隐藏用户名 html + php

2回答

翻过高山走不出你

在数据库中找到您的用户后，您没有设置 $_SESSION['username'] 。我不是 PHP 专家，但我认为您需要执行类似 $_SESSION['username'] = 'xyz' 的操作。除此之外，您的选择查询很容易受到 sql 注入的影响。

0

0

0

MMTTMM

在你的脚本中有一个错误$sql="SELECT&nbsp;*&nbsp;FROM&nbsp;loginform&nbsp;where&nbsp;korisnickoime='".$username."'AND&nbsp;sifrajedan='".$password."'&nbsp;limit&nbsp;1";在用户名附近的查询中，和where korisnickoime='".$username."'AND sifrajedan='".$password."'之间没有空格&nbsp;。$usernameAND附加用户名和密码后此查询的最终结果将类似于SELECT&nbsp;*&nbsp;FROM&nbsp;loginform&nbsp;where&nbsp;korisnickoime='user1'AND&nbsp;sifrajedan='xyz'&nbsp;limit&nbsp;1";此查询将中断，因此请在两者之间添加一点空格，用此替换您的查询字符串。&nbsp;$sql="SELECT&nbsp;*&nbsp;FROM&nbsp;loginform&nbsp;where&nbsp;korisnickoime='".$username."'&nbsp;AND&nbsp;sifrajedan='".$password."'&nbsp;limit&nbsp;1";你的 PHP 脚本可能是这样的索引.php<form method="post" name="login">&nbsp; &nbsp; &nbsp; &nbsp; <label for="username">Username:</label><br>&nbsp; &nbsp; &nbsp; &nbsp; <input type="text" name="username"><br>&nbsp; &nbsp; &nbsp; &nbsp; <label for="password">Password:</label><br>&nbsp; &nbsp; &nbsp; &nbsp; <input type="password" name="password"><br>&nbsp; &nbsp; &nbsp; &nbsp; <button type="submit" name="login">Log in</button></form><?php&nbsp; &nbsp; session_start();&nbsp; &nbsp; if(isset($_POST['username']) and isset($_POST['password']))&nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; $username = $_POST['username'];&nbsp; &nbsp; &nbsp; &nbsp; $pass = $_POST['password'];&nbsp; &nbsp; &nbsp; &nbsp; $query = "SELECT * FROM `person` WHERE name='$username' and pass='$pass'";&nbsp; &nbsp; &nbsp; &nbsp; $result = mysql_query($query) or die(mysql_error());&nbsp; &nbsp; &nbsp; &nbsp; $count = mysql_num_rows($result);&nbsp; &nbsp; &nbsp; &nbsp; if ($count == 1){&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; $_SESSION['username'] = $username;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; header('Location: homepage.php');&nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; else&nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; $msg = "Wrong credentials";&nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; }&nbsp; &nbsp; if(isset($msg) & !empty($msg)){&nbsp; &nbsp; &nbsp; &nbsp; echo $msg;&nbsp; &nbsp; }&nbsp;?>然后在 homepage.php<nav><ul class="nav__links">&nbsp; &nbsp; <li><a href="#">Services</a></li>&nbsp; &nbsp; <li><a href="#">Projects</a></li>&nbsp; &nbsp; <li><a href="#">About</a></li>&nbsp; &nbsp; <li><a href="#">&nbsp; &nbsp; <span>&nbsp; &nbsp; <?php&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; session_start();&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if(!isset($_SESSION['username']))&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; die("You are not logged in!");&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; $username = $_SESSION['username'];&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; echo "Hai " . $username;&nbsp; &nbsp; &nbsp; &nbsp; ?>&nbsp; &nbsp; </span></a></li></ul></nav>PS：为了使您的查询安全使用这样的参数化查询<?php$servername = "localhost";$username = "username";$password = "password";$dbname = "myDB";// Create connection$conn = new mysqli($servername, $username, $password, $dbname);// Check connectionif ($conn->connect_error) {&nbsp; die("Connection failed: " . $conn->connect_error);}$stmt = $conn->prepare(SELECT * FROM loginform where korisnickoime='?' AND sifrajedan='?' limit 1");$stmt->bind_param("ss", $username, $password);// set parameters and execute$username = "John";$password = "Doe";$result = $stmt->execute();?>

0

0

0