我刚刚将register.php连接到mysql数据库。我试着连接我的login.php,但我不能。
这是我连接的register.php
$connect = mysqli_connect("mysql13.000webhost.com","a2955851_SW","********");
if(isset($_POST['submit']))
{
$username = mysqli_real_escape_string($connect, $_POST['username']);
$pass = mysqli_real_escape_string($connect, $_POST['pass']);
$pass1 = mysqli_real_escape_string($connect, $_POST['pass1']);
$email = mysqli_real_escape_string($connect, $_POST['email']);
if($username && $pass && $pass1 && $email)
{
if($pass==$pass1)
{
mysqli_select_db($connect, "a2955851_SW");
$query = mysqli_query($connect, "INSERT INTO users VALUES('$username','$pass','$email');");
echo "You have been registered.";
}
else
{
echo "Password must match.";
}
}
else
{
echo "All fields are required.";
}
}
这是login.php,我试着连接它,但是。。。
<?php
$connect = mysqli_connect("mysql13.000webhost.com","a2955851_SW","********");
session_start();
if(isset($_POST['login']))
{
$username = mysqli_real_escape_string($connect, $_POST['username']);
$password = mysqli_real_escape_string($connect, $_POST['password']);
if($username && $password)
{
mysqli_select_db($connect, "a2955851_SW");
$login = mysql_query("SELECT * FROM users WHERE username = '$username'");
while($log=mysqli_fetch_assoc($login))
{
$dbusername = $log['username'];
$dbpassword = $log['password'];
}
if($username==$dbusername && $password==$dbpassword)
{
$_SESSION['username'] = $dbusername;
$_SESSION['password'] = $dbpassword;
header("location:members.php");
}
else
{
header("location:index.php?notify=Incorrect Username or Password.");
}
}
else
{
header("location:index.php?notify=ALL field are required.");
}
}
?>
我试着连接login.php,类似地我不知道
您已经混合了mysql
&CCD_ 2。只使用一个。更改
$login = mysql_query("SELECT * FROM users WHERE username = '$username'");
至
$login = mysqli_query($connect, "SELECT * FROM users WHERE username = '$username'");
我真的不确定,但尝试更改以下行:
$password = mysqli_real_escape_string($connect, $_POST['password']);
至
$password = $_POST['password'];
这是因为在脚本的后面部分,您将检查
if($username==$dbusername && $password==$dbpassword)
如果$password被转义,$dbpassword将不会被转义,并且相同的密码可能会导致错误的比较。
假设实际密码为12"3
,如果转义了$password
,则$password
将为12"3
,$dbpassword
将为12"3
。
最好的方法是创建一个连接文件,并将其包含在要连接到数据库的所有php文件中。因此,您不需要在连接字符串下方检查每个页面并运行查询,以确保其正常工作
$query = mysqli_query($connect, "INSERT INTO users VALUES('$username','$pass','$email');");
echo "You have been registered.";
}