php mysql 不检查用户名和密码的用户表

标签: MySQL PHP HTML
发布时间: 2017/2/17 4:22:23
注意事项: 本文中文内容可能为机器翻译,如要查看英文原文请点击上面连接.

登录页面似乎不像它应该工作。它不会验证的用户名密码的用户表,所以它不会允许日志中的日志。

PHP

 if(isset($_POST['submit']))
 {
     $userName=$_POST['userName'];
     $passWord=$_POST['passWord'];
     $result=mysqli_query($con,"select *from Users where `userName` ='$userName' and `passWord` ='$passWord'");
     if($result)
     {
          //echo "Successfully deleted".$id;
          $count=mysqli_num_rows($result);       
          //echo $count;
     }
     if($count==1)
     {
          $_SESSION['username']=$username;
          $_SESSION['passWord']=$passWord;
          header("location:users.php");
     }
     else
     {      
          header("location:index.php");  
     }
 }
 ?>

HTML

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <link href="index.css" rel="stylesheet" type="text/css" />
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Sign in</title>
</head>
<body>
  <div id="signin">
    [ <a href="signup.php">Sign Up</a> ]
    [ <a href="signin.php">Sign In</a> ]
  </div>
  <div id="clear"></div>
  <div class="navbar">
    <ul>
      <li><a href="concerts.php" target="_self">Concert</a></li>
      <li><a href="restaurants.php" target="_self">Restaurant</a></li>
      <li><a href="sports.php" target="_self">Sports</a></li>
    </ul>
  </div>
  <form name="signin" method="post" action="signin.php" id="form">
    Member Login <br /><br />
    Username<input name="userName" type="text"><Br />
    Password</td><input name="passWord" type="password"><br /><br />
    <input type="submit" name="submit" value="submit">
  </form>
</body>
</html>

此代码得不到 id_cust 的用户表来存储在 $id 它登录页获取正确的用户名

<?php 
$result=mysqli_query($con, "select * from Users where `userName` ='$userName'");
$row = mysqli_fetch_array($result);
$id = $row['id_cust'];

http://pastebin.com/RmBz1yL0

解决方法 1:

尝试更改为下面的代码。

 if($result)
        {
            //echo "Successfully deleted".$id;
            $count=mysqli_num_rows($result);       
            //echo $count;

            if($count==1)
            {
                   $_SESSION['userName']= $userName;
                   $_SESSION['passWord'] = $passWord;
                  header("location:users.php");
           }
           else
           {      
                  header("location:index.php");  
           }

        }
官方微信
官方QQ群
31647020