我的 PHP 代码中出现了一个奇怪的错误。我想比较我的用户名和密码。当我回显表单时,就会有正确的值,当我更改 $sql
变量中的 $username
和 $password
时,它工作正常.
它获取正确的变量,但不接受它们。
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<?php
if(isset($_POST['Submit']))
{
$username = $_POST['myusername'];
$password = $_POST['mypassword'];
echo $username;
echo $password;
include "connect.php";
$sql="SELECT * FROM access WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
echo $count;
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
} else {
echo "Wrong Username or Password";
}
}
?>
附言
我知道没有任何加密,但我想先让它工作。
最佳答案
无论发生什么,这都行不通:
header("location:login_success.php");
因为你前面有 HTML...你必须拥有所有 header()
在打印出任何 html 之前。参见 http://us2.php.net/manual/en/function.header.php
要解决此问题,请将 PHP 代码块放在 HTML 代码块之前,如下所示。 (确保 <?php
之前没有空格,因为这会使 header()
变得无用。
<?php
if(isset($_POST['Submit']))
{
$username = $_POST['myusername'];
$password = $_POST['mypassword'];
echo $username;
echo $password;
include "connect.php";
$sql="SELECT * FROM access WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
echo $count;
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
} else {
echo "Wrong Username or Password";
}
}
?>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
人们不断提出的另一件事是 SQL 注入(inject)。这就是您可以使用 mysqli
的方式. (不要忘记你的连接需要使用 mysqli)
$query = "SELECT * FROM access WHERE username = ? and password= ?";
if($stmt = $mysqli->prepare($query)){
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
$stmt->store_result();
$count = $stmt->num_rows;
$stmt->free_result();
$stmt->close();
echo $count;
}else die("Failed to prepare!");
这将取代这个:
$sql="SELECT * FROM access WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
echo $count;
关于PHP 比较登录详细信息,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/21195501/