我有 html 和 php 的问题,所以我创建了登录页面和所有登录功能,但我想将用户名放在标题中(像 facebook)并且有问题。添加 php 代码时用户名被隐藏。一切都很完美,这是我的 HTML 代码。pocetna.html<?phpsession_start();?><html><head> <title> weekta RolePlay | Pocetna </title> <link rel="stylesheet" href="style/styless.css"> <link href="https://fonts.googleapis.com/css2?family=Jost&display=swap" rel="stylesheet"></head><body><header> <a class="logo" href="/" style="text-decoration: none;color: #1260a8;font-size: 30px;font-family: 'Jost', sans-serif;"><p>weekta</p></a> <nav> <ul class="nav__links"> <li><a href="#">Services</a></li> <li><a href="#">Projects</a></li> <li><a href="#">About</a></li> <li><a href="#"><span><?php echo( $_SESSION['korisnickoime'] );?></span></a></li> </ul> </nav> <a class="cta" href="index.html">Login</a> <p class="menu cta">Menu</p> </header> <div id="mobile__menu" class="overlay"> <a class="close">×</a> <div class="overlay__content"> <a href="#">Services</a> <a href="#">Projects</a> <a href="#">About</a> </div> </div> <script type="text/javascript" src="mobile.js"></script></body></html>这是 login_process.php<?php$mysql_host="localhost";$mysql_user="root";$mysql_password="";$mysql_db="weekta";$conn = mysqli_connect($mysql_host,$mysql_user,$mysql_password);mysqli_select_db($conn, 'weekta');session_start();if(isset($_POST['korisnickoime'])){ $username=$_POST['korisnickoime']; $password=$_POST['sifrajedan']; $sql="SELECT * FROM loginform where korisnickoime='".$username."'AND sifrajedan='".$password."' limit 1"; $result = mysqli_query($conn,$sql);有人可以帮我吗?谢谢。
2 回答
翻过高山走不出你
TA贡献1875条经验 获得超3个赞
在数据库中找到您的用户后,您没有设置 $_SESSION['username'] 。
我不是 PHP 专家,但我认为您需要执行类似 $_SESSION['username'] = 'xyz' 的操作。除此之外,您的选择查询很容易受到 sql 注入的影响。
MMTTMM
TA贡献1869条经验 获得超4个赞
在你的脚本中有一个错误
$sql="SELECT * FROM loginform where korisnickoime='".$username."'AND sifrajedan='".$password."' limit 1";
在用户名附近的查询中,和where korisnickoime='".$username."'AND sifrajedan='".$password."'之间没有空格 。$usernameAND
附加用户名和密码后此查询的最终结果将类似于
SELECT * FROM loginform where korisnickoime='user1'AND sifrajedan='xyz' limit 1";
此查询将中断,因此请在两者之间添加一点空格,用此替换您的查询字符串。
$sql="SELECT * FROM loginform where korisnickoime='".$username."' AND sifrajedan='".$password."' limit 1";
你的 PHP 脚本可能是这样的
索引.php
<form method="post" name="login">
<label for="username">Username:</label><br>
<input type="text" name="username"><br>
<label for="password">Password:</label><br>
<input type="password" name="password"><br>
<button type="submit" name="login">Log in</button>
</form>
<?php
session_start();
if(isset($_POST['username']) and isset($_POST['password']))
{
$username = $_POST['username'];
$pass = $_POST['password'];
$query = "SELECT * FROM `person` WHERE name='$username' and pass='$pass'";
$result = mysql_query($query) or die(mysql_error());
$count = mysql_num_rows($result);
if ($count == 1){
$_SESSION['username'] = $username;
header('Location: homepage.php');
}
else
{
$msg = "Wrong credentials";
}
}
if(isset($msg) & !empty($msg)){
echo $msg;
}
?>
然后在 homepage.php
<nav>
<ul class="nav__links">
<li><a href="#">Services</a></li>
<li><a href="#">Projects</a></li>
<li><a href="#">About</a></li>
<li><a href="#">
<span>
<?php
session_start();
if(!isset($_SESSION['username']))
{
die("You are not logged in!");
}
$username = $_SESSION['username'];
echo "Hai " . $username;
?>
</span></a></li>
</ul>
</nav>
PS:为了使您的查询安全使用这样的参数化查询
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$stmt = $conn->prepare(SELECT * FROM loginform where korisnickoime='?' AND sifrajedan='?' limit 1");
$stmt->bind_param("ss", $username, $password);
// set parameters and execute
$username = "John";
$password = "Doe";
$result = $stmt->execute();
?>
- 2 回答
- 0 关注
- 159 浏览
添加回答
举报
0/150
提交
取消