<?php
header("content-type:text/html:charset=utf-8");
include("conn.php");
if(isset($_POST['submitted'])){
$user = $_POST['user'];
$ pwd = $_POST['pwd'];
$sql = 'select * from name where user="'.$user.'"';
//$sql = "select * from name where user = '.$user'";
$result = mysqli_query($conn,$sql) ;
$row = mysqli_fetch_array ($result);
$cmp_pwd = $row['password'];
$quan =$row['quan'];
$xbb = 1;
$fx = 0;
if( $cmp_pwd == $pwd && $quan == $xbb){ //Use the value taken from the database Compare the password with the submitted password
echo "<script language=javascript>alert('Login successful');</script>"; "Location:addhc1.php");
//Jump to the specified page
}elseif($cmp_pwd1 == $pwd && $quan == $fx ){
echo "<script language=javascript>alert('Username or password is incorrect');</script>";
Header("Location:bddhc1.php" ); //Reload the page
} else{
echo "<script language=javascript>alert('Username or password is incorrect');< ;/script>";
Header("Location:login1.php"); //Reload the page
}
}
?>
<html>
<head>
<title> Login window</title>
<meta http-equiv="Content-Type" content="text/html" charset="utf-8">
</ head>
<body>
<form action="login1.php" method="post">
Username:
<input type="text" name="user" />
Password:
<input type="password" name="pwd" />
<br/>
<input type="hidden" name="submitted" value="1" />
<input type="submit" value="登录" />
</form>
</body>
</html>
Your query statement is missing a single quote. You can write it like me $sql = 'select * from name where user ='.$user;
$sql = 'select * from name where user="'.$user.'"';
Use single quotes for variable names.
In PHP, variables can be used within double quotes. You can write like this:
$sql = "select * from name where user=\'$user\';";