php注册界面
<h1>注册页面</h1> <form action="./zhucechuli.php" method="post"> <div>用户名:<input type="text" name="uid" /></div> <div>密码:<input type="text" name="pwd" /></div> <div>姓名:<input type="text" name="name" /></div> <div><input type="submit" value="注册" /></div> </form>
zhucechuli.php文件中代码(zhucechuli.php为设定目录下)
<?php $uid = $_POST["uid"]; $pwd = $_POST["pwd"]; $name = $_POST["name"]; //1.造连接对象 $db = new MySQLi("localhost","root","123","mydb"); //2.写SQL语句 $sql = "insert into login values('{$uid}','{$name}','{$pwd}',0)"; //3.执行 $r = $db->query($sql); if($r) { echo "注册成功!"; } else { echo "注册失败!"; }
结果:
php登录界面
<h1>登录页面</h1> <form action="./dengluchuli.php" method="post"> <div>用户名:<input type="text" name="uid" /></div> <div>密码:<input type="password" name="pwd" /></div> <div><input type="submit" value="登录" /></div> </form>
dengluchuli.php文件中代码(dengluchuli.php为设定目录下)
<?php $uid = $_POST["uid"]; $pwd = $_POST["pwd"]; //1.造连接对象 $db = new MySQLi("localhost","root","","12345"); //2.写SQL语句 $sql = "select password from login where username='{$uid}'"; //3.执行 $reslut = $db->query($sql); //4.取数据 $attr = $reslut->fetch_row(); if($attr[0]==$pwd && !empty($pwd)) { echo "登录成功!"; } else { echo "登录失败!"; }
结果:
//SQL注入攻击 //1.过滤用户的输入 //2.使用预处理语句 //3.写代码的时候尽量避免