doupao6011 2017-03-11 09:26
浏览 8
已采纳

usercheck的参数化查询

I am new to parameterises queries.please help this in usercheck .I am giving the programe.I want to login to the page using my database by using parameterised queries.please help me.Thanks in advance

<html>

<form name="usercheck" method="post" action="newuser.php">
    username: <input type="text" name="uname"> <br><br>
    password:<input type="password" name="pswd"><br><br>
    <input type="submit" value="Login">
</form>

<?php

session_start();

if (isset($_post['uname'])) {

    $uname = $_post['uname'];
    $pswd = $_post["pswd"];

    $con = mysqli_connect("localhost", "root", "happy123$", "cbanktb");
    $query = "select * FROM banktable where username=? and password=?";
    $stmt = mysqli_prepare($con, $query);
    If ($stmt) {

        mysqli_stmt_bind_param($stmt, "s", $uname, $pswd);
        mysqli_stmt_bind_result($stmt, $dbusername, $dbpassword);
        mysqli_stmt_execute($stmt);
        mysqli_stmt_fetch($stmt);

        #$result=mysqli_query($con,"select * from banktable where acno='$aid'");

        #$row = mysqli_fetch_row($result);

        #echo $row[0]." ".$row[1]." ".$row[2]." ".$row[3]." ".$row[4];
        #$balance=$row[3];
        echo "You are logged in";
    } else {
        echo "You are not $dbusername";
    }
}

?>

</html>
  • 写回答

1条回答 默认 最新

  • duanjiao2978 2017-03-11 10:30
    关注

    Use parameterized mysqli_* prepare statement Or PDO 

        <html>

    <form name="usercheck" method="post" action="newuser.php">
        username: <input type="text" name="uname"> <br><br>
        password:<input type="password" name="pswd"><br><br>
        <input type="submit" value="Login" name="form_submit" >
    </form>

    <?php

    session_start();

    if (isset($_post['form_submit'])) {

         $uname = $_post['uname'];
         $pswd = $_post["pswd"];

         $con = mysqli_connect("localhost", "root", "happy123$", "cbanktb") or die("Connection failed: " . mysqli_connect_error());

         $query = "select * FROM banktable where username=? and password=?";

         $stmt =  $con->prepare($query);
         $stmt->bind_param('ss',$uname,$pswd);

          The argument may be one of four types:

            i - integer
            d - double
            s - string
            b - BLOB
            //change it by respectively 

         $stmt->execute();
         $row_count= $stmt->affected_rows;
         $stmt->close();
         $con->close();

         if($row_count>0)
          {

             echo "successfully logged in";

             //setting session here 
          }
          else
          {
            echo "Login failed";

          }

    }

    ?>

    </html>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂
  • ¥15 wordpress 产品图片 GIF 没法显示
  • ¥15 求三国群英传pl国战时间的修改方法
  • ¥15 matlab代码代写,需写出详细代码,代价私
  • ¥15 ROS系统搭建请教(跨境电商用途)
  • ¥15 AIC3204的示例代码有吗,想用AIC3204测量血氧,找不到相关的代码。