我知道关于这个主题还有很多其他问题,但并不具体,我在使用 mysql 而不是 mysqli 时也有页面工作,我最近用 mysqli 修改了一些网页,因此正在更新以保持一致。我玩过双引号、mysqli_real_escape_string 之类的东西,但 $sql 字符串的输出是 SELECT * FROM user_login WHERE username='' 和 password='' 所以这显然是 $_POST[] 变量的问题。
任何帮助深表感谢。
我发布表格的代码是;
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Page</title>
</head>
<body>
<table width="300" border="0" align="Center" cellpadding="0" cellspacing="1" bgcolor="="#cccccc">
<tr>
<form id="form1" name="form1" method="post" action="../customers/checklogin.php">
<td>
<table width = "100%" border ="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><p><Strong> CUSTOMER LOGIN </strong></p></td>
</tr>
<tr>
<td width = "78">Username</td>
<td widith = "6">:</td>
<td width = "294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"> </td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<form id="form2" name="logo" method="post" action="../customers/logout.php">
<input type="submit" name="logout" value="Logout">
</form>
</body>
</html>
而另一页是;
<?php
ob_start();
session_start();
echo session_id();
$host = "localhost";
$username="username";
$password = "password";
$db_name = "database";
$tbl_name = "user_login";
//Connect to server and select database
//mysql_connect("$host","$username","$password") or die("Cannot connect");
//mysql_select_db("$db_name") or die ("Cannot select Database");
$mysqli = new mysqli($host, $username, $password, $db_name);
/*if(isset($_SESSION["loggedin"]))
{
die("you are already logged in");
}*/ // I had put this in but removed to debug
//username and password sent from the form, I have also tried with double quotes
$myusername = $_POST['myusername'];
$mypassword = $_POST['mypassword'];
//security to stop insertion of slashs
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysqli_real_escape_string($myusername);
$mypassword = mysqli_real_escape_string($mypassword);
$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result = mysqli_query($mysqli, $sql);
// Mysql_num_row is counting table row
$count = mysqli_num_rows($result);
//If result matched $myusername and $mypassword, table row must be 1 row
ob_clean();
if($count==1){
//register $myusername and $mypassword and redirect to the file
$_SESSION["loggedin"]= "YES";
$_SESSION["username"] = $username;
// $_SESSION["Hotel_Chain"] = mysqli_query($mysqli,"SELECT Hotel_Group FROM user_login WHERE username = '".$username."'");
header("Location: login_success.php");
exit();}
// echo "it worked"; }
else {
echo "Wrong Username or Password";
echo $sql;
echo "<br /> Username : ";
echo $myusername;
echo "<br /> Password : ";
echo $mypassword;
}
// ob_flush();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Check Login</title>
</head>
<body>
<?php
if($_SESSION["loggedin"]<>"YES"){echo $count;
echo $sql;
?>
<form id="form5" name="backtomain" method="post" action="../customers/main_login.php">
<input type="Submit" name="backtomain" value="Try again" />
</form>
<?php
}
else{
// print mysqli_query($mysqli,$sql);
}
?>
</body>
</html>