猿问

包含不包括html文件

我正在建立一个与数据库链接的登录系统,我想在从数据库中检查数据后显示一个html文件。因此,我使用了(include方法),它向我显示了控制台中不在Web上的html文件。页。


我已经尝试使用(require方法)并将其更改为php文件,并且仍在执行相同操作。


<?php

$dbsevername = "127.0.0.1";

$dbusername = "root";

$dbpassword = "**************";

$dbname = "loginsystem";

$dbport = '3306';


$username = $_POST['username'];

$password = $_POST['password'];


$_SESSION["favcolor"] = "green";


$conn = mysqli_connect($dbsevername, $dbusername, $dbpassword,$dbname);


$sql = "SELECT * FROM passwords where username='$username' and password='$password';";

$result = mysqli_query($conn, $sql);

$resultCheck = mysqli_num_rows($result); // = 2



if ($resultCheck > 0) {

   while($row = mysqli_fetch_assoc($result)){

     if ($row['username'] == $username && $row['password'] == $password) {

       include("true.html");

     }

   }


}else {

   include("false.html");

}


mysqli_close($conn);

?>

我想在检查数据时打开(true.php)或(false.php)。


收到一只叮咚
浏览 148回答 3
3回答

慕少森

&nbsp;$uid = $_POST['uid'];&nbsp;$pwd = $_POST['pwd'];&nbsp;if ($uid == null){&nbsp; &nbsp;header("Location: ../index.php?message=ERROR 001 - Username or Password can not be&nbsp;&nbsp; &nbsp;blank!");&nbsp; &nbsp; exit();&nbsp;}&nbsp;if ($pwd == null){&nbsp; &nbsp; header("Location: ../index.php?message=ERROR 001 - Username or Password can not&nbsp;&nbsp; &nbsp; be blank!");&nbsp; &nbsp; exit();}if ($stmt = $link->prepare("SELECT password FROM users WHERE username=?")) {&nbsp;$stmt->bind_param("s", $uid);&nbsp;$stmt->execute();&nbsp;$stmt->bind_result($pass);&nbsp;$stmt->fetch();&nbsp;$stmt->close();}if (!$stmt) {&nbsp;header("Location: ../index.php?message=ERROR 003 - Connection to the database could&nbsp;&nbsp;not be established!");&nbsp; &nbsp; exit();}$hash_pwd = $pass;if ($hash_pwd == crypt($pwd, $hash_pwd)){&nbsp;$decrypt = 1;&nbsp;&nbsp;}else{&nbsp; $decrypt = 0;}if ($decrypt == 0){&nbsp; &nbsp; include ("false.html");&nbsp; &nbsp; exit();} else {&nbsp;$stmt = $link->prepare("SELECT id FROM users WHERE username='$uid' AND password=?");&nbsp;$stmt->bind_param("s", $hash_pwd);&nbsp;$stmt->execute();&nbsp;$stmt->bind_result($id);&nbsp;$stmt->fetch();&nbsp;$stmt->close();&nbsp;$_SESSION['id'] = $id;&nbsp;include ("true.html");}这应该更好地工作。您必须更改数据库的相关详细信息。我已开始为您存储ID的会话变量。

莫回无

我想在检查数据时打开(true.php)或(false.php)。我认为您在这里是一个新手的常见疏忽,因为此刻您仅检查数据是否正确,而不处理其他任何事情:我在下面的代码中进行了注释,以证明我的意思。//if there is at least 1 result then check the data otherwise include falseif ($resultCheck > 0) {//while we go through the results check each one&nbsp;&nbsp; &nbsp;while($row = mysqli_fetch_assoc($result)){//if the username and password match include true.html//however you don't break out of the loop, you keep checking//if you have decided to include true you should use break;&nbsp; &nbsp; &nbsp;if ($row['username'] == $username && $row['password'] == $password) {&nbsp; &nbsp; &nbsp; &nbsp;include("true.html");&nbsp; &nbsp; &nbsp;}//otherwise do what?&nbsp; this should say else include false and then should probably break out the loop here as the//this will not fall through into the else block below as that is based on the parent condition//so you will never include a false in this loop - only if there were 0 rows to begin with//this means that eventually, whenever our loop finishes we will skip&nbsp;//down to the next executionable line which is marked with !!!&nbsp; &nbsp;}}else {&nbsp; &nbsp;include("false.html");}//!!!您的代码还有其他一些明显的问题,例如您似乎将密码存储在数据库中的痛苦文本中,应该对它们进行哈希处理和验证,因此,您永远不能只看密码行==输入,我建议谷歌搜索php函数password_hash和password_verify您也不应该使用while循环,在您的登录系统中,您必须具有唯一的用户名和密码组合,因此您应该只返回1行-如果您有多于1行,如何确认他们是谁?因此,您应该使用与pdo-> fetch()相当的mysqli等效项(我不知道是副手,因为我仅使用pdo)这使我想到了一个事实,您应该使用准备好的语句来打击sql注入,此刻,此登录系统可以轻松地用于使某人完全访问所有以纯文本存储的用户名和密码。

qq_笑_17

我会将HTML文件重命名为PHP。这实际上是您的代码吗?只是检查一下,因为文件是否为远程URL会有所不同。您正在使用while循环来包含一个只会产生1个结果的HTML文件。有更好的方法可以做到这一点,但是无论这是否可行,这都不是问题。有什么错误吗?尝试&nbsp;&nbsp;&nbsp;&nbsp;include&nbsp;'./true.php';代替&nbsp;&nbsp;&nbsp;&nbsp;include&nbsp;("true.html");
随时随地看视频慕课网APP
我要回答