I don't know what's wrong, please give me some advice.
cq
cq 2018-04-29 22:06:26
0
5
936

<?php

header("content-type:text/html:charset=utf-8");

include("conn.php");


if(isset($_POST['submitted'])){

$user = $_POST['user'];

$ pwd = $_POST['pwd'];

$sql = 'select * from name where user="'.$user.'"';

//$sql = "select * from name where user = '.$user'";

$result = mysqli_query($conn,$sql) ;


$row = mysqli_fetch_array ($result);

$cmp_pwd = $row['password'];

$quan =$row['quan'];

$xbb = 1;

$fx = 0;


if( $cmp_pwd == $pwd && $quan == $xbb){ //Use the value taken from the database Compare the password with the submitted password

                                                                                                                                                                               echo "<script language=javascript>alert('Login successful');</script>"; "Location:addhc1.php");

//Jump to the specified page

}elseif($cmp_pwd1 == $pwd && $quan == $fx ){

echo "<script language=javascript>alert('Username or password is incorrect');</script>";

Header("Location:bddhc1.php" ); //Reload the page

} else{

echo "<script language=javascript>alert('Username or password is incorrect');< ;/script>";

Header("Location:login1.php"); //Reload the page

}

}

?>

<html>

<head>

<title> Login window</title>

<meta http-equiv="Content-Type" content="text/html" charset="utf-8">

</ head>

<body>

<form action="login1.php" method="post">

Username:

<input type="text" name="user" />

Password:

<input type="password" name="pwd" />

     <br/>

        <input type="hidden" name="submitted" value="1" /> 

        <input type="submit" value="登录" /> 

      

    </form> 

    </body> 

</html> 


cq
cq

reply all(2)
一笑而过

Your query statement is missing a single quote. You can write it like me $sql = 'select * from name where user ='.$user;

  • reply Thank you for your reply. When I entered my username and password, the program did not judge the permission $quan and jumped directly to Header("Location:bddhc1.php"). Why?
    tutu author 2018-05-01 15:23:47
麻狼

$sql = 'select * from name where user="'.$user.'"';

Use single quotes for variable names.

In PHP, variables can be used within double quotes. You can write like this:

$sql = "select * from name where user=\'$user\';";

  • reply Thank you for your reply. When I entered my username and password, the program did not judge the permission $quan and jumped directly to Header("Location:bddhc1.php"). Why?
    tutu author 2018-05-01 15:23:23
  • reply Is mysqli_fetch_array missing a parameter?
    MrSwan author 2018-05-04 12:45:55
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template