当我使用正确的信息登录我的网站时,我正在尝试打开我的“ index.php”文件,但我不断收到错误消息。
这是我的代码:
<?php
session_start();
include 'dbase.php';
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$sql = "SELECT * FROM user WHERE uid = '$uid' AND pwd = '$pwd'";
$result = $conn->query($sql);
if (!$row = mysqli_fetch_assoc($result))
{
echo "Your username or password is incorrect!";
}
else
{
echo fgets($index);
}
您还应该考虑使用准备好的语句和PDO。准备好的语句将有助于防止SQL注入您的dbase.php就像
try {
$db = new PDO('mysql:host=localhost;dbname=yourDBName', 'username', 'password');
} catch (PDOException $e) {
echo $e->getMessage();
}
然后你的实现
include 'dbase.php';
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$sql = "SELECT * FROM `user` WHERE `uid` = :uid AND `pwd` = :pwd";
$statement = $db->prepare($sql);
$userData = [
'uid'=>$uid,
'pwd'=>$pwd
];
$statement->execute($userData);
if($statement->rowCount() > 0){
header('Location: index.php');
exit();
}else{
echo "Your username or password is wrong!";
}
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句