我正在使用PHP/HTML和MySQL进行测试登录检查。我成功了很棒;它成功地连接到数据库,它可以获取我的数据库值并将其保存在变量中,等等,但我遇到了一个小问题。
我使用两个PHP页面来进行检查。仅包含论坛的login.php
页面和进行数据库连接的welcome.php
页面。当我运行一个测试页面,让它回显数据库信息时,它会打印出来(testUser,testEmail@email.com,testPassword,1/1/1900)。因此,当我尝试运行登录验证检查时,它只显示"未知用户!"两次,甚至当我尝试用户名"usr"、"testUser"one_answers"testUser2"时(我制作了两个表,第二个表是相同的,末尾添加了2个)。这是我的密码。
<html>
<head>
<?php
$title = ucfirst(basename($_SERVER['PHP_SELF'], ".php"));
echo "<title>$title</title>";
?>
</head>
<body>
<form name="form" accept-charset="utf-8" action="welcome.php" method="post">
<span class="header">Username</span><input type="text" name="usr" value="usr"></input><br>
<span class="header">Password</span><input type="text" name="pass" value="pass"></input>
<input type="submit">
</form>
</body>
</html>
<?php
$servername = removed;
$username = removed;
$password = removed;
$dbname = removed;
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT ID, USER, PASSWORD FROM usrdatabase";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
// the given info from the form
$usrUser = $_POST["usr"];
$usrPass = $_POST["pass"];
// convert the findings to uppercase to get rid of sensitivity
if (strtoupper($usrUsr) == strtoupper($row["USER"]) && strtoupper($usrPass) == strtoupper($row["PASSWORD"])) {
echo "Welcome $usrUser!<br>Your login was successful! ?>";
}
elseif (strtoupper($usrUsr) == strtoupper($row["USER"]) && strtoupper($usrPass) != strtoupper($row["PASSWORD"])) {
echo "Login failed as $usrUser!";
}
else {
echo "Unknown user!";
}
}
} else {
echo "0 results";
}
$conn->close();
?>
这总是产生一个"未知用户!"我的支票有问题吗?我希望它通过数据库中的每个用户来检查每个现有用户的信息。
更改
strtoupper($usrUsr) == strtoupper($row["USER"])
至
strtoupper($usrUser) == strtoupper($row["USER"])
使用用户名从数据库中获取单个用户,因为每个用户都是唯一的。
$sql = "SELECT ID, USER, PASSWORD FROM usrdatabase WHERE USER = '" . mysqli_real_escape_string($_POST['usr']) . "' AND PASSWORD = '" . mysqli_real_escape_string($_POST['pass']) . "'";
嘿,我看到你的if else包含$usrUsr
,它不应该是$usrUser
吗?(忘记了e)