douvcpx6526 2014-10-20 20:42
浏览 31
已采纳

检查数据库中的数据并失败[关闭]

I submit my form and it should find the value of FirstName and LastName in my MySQL database and send me to a success page. Instead I'm being sent to the fail page. I cannot see what is wrong with it.

here is my html form "login_1.php":

<form name="loginForm" action="loginCheck.php" method="post">      
<input type="text" name="firstname_field_name" id="firstname_field_ID" value="First Name" />  
<input type="text" name="lastname_field_name" id="lastname_field_ID" value="Last Name" /> 
<input type="submit" name="Submit" value="Submit" />
</form>

here is the php:

<?php
    session_start();
    $_SESSION['firstname_session'] = $_POST['firstname_field_name'];
    $_SESSION['lastname_session'] = $_POST['lastname_field_name'];

    require("config_php.php");
    $con = mysqli_connect(DBHOST, DBUSER, DBPASS, DBNAME) or die('Could not connect to database server.');

    $myfirstname=$_POST[firstname_field_name]; 
    $mylastname=$_POST[lastname_field_name];

    $result = mysqli_query($con,"SELECT * FROM test WHERE FirstName='$myfirstname' AND LastName=$mylastname");
    $count=mysqli_num_rows($result);

    if($count>0){
    //success         
        header('Location: loggedin.php');
        exit();
    }
    else{
    //fail
        header('Location: login_1.php');
        exit();
    }
?>
  • 写回答

1条回答 默认 最新

  • douhui3330 2014-10-20 20:50
    关注

    Change this part to:

     $myfirstname=$_POST['firstname_field_name']; 
 $mylastname=$_POST['lastname_field_name'];

//make it a little secure
$myfirstname = mysqli_real_escape_string($con, $myfirstname);
$mylastname = mysqli_real_escape_string($con, $mylastname);

 $result = mysqli_query($con,"SELECT * FROM test WHERE FirstName='$myfirstname' AND LastName='$mylastname'");
 $count=mysqli_num_rows($result);
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 使用C#,asp.net读取Excel文件并保存到Oracle数据库
  • ¥15 C# datagridview 单元格显示进度及值
  • ¥15 thinkphp6配合social login单点登录问题
  • ¥15 HFSS 中的 H 场图与 MATLAB 中绘制的 B1 场 部分对应不上
  • ¥15 如何在scanpy上做差异基因和通路富集?
  • ¥20 关于#硬件工程#的问题,请各位专家解答!
  • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
  • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
  • ¥30 截图中的mathematics程序转换成matlab
  • ¥15 动力学代码报错,维度不匹配