php 通过登录页面连接到数据库

php connection to database via login page

我对 php 很陌生,所以请原谅我的新代码,虽然我需要使用 php,但我更习惯 ASP.net,目前我有php 连接到数据库的页面如果成功将值存储到 cookie 中,但由于不正确的字符串会抛出这些错误消息

Warning: Illegal string offset 'Member_Username' in C:\xampp\htdocs\awm\includes\login.php on line 10

Warning: Illegal string offset 'Member_Password' in C:\xampp\htdocs\awm\includes\login.php on line 10

Notice: Trying to get property of non-object in C:\xampp\htdocs\awm\includes\login.php on line 13

这是我的代码:

<?php

try
{
    $Username = $_POST['Username'];
    $Password = $_POST['Password'];

    $con = mysqli_connect('localhost','root','Password','Letting');

    $query = "SELECT Member_Id, Member_Firstname, Member_Surname FROM Members WHERE Member_Username = '" . $Username['Member_Username'] .  "' AND Password = '" . $Password['Member_Password']. "'";
    $result = $con->query($query);

    if($result->num_rows)
    {
        $row = $result->fetch_assoc();

        $_SESSION['MemberId']=$row['Member_Id'];
        $_SESSION['Firstname']=$row['Member_Firstname'];
        $_SESSION['Surname']=$row['Member_Surname'];

        if(isset($_POST['RememberMe']))
        {
            setcookie('login',$row['Member_Id'],time() +60*60*60*24*7);
        }
        else
        {
            $msg = 'Login failed';
        }       
    }
}
catch(Exception $e)
{
    echo $e->errorMessage();
}   
?>

假设这些变量是字符串:

$Username = $_POST['Username'];
$Password = $_POST['Password'];

Calling/treating 它们作为使用索引的数组肯定会引发非法字符串偏移错误。这是哪一行:

$query = "SELECT Member_Id, Member_Firstname, Member_Surname FROM Members WHERE Member_Username = '" . $Username['Member_Username'] .  "' AND Password = '" . $Password['Member_Password']. "'";

并且由于 MySQLi 已经支持准备好的语句,为什么不使用它们呢,因为就目前而言,您很容易受到 SQL 注入的攻击。我不会添加直接连接 $Username$Password 的解决方案,但我会给出关于准备好的语句的粗略示例:

$query = 'SELECT Member_Id, Member_Firstname, Member_Surname 
        FROM Members 
        WHERE Member_Username = ? 
        AND Password = ?';

$select = $con->prepare($query);
$select->bind_param('ss', $Username, $Password);
$select->execute();

if($select->num_rows > 0) {
    // rest of codes
}

旁注:您似乎在保存普通的裸密码,如果您可以使用它(PHP 5.5 或更高版本),我建议您为此使用 password_hash + password_verify to handle your login module for hashing those passwords. If you have PHP 5.4 or lower and can't use the built-in, there's already a compatibility pack library

试试这个

$query = "SELECT Member_Id, Member_Firstname, Member_Surname  
FROM Members WHERE Member_Username = '" . $Username .  
"' AND Password = '" . $Password. "'";