PHP 로그인 시스템 오류

Question

로그인 시스템을 만들려고하고 있는데 어떤 이유로 내 코드에 오류가있어 그것이 무엇인지 파악할 수 없습니다.

Warning: mysql_query() expects parameter 1 to be string, object given in C:\xampp-portable\htdocs\bootstrap\signin.php on line 71 

Warning: mysql_num_rows() expects parameter 1 to be resource, null given in C:\xampp-portable\htdocs\bootstrap\signin.php on line 72 
Bad login, go back. 

Answer 1

1) 당신은 혼란 MySQL의 & mysqli 쿼리

<?php 
include "connect.php"; 
?> 

<body> 
<?php 
if(isset($_POST['submit'])){ 
$username = $_POST['email']; 
$password = $_POST['password']; 

$result = mysql_query($con,"SELECT * FROM users WHERE username=$username AND password=$password"); 
$num = mysql_num_rows($result); 
if($num == 0){ 
echo "Bad login, go <a href='login.php'>back</a>."; 
}else{ 
session_start(); 
$_SESSION['username'] = $username; 
header("Location: index.php"); 
} 
} 
?> 

    <div class="container"> 
     <form action='signin.php' method='POST' class="form-signin" > 
     <h2 class="form-signin-heading">Please sign in</h2> 
     <input type="text" class="input-block-level" placeholder="Email address" name="email"> 
     <input type="password" class="input-block-level" placeholder="Password" name="password"> 
     <label class="checkbox"> 
      <input type="checkbox" value="remember-me"> Remember me 
     </label> 
     <button class="btn btn-large btn-primary" type="submit" name="submit" value="Login">Sign in</button> 
     </form> 

이

제출에 오류가 있습니다. 그것은이 코드는 SQL 인젝션의 매우 위험)

$result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); 
and 
$result = mysqli_query($con,"SELECT * FROM users WHERE username='$username' AND password='$password'"); 

2입니다. 공식적으로 사용하기 전에 위생 처리가 필요합니다. 3)

for the success case, set a session id sth like that: $session_id = session_id(); 
reverse that: 
$username=$_SESSION["username"]; 
and use both variables in redirection: 
header ("Location: index.php?username=$username&session_id=$session_id");