我想在检查数据时打开(true.php)或(false.php)。
我认为您在这里是一个新手的常见疏忽,因为此刻您仅检查数据是否正确,而不处理其他任何事情:我在下面的代码中进行了注释,以证明我的意思。
//if there is at least 1 result then check the data otherwise include false
if ($resultCheck > 0) {
//while we go through the results check each one
while($row = mysqli_fetch_assoc($result)){
//if the username and password match include true.html
//however you don't break out of the loop, you keep checking
//if you have decided to include true you should use break;
if ($row['username'] == $username && $row['password'] == $password) {
include("true.html");
}
//otherwise do what? this should say else include false and then should probably break out the loop here as the
//this will not fall through into the else block below as that is based on the parent condition
//so you will never include a false in this loop - only if there were 0 rows to begin with
//this means that eventually, whenever our loop finishes we will skip
//down to the next executionable line which is marked with !!!
}
}else {
include("false.html");
}
//!!!
您的代码还有其他一些明显的问题,例如您似乎将密码存储在数据库中的痛苦文本中,应该对它们进行哈希处理和验证,因此,您永远不能只看密码行==输入,我建议谷歌搜索php函数password_hash和password_verify
您也不应该使用while循环,在您的登录系统中,您必须具有唯一的用户名和密码组合,因此您应该只返回1行-如果您有多于1行,如何确认他们是谁?因此,您应该使用与pdo-> fetch()相当的mysqli等效项(我不知道是副手,因为我仅使用pdo)
这使我想到了一个事实,您应该使用准备好的语句来打击sql注入,此刻,此登录系统可以轻松地用于使某人完全访问所有以纯文本存储的用户名和密码。