请不要在这里评论告诉我关于我的SQL注入,我已经知道了:))
每次我使用我的login.html页面(链接到login.php文件)时,代码都会生成以下消息:“请输入有效的用户名和密码!” 代码工作得很早,所以我不确定我做错了什么......
代码如下:
<?php
$username = $_POST['username'];
$password = $_POST['password'];
if ($username&&$password)
{
$connect = mysql_connect("localhost","user_ben","password") or die ("Couldn't Connect!");
mysql_select_db("user_phplogin"); //select database
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
if(mysql_num_rows($query))
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
// check to see if they match
if ($username==$dbusername&&$password==$dbpassword)
{
echo "Youre in! <a href='members.php'> Visit your user profile! </a>";
}
else
{
echo "Incorrect Password! <a href='login.html'> Return to login page</a>";
}
}
else
{
die("That user doesnt exist! <a href='login.html'> Return to login page</a>");
}
}
else
{
die("Please enter a valid username and a password! <a href='login.html'> Return to login page</a>");
}
?>
这是我的表格代码......
<form action='login.php' method='submit'>
Username: <input type='text' name='username'/><br>
Password: <input type='password' name='password'/><br>
<input type='submit' value='Log In'/>
</form>
答案 0 :(得分:1)
检查
if(!empty($username) && !empty($password))
它将检查不为空还设置了用户名和密码
和
<form action='login.php' method='POST'>
因为它default is GET(这意味着如果你不输入方法,它将是GET)
你也在使用method="submit"没有任何提交方法
method (GET|POST) GET -- HTTP method used to submit the form--
答案 1 :(得分:0)
变化
<form action='login.php' method='submit'>
到
<form action='login.php' method='POST'>
答案 2 :(得分:0)
更改
<form action='login.php' method='submit'>
到
<form action='login.php' method='POST'>
用这行开始login.php并回答:
<?php print_r($_POST);
并查看帖子中的内容