" icon lock"></a>
</li>
<div class="forgot-password-label">
<a href="/">Forgot Password?</a>
</div>
<div class="p-container">
<input type="submit" name="login" value="LOG IN" >
<div class="clear"> </div>
</div>
<div class="new-account-container">
<p><span class="no-account-label">Doesn't have account? </span><span class="create-account-label"><a href="/">Create One</a></span></p>
</div>
</form>
</div>
<!--//End-login-form-->
</div>
</div>
<footer class="main-footer">
<div class="footer-top">
</div>
<div class="footer-main">
<div class="container">
<div class="row">
<div class="col-md-4">
<div class="footer-col">
<h4 class="footer-title">About us <span class="title-under"></span></h4>
<div class="footer-content">
<p>
<strong>Sadaka</strong> ipsum dolor sit amet, consectetur adipiscing elit. Ut at eros rutrum turpis viverra elementum semper quis ex. Donec lorem nulla, aliquam quis neque vel, maximus lacinia urna.
</p>
<p>
ILorem ipsum dolor sit amet, consectetur adipiscing elit. Ut at eros rutrum turpis viverra elementum semper quis ex. Donec lorem nulla, aliquam quis neque vel, maximus lacinia urna.
</p>
</div>
</div>
</div>
<div class="col-md-4">
<div class="footer-col">
<h4 class="footer-title">LAST TWEETS <span class="title-under"></span></h4>
<div class="footer-content">
<ul class="tweets list-unstyled">
<li class="tweet">
20 Surprise Eggs, Kinder Surprise Cars 2 Thomas Spongebob Disney Pixar
</li>
<li class="tweet">
20 Surprise Eggs, Kinder Surprise Cars 2 Thomas Spongebob Disney Pixar
</li>
<li class="tweet">
20 Surprise Eggs, Kinder Surprise Cars 2 Thomas Spongebob Disney Pixar
</li>
</ul>
</div>
</div>
</div>
<div class="col-md-4">
<div class="footer-col">
<h4 class="footer-title">Contact us <span class="title-under"></span></h4>
<div class="footer-content">
<div class="footer-form" >
<form action="php/mail.php" class="ajax-form">
<div class="form-group">
<input type="text" name="name" class="form-control" placeholder="Name" required>
</div>
<div class="form-group">
<input type="email" name="email" class="form-control" placeholder="E-mail" required>
</div>
<div class="form-group">
<textarea name="message" class="form-control" placeholder="Message" required></textarea>
</div>
<div class="form-group alerts">
<div class="alert alert-success" role="alert">
</div>
<div class="alert alert-danger" role="alert">
</div>
</div>
<div class="form-group">
<button type="submit" class="btn btn-submit pull-right">Send message</button>
</div>
</form>
</div>
</div>
</div>
</div>
<div class="clearfix"></div>
</div>
</div>
</div>
<div class="footer-bottom">
<div class="container text-right">
Sadaka @ copyrights 2015 - by <a href="http://www.ouarmedia.com">Ouarmedia</a>
</div>
</div>
</footer>
<!-- jQuery -->
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<script>window.jQuery || document.write('<script src="assets/js/jquery-1.11.1.min.js"><\/script>')</script>
<!-- Bootsrap javascript file -->
<script src="assets/js/bootstrap.min.js"></script>
<!-- Template main javascript -->
<script src="assets/js/main.js"></script>
<!-- Google Analytics: change UA-XXXXX-X to be your site's ID. -->
<script>
(function(b,o,i,l,e,r){b.GoogleAnalyticsObject=l;b[l]||(b[l]=
function(){(b[l].q=b[l].q||[]).push(arguments)});b[l].l=+new Date;
e=o.createElement(i);r=o.getElementsByTagName(i)[0];
e.src='//www.google-analytics.com/analytics.js';
r.parentNode.insertBefore(e,r)}(window,document,'script','ga'));
ga('create','UA-XXXXX-X');ga('send','pageview');
</script>
</body>
</html>
【问题讨论】:
-
警告:当使用
mysqli时,您应该使用parameterized queries 和bind_param将用户数据添加到您的查询中。 请勿使用手动转义和字符串插值或连接来完成此操作,因为您总是会创建严重的SQL injection bugs。意外未转义的数据是一个严重的风险。使用绑定参数不那么冗长,并且更容易检查以检查您是否正确执行。你在这里错过了一个。 -
警告:编写访问控制层并不容易,而且有很多机会严重错误。任何现代的development framework 像Laravel 都带有一个内置的authentication system,并且您可以使用authentication libraries。至少遵循 recommended security best practices 并且永远不要将密码存储为纯文本 或 SHA1 或 MD5 等弱哈希。
-
注意:object-oriented interface to
mysqli明显不那么冗长,使代码更易于阅读和审核,并且不容易与过时的mysql_query接口混淆,因为缺少单个i会导致麻烦。示例:$db = new mysqli(…)和$db->prepare("…")过程接口是 PHP 4 时代的产物,不应在新代码中使用。此外,程序界面的错误检查和报告不那么严格,使调试工作受挫。 -
这是生产代码还是纯学术目的?
-
$password=$_POST['user']; 应该是 $password=$_POST['pass'];
标签: php html mysql authentication