dtcuv8044 2016-06-18 19:27
浏览 40

PHP登录表单mysql和bootstrap样式给出错误

i am working on a simple log in from without any session, here is my PHP code:

<?php

  $mysqli = new mysqli( 'localhost', 'cshrnaf_user2', '=cXlIBsdMkdr', 'cshrnaf_mis_db' );

if (isset($_POST['Username'])) {
        $sql = "SELECT * FROM user WHERE email= '{$mysqli->real_escape_string($_POST['Username'])}'  AND password= '{$mysqli->real_escape_string($_POST['Password'])}'  LIMIT 1";
        $res = mysql_query($sql);
        if (mysql_num_rows($res) == 1) {
            echo "YOu have log in";
            exit();
        } else {
            echo "not log in";
            exit();
        }
}
?>

and my Bootstrap code:

</head>
<body class="gray-bg">
    <div class="middle-box text-center loginscreen animated fadeInDown">
        <div>
            <h3>Welcome</h3>
            <p>Login to your account.</p>
            <form method="post" class="m-t" role="form">
                <div class="form-group">
                    <input type="email" class="form-control" name=Username required="">
                </div>
                <div class="form-group">
                    <input type="password" class="form-control" name=Password required="">
                </div>
                <button type="submit" class="btn btn-primary block full-width m-b">Login</button>
            </form>
        </div>
    </div>
    </body>
</head>

it gives me 3 error:

Warning: mysql_query(): Access denied for user ''@'localhost' (using password: NO) in /home/cc/public_html/MIS_cc/login.php on line 7

Warning: mysql_query(): A link to the server could not be established in /home/cc/public_html/MIS_cc/login.php on line 7

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/cc/public_html/MIS_cc/login.php on line 9 not log in

  • 写回答

1条回答 默认 最新

  • duan198727 2016-06-18 20:15
    关注

    For your coding change it to this:

    <?php

if (isset($_POST['Username'])) {
    $sql = "SELECT * FROM user WHERE email= '{$mysqli->real_escape_string($_POST['Username'])}'  AND password= '{$mysqli->real_escape_string($_POST['Password'])}'  LIMIT 1";
    $res = mysqli_query($mysqli , $sql); // Edited this line
    if (mysqli_num_rows($res) == 1) { //Edited this line
        echo "YOu have log in";
        exit();
    } else {
        echo "not log in";
        exit();
    }
}
?>

    However you really should consider using prepared statements as escaping the string is not enough to protect yourself against sql injection.

    Example of using prepared statements using your code:

    <?php

if(isset($_POST['Username'])) {
    $username = $mysqli->real_escape_string($_POST['Username']);
    $password = $mysqli->real_escape_string($_POST['Password']);

    // Wrapping the prepared statement in an IF so if the sql statement is wrong it will return false and allows for error handling.
    if ($stmt = $mysqli->prepare("SELECT * FROM user WHERE email = ? AND password = ? LIMIT 1")) {

        // Bind the above $username and $password to the prepared query
        $stmt->bind_param('ss', $username, $password);

        // Execute the prepared query.
        $stmt->execute()

        // Store result of prepared statement
        $stmt->store_result();

        if ($stmt->num_rows == 1) { 
            echo "You have logged in.";
            exit();
        } else {
            echo "Log in failed.";
            exit();
        }
        $stmt->close();
    }
}
    评论

报告相同问题?

悬赏问题

  • ¥15 基于卷积神经网络的声纹识别
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 stm32开发clion时遇到的编译问题