search

Home  >  Q&A  >  body text

I don’t know what’s wrong, please give me some advice.

<?php

header("content-type:text/html:charset=utf-8");

include("conn.php");


if(isset($_POST['submitted'])){

$user = $_POST['user'];

$ pwd = $_POST['pwd'];

$sql = 'select * from name where user="'.$user.'"';

//$sql = "select * from name where user = '.$user'";

$result = mysqli_query($conn,$sql) ;


$row = mysqli_fetch_array ($result);

$cmp_pwd = $row['password'];

$quan =$row['quan'];

$xbb = 1;

$fx = 0;


if( $cmp_pwd == $pwd && $quan == $xbb){ //Use the value taken from the database Compare the password with the submitted password

                                                                                                                                                                               echo "<script language=javascript>alert('Login successful');</script>"; "Location:addhc1.php");

//Jump to the specified page

}elseif($cmp_pwd1 == $pwd && $quan == $fx ){

echo "<script language=javascript>alert('Username or password is incorrect');</script>";

Header("Location:bddhc1.php" ); //Reload the page

} else{

echo "<script language=javascript>alert('Username or password is incorrect');< ;/script>";

Header("Location:login1.php"); //Reload the page

}

}

?>

<html>

<head>

<title> Login window</title>

<meta http-equiv="Content-Type" content="text/html" charset="utf-8">

</ head>

<body>

<form action="login1.php" method="post">

Username:

<input type="text" name="user" />

Password:

<input type="password" name="pwd" />

     <br/>

        <input type="hidden" name="submitted" value="1" /> 

        <input type="submit" value="登录" /> 

      

    </form> 

    </body> 

</html> 


cqcq2435 days ago938

reply all(5)I'll reply

  • 一笑而过

    一笑而过2018-05-01 14:41:51

    Your query statement is missing a single quote. You can write it like me $sql = 'select * from name where user ='.$user;

    reply
    0
  • tutu

    Thank you for your reply. When I entered my username and password, the program did not judge the permission $quan and jumped directly to Header("Location:bddhc1.php"). Why?

    tutu · 2018-05-01 15:23:47
  • 麻狼

    麻狼2018-05-01 07:50:53

    $sql = 'select * from name where user="'.$user.'"';

    Use single quotes for variable names.

    In PHP, variables can be used within double quotes. You can write like this:

    $sql = "select * from name where user=\'$user\';";

    reply
    0
  • tutu

    Thank you for your reply. When I entered my username and password, the program did not judge the permission $quan and jumped directly to Header("Location:bddhc1.php"). Why?

    tutu · 2018-05-01 15:23:23
    MrSwan

    Is mysqli_fetch_array missing a parameter?

    MrSwan · 2018-05-04 12:45:55
  • Cancelreply