logo标签列表

使用php、mysql和html创建登录表单

phpmysql
5
我希望创建一个可用的登录表单。以下是我所做的,但显示无法选择数据库。
编辑了login.php文件。
<?php
    error_reporting(E_ALL);
    //Connection Variables:
    $dbhost = "localhost";
    $dbname = "";
    $dbuser = "";
    $dbpass = "";
try{
    //Connection to SQL:
        $conn = new PDO("mysql:host=$dbhost; dbname=$dbname", $dbuser, $dbpass);
    //Error messagin enabled:
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    }
    catch (PDOException $e)
    {
        echo $e->getMessage();
    }


    $user = '';
    $pass = '';
    $sum = 0;
    $error_msg = "Please type a username and a password";
    if(isset($_POST['login']))
    {
        //Start a session:
        session_start();

        $user = $_POST['email'];
        $pass = $_POST['password'];
        if(empty($user) && empty($pass))
        {
            echo $error_msg;
            $pass = '';
        }
        if(empty($user) || empty($pass))
        {
            echo $error_msg;
            $user = '';
            $pass = '';
        }
        if(!empty($user) && !empty($pass))
        {
            //SQL:
            $query = $conn->prepare("SELECT * FROM login WHERE user = :u AND password= :p LIMIT 1");
            $query->bindParam(":u", $user);
            $query->bindParam(":p", $pass);
            //Execute query:
            $query->execute();
            $number_rows = $query->fetch(PDO::FETCH_NUM);
            if($number_rows>0)
            {
                echo $user;
                $_SESSION['usern'] = $user;
                $_SESSION['passw'] = $pass;
                header("Location: ./pages/home.php");
            }
            //echo $user;
            else
            {
                echo "Invalid username or password";
                header("Location: index.html");
            }
        }
    }
    if(!isset($_POST['login']))
    {
        echo "Login button not clicked";
    }
?>

我阅读了越来越多关于这个问题的文章,但仍然找不到解决方案。

编辑后的HTML

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
    <meta name="description" content="">
    <meta name="author" content="">
    <link rel="icon" href="../../favicon.ico">

    <title>Signin for OTMS</title>

    <!-- Bootstrap core CSS -->
    <link href="css/bootstrap.min.css" rel="stylesheet">

    <!-- Custom styles for this template -->
    <link href="signin.css" rel="stylesheet">

    <!-- Just for debugging purposes. Don't actually copy these 2 lines! -->
    <!--[if lt IE 9]><script src="../../assets/js/ie8-responsive-file-warning.js"></script><![endif]-->
    <script src="js/ie-emulation-modes-warning.js"></script>

    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
    <!--[if lt IE 9]>
      <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
      <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
  </head>

  <body>

    <div class="container">

      <form action="login.php" method="post" class="form-signin">
        <h2 class="form-signin-heading">Please sign in</h2>
        <label for="inputEmail" class="sr-only">Email address</label>
        <input type="email" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus>
        <label for="inputPassword" class="sr-only">Password</label>
        <input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required>
        <div class="checkbox">
          <label>
            <input type="checkbox" value="remember-me"> Remember me
          </label>
        </div>
        <button class="btn btn-lg btn-primary btn-block" type="submit" name="login">Sign in</button>
      </form>

    </div> <!-- /container -->


    <!-- IE10 viewport hack for Surface/desktop Windows 8 bug -->
    <script src="assets/js/ie10-viewport-bug-workaround.js"></script>
  </body>
</html>

请帮我找出错误。我使用phpMyAdmin创建了我的数据库,并且它在本地主机上。我使用Bootstrap设计了接口。
这是我现在得到的错误:

enter image description here

database name- otmsdb
table name- login
email, passowrd, 
button name- login
2个回答
9
你的代码容易受到 SQL 注入攻击。请开始使用 MySQLi 或 PDO。这是一个适用于登录的 PDO 代码,应该可以很好地为你工作:

使用这段代码,并将变量改为你自己的**

<?php
session_start();
if(isset($_POST['login'])){
    $errmsg_arr = array();
    // configuration
    $dbhost     = "localhost";
    $dbname     = "your database name";
    $dbuser     = "your username";
    $dbpass     = "your password";
     
    // database connection
    $conn = new PDO("mysql:host=$dbhost;dbname=$dbname;charset=utf8mb4",$dbuser,$dbpass);
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    // new data
     
    $user = $_POST['username'];
    $password = $_POST['password'];
     
    if($user == '') {
        $errmsg_arr[] = 'You must enter your Username';
    }
    if($password == '') {
        $errmsg_arr[] = 'You must enter your Password';
    }
     
    // query
    if (!$errmsg_arr) {
        $result = $conn->prepare("SELECT * FROM login WHERE username= :user");
        $result->execute(['user' => $username]);
        $row = $result->fetch(PDO::FETCH_NUM);
        if($row && password_verify($_POST['password'], $row['password']) {
            $_SESSION['user'] = $row;
            header("location: ./pages/home.php");
            exit;
        }
        else{
            $errmsg_arr[] = 'Username and Password are not found';
        }
    }
}
?>

HTML表单:

<body>
<?php foreach($errmsg_arr as $msg): ?>
    <?=htmlspecialchars($msg, ENT_QUOTES) ?><br>
<?php endforeach ?>
<form action="" method="post" name="login">
<input type="text" name="username" placeholder="Username" value="<?=htmlspecialchars($user, ENT_QUOTES)?>" />
<input type="password" name="password" placeholder="password"  value="<?=htmlspecialchars($password, ENT_QUOTES)?>"/>
<input type="submit" name="login_submit" value="login"/>
</form>
</body>
无论是用户名、电子邮件还是其他任何内容,只需查看您的输入名称并在第23行更改它即可。请将HTML表单代码添加到您的问题中。 - alim1990
致命错误:在C:\xampp\htdocs\OTMS\login.php的第42行抛出未捕获的异常'PDOException',消息为'SQLSTATE [3D000]:无效的目录名称:1046未选择数据库'。堆栈跟踪:# 0 C:\xampp\htdocs\OTMS\login.php(42):PDOStatement-> execute()# 1 {main}抛出C:\xampp\htdocs\OTMS\login.php的第42行现在我遇到了这个错误 - dilk
将此代码放入 try{} catch 中,像这样:请查看我的编辑。 - alim1990
致命错误:在C:\xampp\htdocs\OTMS\login.php的第13行抛出未捕获的异常'PDOException',消息为'SQLSTATE [HY000] [1045]拒绝访问用户'email' @ 'localhost'(使用密码:YES)'。堆栈跟踪:#0 C:\xampp\htdocs\OTMS\login.php(13):PDO->__construct('mysql:host = loca ...','email','password')#1 {main}抛出C:\xampp\htdocs\OTMS\login.php的第13行。 - dilk
你的问题与主机用户有关,请尝试查看该用户是否存在,或者至少尝试使用 host="localhost" 并告诉我们结果。 - alim1990
显示剩余19条评论
-1

建议:

  1. 使用mysql_error()来确定错误的原因:

    mysql_select_db("$db_name") or die("无法选择数据库: " . mysql_error());

  2. 停止使用已弃用的函数" mysql_connect()","mysql_query()"等。最好使用mysqli代替。

  3. 使用预处理语句而不是直接从POST参数构建您的"select"。

你的回答太复杂了。我只是一个初学者。现在我才开始使用PHP和MySQL。你能更简单地描述一下吗? - dilk
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接