-1 php
警告:mysqli_num_rows()期望参数1为mysqli_result,boolean给定iam无法登录,并且上面给出的错误被通知.建议更正.谢谢你.警告:mysqli_num_rows()期望参数1为mysqli_result,boolean给定iam无法登录,并且上面给出的错误被通知.建议更正.谢谢你.
<html>
<head>
<title>Login page</title>
</head>
<style type='text/css'>
body{
background:url('Login.jpg');
}
</style>
<body>
<form method ='post' action='login.php'>
<table width='400' border='5' align='center'>
<tr>
<td colspan='5' align='center'><h1><font color="MediumBlue">Login form</h1></font>
</td>
</tr>
<tr>
<td><font color='DarkOrange'>email</font>
</td>
<td><input type='text' name='email'/></td>
</tr>
<tr>
<td><font color='DarkOrange'>Password</font></td>
<td><input type='password' name='pass'/></td>
</tr>
<tr>
<td colspan='5' align='center'><input type='submit' name='login' value='login'/> </td>
</tr>
</form>
<font color="LightSalmon"><h2><p style="position: fixed; bottom: 50%; width:100%; text-align: center"> Not registered yet?<a href='registration.php'>Sign up here</a>
</p><h2></font>
</body>
</html>
<?php
$connection=mysqli_connect("localhost","root","","user_db");
if(isset($_POST['login'])){
$user_Email=$_POST['email'];
$user_password=$_POST['pass'];
if($user_Email==''){
echo "<script>alert('please enter your email')</script>";
exit();
}
if($user_password==''){
echo "<script>alert('please enter your password')</script>";
exit();
}
$check_user="select * from users where user_email =='$user_Email' AND user_password =='$user_password'";
$result= mysqli_query($connection,$check_user);
$count=mysqli_num_rows($result);
if ($count==1)
{
echo"<script>window.open('welcome.php','_blank')</script>";
}
else{
echo"<script>alert('username or password is incorrect')</script>";
}
}
?>
更改都==在user_email =='$user_Email' AND user_password =='$user_password'单打=
user_email ='$user_Email' AND user_password ='$user_password'
关于密码存储.你似乎使用纯文本; 别.如果你在这个LIVE去规划,它只是一个你遭受过黑客攻击之前时间的问题,真的.
使用CRYPT_BLOWFISH或PHP 5.5的password_hash()功能.对于PHP <5.5使用password_hash() compatibility pack.
就目前而言,您现在的代码对SQL注入是开放的.
| 归档时间: |
|
| 查看次数: |
516 次 |
| 最近记录: |