HVV笔记(基础理论)——PHP登录页面的实现
1 PHP的概念
1.1 基本概念
PHP全称是Hypertext Preprocessor,即超文本预处理器,是一种通用开源脚本语言。
1.2 PHP可以做什么
- 生成动态页面内容
- 创建、打开、读取、写入、关闭服务器上的文件
- 手机表单数据
- 增删改查数据库重的数据
- 限制用户访问网站上的一些页面
- 加密数据
2 PHP运行环境的搭建
VSCode
https://code.visualstudio.com/Download
PhPstudy
https://www.xp.cn/download.html
3 PHP语法
3.1 超级局部变量
G L O B A L S ∗ ∗ ∗ ∗ GLOBALS** ** GLOBALS∗∗∗∗_SERVER R E Q U E S T ∗ ∗ ∗ ∗ _REQUEST** ** REQUEST∗∗∗∗_POST G E T ∗ ∗ ∗ ∗ _GET** ** GET∗∗∗∗_FILES E N V ∗ ∗ ∗ ∗ _ENV** ** ENV∗∗∗∗_COOKIE $_SESSION
3.2 数据库操作语法
连接数据库:
<head>
<meta charset=utf-8>
</head>
<?php
$servername = "localhost";
$username = "root";
$password = "123456";
// 创建连接
$conn = mysqli_connect($servername, $username, $password);
// 检测连接
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
echo "连接成功";
?>
创建数据库
// 创建数据库
$sql = "CREATE DATABASE myDB";
if (mysqli_query($conn, $sql)) {
echo "数据库创建成功";
} else {
echo "Error creating database: " . mysqli_error($conn);
}
mysqli_close($conn);
4 功能实现
4.1 前台登录页面
<html>
<head>
<meta charset=utf-8>
</head>
<h1>请输入账号以及密码</h1>
<form action="" method="post"></br>
<input type="text" name="username"></br>
<input type="password" name="password"></br>
<input type="submit">
</form>
<a href="zhuce.php">点击注册</a></br><?php echo &login;?>
</html>
4.2 数据库操作功能
//conn.php:
<head>
<meta charset=utf-8>
</head>
<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "kkk";
// 创建连接
$conn = mysqli_connect($servername, $username, $password);
$conn2 = mysqli_connect($servername, $username, $password, $dbname);
// 检测连接
if (!$conn) {
die("连接失败: " . mysqli_connect_error());
}else{
// echo "数据连接成功</br>";
if(mysqli_connect($servername, $username, $password, $dbname)){
// // echo "数据库表已经存在";
// $conn2 = mysqli_connect($servername, $username, $password, $dbname);
}else{
echo "开始自动创建数据库</br>";
$sql = "create DATABASE ".$dbname;
mysqli_query($conn, $sql);
echo "数据库创建成功</br>";
$createtbl="CREATE TABLE IF NOT EXISTS `kkk_tbl`(
`id` INT UNSIGNED AUTO_INCREMENT,
`user` VARCHAR(10) NOT NULL,
`pass` VARCHAR(10) NOT NULL,
`phone` VARCHAR(11) NOT NULL,
`file` VARCHAR(30) ,
PRIMARY KEY ( `id` )
)ENGINE=InnoDB DEFAULT CHARSET=utf8;";
$conn2 = mysqli_connect($servername, $username, $password, $dbname);
mysqli_query($conn2, $createtbl);
echo "数据表创建成功</br>";
}
}
4.3 登录功能
//login.php:
<?php
include("conn.php");
$username=$_POST['username'];
$password=$_POST['password'];
$uapsql="select user,pass from kkk_tbl where user='$username' and pass='$password';";
$reslust=mysqli_query($conn2,$uapsql);
// var_dump($reslust);
// var_dump();
if(mysqli_num_rows($reslust)){
header('Location:youxi.php');
session_start();
$_SESSION['login']='true';
}else{
$login = "登录失败";
$_SESSION['login']='false';
}
?>
4.4 检查session
//session.php
<?php
session_start();
echo $_SESSION["login"];
if($_SESSION["login"] == true){
echo "您已成功登录<a href='zhuxiao.php'>点击注销</a>";
} else {
$_SESSION["login"] == false;
die("您无权访问,<a href='login.hp'>点击跳转登录页面</a>");
}
?>
4.5 注销
//zhuxiao.php
<?php
session_start();
$_SESSION["login"]='false';
sessioon_destroy();
//删除当前用户的session文件,释放sessionid
header('Location:login.php');
?>
5 漏洞原理
admin' and '1'='1
admin' order by 5--+'