php注册界面
<h1>注册页面</h1>
<form action="./zhucechuli.php" method="post">
<div>用户名:<input type="text" name="uid" /></div>
<div>密码:<input type="text" name="pwd" /></div>
<div>姓名:<input type="text" name="name" /></div>
<div><input type="submit" value="注册" /></div>
</form>
zhucechuli.php文件中代码(zhucechuli.php为设定目录下)
<?php
$uid = $_POST["uid"];
$pwd = $_POST["pwd"];
$name = $_POST["name"];
//1.造连接对象
$db = new MySQLi("localhost","root","123","mydb");
//2.写SQL语句
$sql = "insert into login values('{$uid}','{$name}','{$pwd}',0)";
//3.执行
$r = $db->query($sql);
if($r)
{
echo "注册成功!";
}
else
{
echo "注册失败!";
}
结果:
php登录界面
<h1>登录页面</h1>
<form action="./dengluchuli.php" method="post">
<div>用户名:<input type="text" name="uid" /></div>
<div>密码:<input type="password" name="pwd" /></div>
<div><input type="submit" value="登录" /></div>
</form>
dengluchuli.php文件中代码(dengluchuli.php为设定目录下)
<?php
$uid = $_POST["uid"];
$pwd = $_POST["pwd"];
//1.造连接对象
$db = new MySQLi("localhost","root","","12345");
//2.写SQL语句
$sql = "select password from login where username='{$uid}'";
//3.执行
$reslut = $db->query($sql);
//4.取数据
$attr = $reslut->fetch_row();
if($attr[0]==$pwd && !empty($pwd))
{
echo "登录成功!";
}
else
{
echo "登录失败!";
}
结果:
//SQL注入攻击 //1.过滤用户的输入 //2.使用预处理语句 //3.写代码的时候尽量避免