入门级的一个登录窗口PHP+MYSQL

CREATE DATABASE blog;
USE blog;
mysql> CREATE TABLE USER_PASSWORD(
-> username VARCHAR(25) NOT NULL,
-> password VARCHAR(25) NOT NULL,
);

login.php

<html>
<head>
</head>

<body>
<p>Welcome to micro blog</p>
<p>Please log in or register</p>
<form action = "loginbackground.php" method = "post">
<p>Username: <input type = "text" name = "username" /></p>
<p>Password: <input type = "password" name = "password" /></p>
<input type = "submit" value = "submit" name = "submit"/>
<input type = "submit" value = "register" name = "register" />
</form>

</body>
</html>

The loginbackground.php

<?php
error_reporting(E_ALL);
if(isset($_POST['submit']))
{
$username = filter_var($_POST['username'], FILTER_SANITIZE_SPECIAL_CHARS);
$password = filter_var($_POST['password'], FILTER_SANITIZE_SPECIAL_CHARS);
echo "Log information:<br />";
echo "The corresponding username is $username and password is $password...<br />";
echo "establishing connection to mysql...<br />";

$mysqli = new mysqli("localhost", "root", "12345", "blog");
if(!$mysqli)
{
die("Could not connect to mysql!<br />");
}
else
{
echo "Connect successfully<br />";
}

$query = "SELECT * FROM USER_PASSWORD WHERE username = '$username' and password = '$password'";
$mysqli->query($query);
$result = $mysqli->query($query, MYSQLI_STORE_RESULT);

if(@$result->num_rows)
{
echo "Log in!<br />";
$result->free();
}
else
{
echo "Log fail! username or password fail! You will back to login.php in 5 seconds.:)<br />";
header("refresh:5;url=login.php");
}
}
else if (isset($_POST['register']))
{
header("refresh:0;url=register.php");
}

?>

register.php

<html>
<body>
<p>Register</p>
<form action = "registerbackground.php" method = "post">
<p>Username: <input type = "text" name = "username_register" /></p>
<p>Password: <input type = "password" name = "password_register" /></p>
<input type = "submit" value = "submit_register" name = "submit_register" />
<input type = "submit" value = "back_login" name = "back_login" />
</form>
</body>
</html>

registerbackground.php

<?php
if(isset($_POST['submit_register']))
{
$username = filter_var($_POST['username_register'], FILTER_SANITIZE_SPECIAL_CHARS);
$password = filter_var($_POST['password_register'], FILTER_SANITIZE_SPECIAL_CHARS);
echo "Register information:<br />";
echo "The corresponding username is $username and password is $password...<br />";
echo "establishing connection to mysql...<br />";

$mysqli = new mysqli("localhost", "root", "12345", "blog");
if(!$mysqli)
{
die("Could not connect to mysql!<br />");
}
else
{
echo "Connect successfully<br />";
}

$query = "SELECT * FROM USER_PASSWORD WHERE username = '$username'";
$mysqli->query($query);
$result = $mysqli->query($query, MYSQLI_STORE_RESULT);

if($result->num_rows)
{
echo "There is a same username. You will back to register.php in 2 seconds.:)<br />";
header("refresh:2;url=register.php");

}
else
{
$query = "INSERT INTO USER_PASSWORD SET username='$username',password='$password'";
$result = $mysqli->query($query, MYSQLI_STORE_RESULT);
echo "Register Successfully. You will back to login.php in 2 seconds.<br />";
header("refresh:2;url=login.php");
}
}
if(isset($_POST['back_login']))
{
header("refresh:0;url=login.php");
}
?>