会话登录脚本不将表单变量值传递给$ _POST?

时间:2013-02-04 17:07:19

标签: php html

以admin(管理员表单)身份登录时,继续错误:管理员登录。客户还有一个表(db_table_customers)。

编辑:使用Wamp,它给了我这个

( ! ) Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\wamp\www\dev6\login.php on line 36
Call Stack
#   Time    Memory  Function    Location
1   0.0003  692264  {main}( )   ..\login.php:0
2   0.0121  710400  mysqli_num_rows ( ) ..\login.php:36

第36行是$rows = mysqli_num_rows($result);

另外,var_dump()ing $ result和$ row分别在Web浏览器中打印以下内容:

  

布尔值假

     

这应该意味着login.php与我在db_table_admins表中提供的admin登录名不匹配。但我正在为管理员提供正确的登录信息。多次检查。

表格 

<form name="admin_login" method="POST" action="login.php">
        <h3>Admin:</h3>
        Username: <input type="text" id="username" name="admin_login[username]"><br>
        Password: <input type="password" id="password" name="admin_login[password]"><br>
        <input type="submit" name="admin_submit" value="Login">
</form> 

<form name="customer_login" method="POST" action="login.php">
        <h3>Customer:</h3>
        Username: <input type="text" id="username" name="customer_login[username]"><br>
        Password: <input type="password" id="password" name="customer_login[password]"><br>
        <input type="submit" name="customer_submit" value="Login">
</form>

的login.php 

<?php

    require('connection.inc.php');

    $username = null;
    $password = null;
    $administrator = false;
    $result = null;

    $link = mysqli_connect($db_host, $db_username, $db_password, $db_database) or die("Can't connect");

    if(isset($_POST['admin_submit'])){
            $administrator = true;
            $username = $_POST['admin_login']['username'];
            $passname = $_POST['admin_login']['password'];
    }else{
            $username = $_POST['customer_login']['username'];
            $passname = $_POST['customer_login']['password'];
    }

    if($administrator){
        $query = "SELECT * FROM $db_table_admins WHERE username='$username' AND password='$password'";
        $result = mysqli_query($link, $query);
        $rows = mysqli_num_rows($result);

        if($rows == 1){
            $_SESSION['admin'] = true;
            header("location:login_success.php");
        }else{
            echo "Error: admin login";
        }
    }else{
        $query = "SELECT * FROM $db_table_customers WHERE username='$username' AND password='$password'";
        $result = mysqli_query($link, $query);
        $rows = mysqli_num_rows($result);

        if($rows == 1){
            $_SESSION['admin'] = false;
            header("location:login_success.php");
        }else{
            echo "Error: customer login";
        }
    }
?>

2 个答案:

答案 0 :(得分:0)

您有$administrator = true;但是您正在测试if($admin){

答案 1 :(得分:0)

您的管理员登录按钮名为admin_submit

 <input type="submit" name="admin_submit" value="Login">

但在您的代码中,您需要检查admin_login

if($_POST['admin_login']){

您需要检查(并更改为...)admin_submit,因为admin_login已用于您的文字字段

编辑:正如所指出的,你有一个SQL注入问题。这意味着,例如'中的$_POST字符会破坏您的查询。

除此之外,您似乎正在为表名使用变量;这些来自哪里?是什么?

相关问题
最新问题