-5
我得到在我的PHP腳本一些錯誤,因爲我想改變一些「MySQL的」功能「msquli」警告:mysqli_real_escape_string()預計2個參數
1-警告:mysqli_real_escape_string()期望的是2參數,1 C中給出:\瓦帕\ WWW \ XXX \ YYY \ login.php中在線路34上
這裏是的 「的login.php」
<?php
ob_start();
session_start();
if (isset($_SESSION["puadmin"])) {
header("location: index.php");
exit();
}
?>
<?php
$success="";
$username="";
$password="";
$error1="";
$error2="";
$ip1="";
//getting ip
if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip1=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
if (isset($_POST['username'])){
$username = $_POST['username'];
$password = $_POST['password'];
//connect to the database here
require("../config.php");
$username = mysqli_real_escape_string($username);
$password = mysqli_real_escape_string($password);
$query = "SELECT aid, password
FROM pu_admin
WHERE username = '$username';";
$result = mysqli_query($query);
if(mysqli_num_rows($result) < 1) //no such user exists
{
// header('Location: login_form.php');
$error1 = " <div class='ui-state-error'>No such user exist</div><br>";
}
$userData = mysqli_fetch_array($result, MYSQL_ASSOC);
$hash = md5($password);
$aid = $userData['aid'];
if($hash != $userData['password']) //incorrect password
{
//header('Location: login.php');
$error2 = "<div class='ui-state-error'>Incorrect Password </div>";
}else{
session_regenerate_id(); //this is a security measure
$_SESSION['valid'] = 1;
$_SESSION['userid'] = $aid;
$_SESSION["puadmin"] = $username;
$_SESSION["pass"] = $pass1;
$success= "Login Successfull Redirecting Please wait";
header('location:index.php');
}
}
?>
<html>
<head>
<title>Login</title>
<?php include_once('templates/stylesheets.php') ?>
</head>
<body style="backgrround-color:#e6e6e6 !important;">
<div id="login_wrapper" style="margin-top:120px; margin-bottom:0px; overflow:hidden;">
<div class="well" style="text-align:center">
<h1><img src="../pu-admin/images/logo-light.png"></h1>
</div>
<?php
echo $error1;
echo $error2;
echo $success;
?>
<form class="form-signin" name="login" action="" method="post">
<div class="table-container">
<table class="table table-form">
<tbody>
<tr>
<td>
<label>Username</label>
</td>
<td>
<input name="username" placeholder="Username" type="text">
</td>
</tr>
<tr>
<td>
<label>Password</label>
</td>
<td>
<input placeholder="Password" name="password" type="password">
</td>
</tr>
</tbody>
</table>
</div>
<div class="actions">
<div class="button-well">
<button class="button button-primary fastbutton" data-icon="K" >Login</button>
</div>
</div>
</form>
</div>
的代碼下面
<?php
$dbhost = 'localhost'; /*Hostname*/
$dbname = 'file'; /*database name*/
$dbuser = 'file'; /*user name */
$dbpass = '1234'; /*database password, */
/*Base url without trailing slash for example http://www.example.com */
$baseUrl = 'localhost/file';
$conn = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
?>
給我一個小白儘可能DB查詢有關,但EM努力,我希望有人能幫助我走出
「config.php文件」的
2-碼
thanx提前
在功能上閱讀起來http://php.net/manual/en/mysqli.real-escape-string.php和HTTP:/ /php.net/manual/en/mysqli.query.php之前,盲目地射擊某些你認爲會在嘉年華的射擊場上像鴨子一樣下垂的東西。 – 2015-02-06 14:13:17
旁註:密碼存儲的MD5 ...請仔細閱讀,爲什麼你不應該使用它http://security.stackexchange.com/questions/19906/is-md5-considered-insecure – 2015-02-06 14:17:10
你的代碼也有一個syntex錯誤在選擇querry結尾處。**意外; ** semicolan ..您已添加2個semicolans ..刪除第一個1. – starkeen 2015-02-06 14:26:09