我正在尝试创建一个简单的PHP MySQL登录页面。我一直在阅读代码,看不出我做错了什么。我正在测试我刚刚在数据库中看到的电子邮件和密码作为测试,所以我知道它存在。当我单击上一个表单上的提交时,它只是将我重定向回同一页面并且不登录(我知道这是因为我的标题在$ _SESSION变量工作时会改变;我知道这是因为我的注册页面有效但是一旦你注册,不是登录)。请注意,在注册时,他们输入他们的名字和姓氏,这就是为什么我将它包含在session_start上的$ _SESSION变量上。这是代码(首先是表单,然后是checklogin.php页面):
<!--THIS IS THE FORM FROM THE PAGE SIGN_IN.PHP-->
<form method="post" target="checklogin.php">
<label for="email">EMAIL/USERNAME:</label>
<input type="text" name="email" id="email">
<label for="password">PASSWORD:</label>
<input type="password" name="password" id="password">
<br />
<input type="submit" value="Let's Play!">
</form>
这是表单发布到的checklogin.php脚本:
<?php
$mysqli = mysqli_connect("mysql_name","login_id","password", "db_name");
if (!$mysqli)
{
die('Could not connect: ' . mysqli_error($mysqli));
}
// username and password sent from form
//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
$email=$mysqli->real_escape_string($_POST['email']);
$password=$mysqli->real_escape_string($_POST['password']);
$sql="SELECT * FROM tbl_name WHERE email='$email' and password='$password'";
$result = $mysqli->query($sql);
if(is_object($result) && $result->num_rows == 1){
// Register variables and redirect to file "profile.php"
session_start();
$_SESSION['firstname']=$_POST['firstname'];
$_SESSION['lastname']=$_POST['lastname'];
$_SESSION['email']=$_POST['email'];
$_SESSION['password']=$_POST['password'];
redirect('profile.php');
} else {
echo "Wrong Username or Password";
}
?>
我也尝试使用header('location:profile.php'),但结果相同。
答案 0 :(得分:4)
<form method="post" action="checklogin.php">
action
属性用于指定要发布的表单。虽然target
属性用于指定URL的加载位置。
如果缺少action
属性,则默认为当前网址,这就是您在提交表单时导航到同一页面的原因。
答案 1 :(得分:2)
Change Your Form As:
<form method="post" action="checklogin.php">
<label for="email">EMAIL/USERNAME:</label>
<input type="text" name="email" id="email">
<label for="password">PASSWORD:</label>
<input type="password" name="password" id="password">
<br />
<input type="submit" value="Let's Play!">
</form>
Checklogin.php as
<?php
$mysqli = mysqli_connect("mysql_name","login_id","password", "db_name");
if (!$mysqli)
{
die('Could not connect: ' . mysqli_error($mysqli));
}
// username and password sent from form
//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
$email=$mysqli->real_escape_string($_POST['email']);
$password=$mysqli->real_escape_string($_POST['password']);
$sql="SELECT * FROM tbl_name WHERE email='$email' and password='$password'";
$result = $mysqli->query($sql);
if(is_object($result) && $result->num_rows == 1){
// Register variables and redirect to file "profile.php"
session_start();
$_SESSION['firstname']=$_POST['firstname'];
$_SESSION['lastname']=$_POST['lastname'];
$_SESSION['email']=$_POST['email'];
$_SESSION['password']=$_POST['password'];
//redirect('profile.php');
header('location:profile.php');
} else {
echo "Wrong Username or Password";
}
?>