我不知道为什么这允许自由输入任何密码和用户名组合,我已经尽我所能,但无济于事。最轻微的帮助将不胜感激。这里的 php 应该直接输出到它下面的表单中。
<?php
if (isset($_POST['name'])) {
$username = $_POST['name'];
$apassword = $_POST['password'];
$host = "127.0.0.1";
$user = "root";
$password = "";
$database = "test_site";
$table = "admin";
$link = mysqli_connect($host, $user, $password, $database);
if (!$link) {
echo "Error: Unable to connect to MySQL.";
exit;
}
$query = "SELECT first_name, last_name, password FROM $table WHERE username='$username' AND password='$apassword'";
$result = mysqli_query($link, $query);
if (mysqli_num_rows($result)==1) {
$row = mysqli_fetch_assoc($result);
$first_name = $row['first_name'];
$last_name = $row['last_name'];
}
mysqli_close($link);
echo "Hello, " . $_POST['name'] . ".";
} else {
$error = "Your Login Name or Password is invalid";
?>
<form name="login" method="POST" action="index.php">
<table align="center">
<tr>
<td><font size="2">Username:</font></td>
<td><input size="11" type="username" name="name" placeholder="Username" required></td>
</tr>
<tr>
<td><font size="2">Password:</font></td>
<td><input size="11" type="password" name="password" placeholder="Password" required></td>
</tr>
<tr>
<td><input type="submit" value="Login"></td>
</tr>
</table>
</form>
<?php
}
?>
如果您看到所有无效密码的成功消息,则一定是您编写的逻辑有问题。请参阅以下代码:
if (mysqli_num_rows($result)==1){
//assume only one record found matching the username password pair
$row = mysqli_fetch_assoc($result);
$first_name = $row['first_name'];
$last_name = $row['last_name'];
echo "Hello, " . $_POST['name'] . ".";
}else{
$error = "Your Login Name or Password is invalid";
}
mysqli_close($link);
您缺少检查本身。您只需查询,然后显示 Hello 消息,因此这是一种非常简单的指导方法:
if(!$result){
echo "Incorrect username or password";
}
else{
echo "Hello, " . $_POST['name'] . ".";
}
变量$result
,只要没有结果就会返回false,所以基本上如果它找到您在查询中传递的凭据,它将打印"Hello",如果没有,则打印"不正确的用户名或密码"。
我还建议您查看以下内容:如何防止PHP中的SQL注入?以及MySQLi扩展函数摘要以及更复杂的处理。
我希望这对你有所帮助:)