什么是查询app inventor发送的用户输入的php脚本? 以及创建此登录页面的块是什么?

I have already setup the blocks in App Inventor to submit data, because previously I did and it worked, however when retrieving data it worked too, except when I realized I have fetched all the data in the table and passed it into TinyDB, then from TinyDB, I compare the texts string that matches the user input.

Yes that allowed me to create a login page, but i was comparing data through App Inventor and not from MySQL. So what I did was I tried sending the strings from App Inventor into the php file, then supposedly it will query which will send out user id, username and password, where the username and password will be matched with the $_GET request from App Inventor(user).

Then the final result would be, the queried data would be then sent to App Inventor either as a row of string, and then I can use TinyDB to store the user id, so that on the next page, i can call the id, then query the user data according to my apps needs.

Here's the code

//Details in asterisk to hide.
<?php
define('DB_SERVER', '******');
define('DB_USERNAME', '*******');
define('DB_PASSWORD', '*******');
define('DB_DATABASE', '*******');
$db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);






$query = "SELECT user_id, username, user_password FROM User_Login WHERE                                                        username='$username' AND user_password='$password'",
$username = mysqli_real_escape_string($db,$_GET['username']),
$password = mysqli_real_escape_string($db,$_GET['password']);

// Perform Query
$result = mysqli_query($db,$query);

// Check result
// This shows the actual query sent to MySQL, and the error. Useful for     debugging.
if (!$result) {
$message  = 'Invalid query: ' . mysqli_error($db) . "
";
$message .= 'Whole query: ' . $query;
die($message);
}

// Use result
// Attempting to print $result won't allow access to information in the   resource
// One of the mysql result functions must be used

while ($row = mysqli_fetch_assoc($result)) {
echo $row['$username'];
echo $row['username'];
echo $row['user_password'];
}

// Free the resources associated with the result set
// This is done automatically at the end of the script
mysqli_free_result($result);
?>
dsvtnz6350
dsvtnz6350 可能重复何时使用单引号,双引号和反引号?
大约 4 年之前 回复
dongzhuo1880
dongzhuo1880 首先考虑正确的SELECT语句,然后使用此解决方案使其运行。之后你可以想想LittleBobbyTables......顺便说一下。也参观了游览并阅读了如何提出一个好问题......
大约 4 年之前 回复
dongquepao8653
dongquepao8653 上面发生的地方,$query=(“SELECTuser_id,username,user_passwordFROMUser_LoginWHERE'username'=$_GET[username],'user_password'=($_GET[password]),”);
大约 4 年之前 回复
dongsimang4036
dongsimang4036 查询无效:SQL语法中存在错误;查看与您的MariaDB服务器版本对应的手册,以便在''user_password'=()附近使用正确的语法,在第1行'整个查询:SELECTuser_id,username,user_passwordFROMUser_LoginWHERE'username'=,'user_password'=(),
大约 4 年之前 回复
douzhaochan6468
douzhaochan6468 我其实是php的新手。我不介意sql注入,因为这是我的最后一年项目,只需要让它工作..所以任何想法如何更改代码,以便它可以显示我需要的?感谢:D
大约 4 年之前 回复
duanduo7400
duanduo7400 永远不要存储纯文本密码!请使用PHP的内置函数来处理密码安全性。如果您使用的PHP版本低于5.5,则可以使用password_hash()兼容包。在散列之前,请确保不要转义密码或使用任何其他清理机制。这样做会更改密码并导致不必要的额外编码。
大约 4 年之前 回复
doulizhi1247
doulizhi1247 LittleBobby说你的脚本存在SQL注入攻击的风险。了解MySQLi的预准备语句。即使逃避字符串也不安全!
大约 4 年之前 回复
duanli0687
duanli0687 那段代码是一场灾难。你将sql与php混合,这是不可能的。你不能在一个字符串“里面”运行php代码,更不用说生成有效的sql代码了。而且sql也完全崩溃了
大约 4 年之前 回复

1个回答

here is one of my database php search files. you welcome to take any of it and use what you want. I went in and added some comments to help with some clarity. Everyone is welcome to make it better. I use it as a template when ever i need to make a search.php

<?php

    mysql_connect("localhost", "root", "12450") or die("Error connecting to database: ".mysql_error());
    /*
        localhost - it's location of the mysql server, usually localhost
        root - your username
        third is your password

        if connection fails it will stop loading the page and display an error
    */

    mysql_select_db("myDatabase") or die(mysql_error());
    /* tutorial_search is the name of database we've created */

     ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title>Search Results</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>

<body>

<div data-role="page" id="SearchResultsPage" data-theme="b" data-add-back-btn="true">
    <div data-role="header">
        <h1>Search Results</h1>
    </div>

<?php

    $query = $_GET['query']; 
    // gets value sent over search form

    $min_length = 3;
    // you can set minimum length of the query if you want

    if(strlen($query) >= $min_length){ // if query length is more or equal minimum length then

        $query = htmlspecialchars($query); 
        // changes characters used in html to their equivalents, for example: < to &gt;

        $query = mysql_real_escape_string($query);
        // makes sure nobody uses SQL injection

        $raw_results = mysql_query("SELECT * FROM emplist
            WHERE (`lfname` LIKE '%".$query."%') OR (`id` LIKE '%".$query."%')") or die(mysql_error());

        // * means that it selects all fields, you can also write: `id`, `title`, `text`
        // articles is the name of our table

        // '%$query%' is what we're looking for, % means anything, for example if $query is Hello
        // it will match "hello", "Hello man", "gogohello", if you want exact match use `title`='$query'
        // or if you want to match just full word so "gogohello" is out use '% $query %' ...OR ... '$query %' ... OR ... '% $query'

        if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following

            while($results = mysql_fetch_array($raw_results)){
            // $results = mysql_fetch_array($raw_results) puts data from database into array, while it's valid it does the loop

                echo "<h4><p>".$results['lfname']."</h4>"." ".$results['phonenum']." <br> MCI #".$results['id']." <br> ".$results['state']." ".$results['zip']."</p>";
                // posts results gotten from database
            }

        }
        else{ // if there is no matching rows do following
            echo "No results found";
        }

    }
    else{ // if query length is less than minimum
        echo "ERROR Minimum length is ".$min_length;
    }

?>

</body>

<div data-role="content"></div> 
        <input type="button" name="bIndex" value="Back" onclick="location.href='Index.php'">
<div data-role="footer" data-theme="b">
        <h4>____?____?____?___?____ &copy; 2016</h4>
</div>


</html>
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问