<?php

//初始化值
$name = isset($_POST['name'])?$_POST['name']:'';
$pass = isset($_POST['passwd'])?$_POST['passwd']:'';

//去除首尾空
$name = trim($name);
$pass = trim($pass);

//正则表达式
$res_name = preg_match('/^[0-9a-zA-Z]{1,}$/',$name);
$res_pass = preg_match('/^[0-9a-zA-Z_]{1,}$/',$pass);
if (!$res_name) {
    echo "用户名存在非法字符串";
    die();
}
if (!$res_pass) {
    echo "密码存在非法字符串";
    die();
}

//链接数据库
$conn = mysqli_connect('127.0.0.1','root','root','test');

//设置字符集
mysqli_set_charset($conn,'utf-8');

//数据库执行语句
//$sql = "SELECT * FROM lhm_user WHERE u_name = '".$name."' AND u_pass = '".$pass."'"; 
$sql = "SELECT * FROM lhm_user WHERE u_name = '".$name."'"; 

//执行语句
$res = mysqli_query($conn, $sql);

//处理结果集
$row = mysqli_fetch_assoc($res);

//拿用户输入账号密码与数据库相比较
if ($name!=''&&$pass!='') {
    if ($_POST['name']!=$row['u_name']) {
        echo '<script>alert("账号错误"); location="./login.php"</script>';
    }else if ($row['u_pass']!=$_POST['passwd']) {
        echo '<script>alert("密码错误"); location="./login.php"</script>';
    }else{
        echo "账号密码正确";
    }
}
Last modification:September 19th, 2019 at 05:04 pm
如果觉得我的文章对你有用,请随意赞赏