{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 放我归山 的问题《login not working when changing from mysql to mysq》','https://www.manongdao.com/q-1146859.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a code below where it logs a teacher in by matching it's username and password in the database, if correct, then log in, if incorrect, then display a message.
<?php
session_start();
$username="xxx";
$password="xxx";
$database="mobile_app";
$link = mysqli_connect('localhost',$username,$password);
mysqli_select_db($link, $database) or die( "Unable to select database");
foreach (array('teacherusername','teacherpassword') as $varname) {
$$varname = (isset($_POST[$varname])) ? $_POST[$varname] : '';
}
?>
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" id="teachLoginForm">
<p>Username</p><p><input type="text" name="teacherusername" /></p> <!-- Enter Teacher Username-->
<p>Password</p><p><input type="password" name="teacherpassword" /></p> <!-- Enter Teacher Password-->
<p><input id="loginSubmit" type="submit" value="Login" name="submit" /></p>
</form>
<?php
if (isset($_POST['submit'])) {
$query = "
SELECT * FROM Teacher t
WHERE
(t.TeacherUsername = '".mysqli_real_escape_string($teacherusername)."')
AND
(t.TeacherPassword = '".mysqli_real_escape_string($teacherpassword)."')
";
$result = mysqli_query($link, $query);
$num = mysqli_num_rows($result);
$loged = false;
while($row = mysqli_fetch_array($result))
{
if ($_POST['teacherusername'] == ($row['TeacherUsername']) && $_POST['teacherpassword'] == ($row['TeacherPassword']))
{
$loged = true;
}
$_SESSION['teacherforename'] = $row['TeacherForename'];
$_SESSION['teachersurname'] = $row['TeacherSurname'];
$_SESSION['teacherusername'] = $row['TeacherUsername'];
}
if ($loged == true){
header( 'Location: menu.php' ) ;
}else{
echo "The Username or Password that you Entered is not Valid. Try Entering it Again.";
}
mysqli_close($link);
}
?>
Now the problem is that even if the teacher has entered in the correct username and password, it still doesn't let the teacher log in. When the code above was the old mysql() code, it worked fine as teacher was able to login when username and password match, but when trying to change the code into mysqli then it causes login to not work even though username and password match. What am I doing wrong?
I have little experience with PHP, but when I converted my code from mysql to mysqli, I discovered that some mysqli commands have different synatx. Like mysqli_connect has 4th parameter db_name (don't know if this required). Also is different:
mysql_real_escape_string($string)compared tomysqli_real_escape_string($link, $string)It seems to me that you have changed more than just mysql to mysqli because where your successful login redirect is located, it will never work as the headers have already been sent. So on a successful login, you would just get your login-form again.
To avoid that, you would need to move all processing to the top, to before where you start outputting html.
Apart from that I would recommend switching to prepared statements to avoid the whole escape_string mess, but that's unrelated to the problem unless your usernames / passwords can contain characters that are affected by the escape functions.