<?php
$link = mysql_connect('127.0.0.1', 'ilhan', 'password123');
if(!$link)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("metu", $link);
mysql_set_charset('utf8',$link);
if(isset($_POST["email"])) // AND strlen($_POST["email"])>1 solves the problem
// but I didn't get why the page is redirected...
{
$email = mysql_real_escape_string($_POST["email"]);
$password = mysql_real_escape_string($_POST["password"]);
$result = mysql_query("SELECT password, id FROM users WHERE email = '$email'");
if (!$result)
{
die('Invalid query: ' . mysql_error());
}
$row = mysql_fetch_assoc($result);
if($row['password'] == $password)
{
$_SESSION['valid_user'] = $row['id'];
mysql_close($link);
header("Location: http://www.example.com");
}
else $login = false;
mysql_close($link);
}
else $login = false;
?>
如果用户提交空白电子邮件和空白密码,您认为页面会被重定向吗?不应该,但页面已重定向。这是为什么?错误?
最佳答案
一开始我忽略了这个问题。 这是:
if($row['password'] == $password)
空 $row['password'] 等于空 $password。评估为true
这就是我要做的
<?php
include 'db.php';
if(isset($_POST["email"]))
{
$sql = "SELECT id FROM users WHERE email='%s' AND password='%s'";
$id = dbGetOne($sql,$_POST["email"],MD5($_POST["email"].$_POST["password"]));
if($id)
{
$_SESSION['valid_user'] = $row['id'];
header("Location: http://www.example.com");
exit;
}
}
关于php - 提交空白值并返回 mysql 查询的问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5338726/