隐藏用户名 html + php
我有 html 和 php 的问题,所以我创建了登录页面和所有登录功能,但我想将用户名放在标题中(像 facebook)并且有问题。添加 php 代码时用户名被隐藏。一切都很完美,这是我的 HTML 代码。pocetna.html
<?php
session_start();
?>
<html>
<head>
<title>
weekta RolePlay | Pocetna
</title>
<link rel="stylesheet" href="style/styless.css">
<link href="https://fonts.googleapis.com/css2?family=Jost&display=swap" rel="stylesheet">
</head>
<body>
<header>
<a class="logo" href="/" style="text-decoration: none;color: #1260a8;font-size: 30px;font-family: 'Jost', sans-serif;"><p>weekta</p></a>
<nav>
<ul class="nav__links">
<li><a href="#">Services</a></li>
<li><a href="#">Projects</a></li>
<li><a href="#">About</a></li>
<li><a href="#"><span><?php echo( $_SESSION['korisnickoime'] );?></span></a></li>
</ul>
</nav>
<a class="cta" href="index.html">Login</a>
<p class="menu cta">Menu</p>
</header>
<div id="mobile__menu" class="overlay">
<a class="close">×</a>
<div class="overlay__content">
<a href="#">Services</a>
<a href="#">Projects</a>
<a href="#">About</a>
</div>
</div>
<script type="text/javascript" src="mobile.js"></script>
</body>
</html>
这是 login_process.php
<?php
$mysql_host="localhost";
$mysql_user="root";
$mysql_password="";
$mysql_db="weekta";
$conn = mysqli_connect($mysql_host,$mysql_user,$mysql_password);
mysqli_select_db($conn, 'weekta');
session_start();
if(isset($_POST['korisnickoime'])){
$username=$_POST['korisnickoime'];
$password=$_POST['sifrajedan'];
$sql="SELECT * FROM loginform where korisnickoime='".$username."'AND sifrajedan='".$password."' limit 1";
$result = mysqli_query($conn,$sql);
有人可以帮我吗?谢谢。
宝慕林42943922回答
-
翻过高山走不出你
在数据库中找到您的用户后,您没有设置 $_SESSION['username'] 。我不是 PHP 专家,但我认为您需要执行类似 $_SESSION['username'] = 'xyz' 的操作。除此之外,您的选择查询很容易受到 sql 注入的影响。 -
MMTTMM
在你的脚本中有一个错误$sql="SELECT * FROM loginform where korisnickoime='".$username."'AND sifrajedan='".$password."' limit 1";在用户名附近的查询中,和where korisnickoime='".$username."'AND sifrajedan='".$password."'之间没有空格 。$usernameAND附加用户名和密码后此查询的最终结果将类似于SELECT * FROM loginform where korisnickoime='user1'AND sifrajedan='xyz' limit 1";此查询将中断,因此请在两者之间添加一点空格,用此替换您的查询字符串。 $sql="SELECT * FROM loginform where korisnickoime='".$username."' AND sifrajedan='".$password."' limit 1";你的 PHP 脚本可能是这样的索引.php<form method="post" name="login"> <label for="username">Username:</label><br> <input type="text" name="username"><br> <label for="password">Password:</label><br> <input type="password" name="password"><br> <button type="submit" name="login">Log in</button></form><?php session_start(); if(isset($_POST['username']) and isset($_POST['password'])) { $username = $_POST['username']; $pass = $_POST['password']; $query = "SELECT * FROM `person` WHERE name='$username' and pass='$pass'"; $result = mysql_query($query) or die(mysql_error()); $count = mysql_num_rows($result); if ($count == 1){ $_SESSION['username'] = $username; header('Location: homepage.php'); } else { $msg = "Wrong credentials"; } } if(isset($msg) & !empty($msg)){ echo $msg; } ?>然后在 homepage.php<nav><ul class="nav__links"> <li><a href="#">Services</a></li> <li><a href="#">Projects</a></li> <li><a href="#">About</a></li> <li><a href="#"> <span> <?php session_start(); if(!isset($_SESSION['username'])) { die("You are not logged in!"); } $username = $_SESSION['username']; echo "Hai " . $username; ?> </span></a></li></ul></nav>PS:为了使您的查询安全使用这样的参数化查询<?php$servername = "localhost";$username = "username";$password = "password";$dbname = "myDB";// Create connection$conn = new mysqli($servername, $username, $password, $dbname);// Check connectionif ($conn->connect_error) { die("Connection failed: " . $conn->connect_error);}$stmt = $conn->prepare(SELECT * FROM loginform where korisnickoime='?' AND sifrajedan='?' limit 1");$stmt->bind_param("ss", $username, $password);// set parameters and execute$username = "John";$password = "Doe";$result = $stmt->execute();?>
随时随地看视频慕课网APP
PHP