Question

我有一个愚蠢的问题，我无法弄清楚。当我刷新我的登录页面时，密码和用户名出现在输入字段中。这是我的代码：

<?php include_once "includes/scripts.php"; ?>
<?php
session_start();
include_once ("includes/connect.php");
if (isset($_SESSION['logged_in'])) {
    header('location: admin_cms.php');
}else{
    if (isset($_POST['username'], $_POST['password'])){
        $username = $_POST['username'];
        $password = md5($_POST['password']);
        if (empty($username) or empty($password)){
            $error = '<p>NOTE: Fields are blank</p>';   
        }else{
            $query = $pdo->prepare("SELECT * FROM users WHERE user_name = ? AND user_password =?");
            $query->bindValue(1, $username);
            $query->bindValue(2, $password);
            $query->execute();
            $num = $query->rowCount();
            if ($num == 1){
                $_SESSION['logged_in'] = true;
                header('location: admin_cms.php');
                exit();
            }else{
                $error = "<p>NOTE: The username or password is incorrect</p>";  
            }
        }
    }
    ?>
    <div id="login_container">
        <br><img src="images/camelhorst_logo_full.png" style="margin-top:38px;">
        <h1>LOGIN<img src="images/three_column_grid_line.png" alt="line"></h1>
        <form  acton = "admin.php" method="post" autocompleate="off">
            <label>Username:</label>
            <input type="text" name="username" placeholder="Your Username" required>
            <label>Password:</label>
            <input type="password" name="password" placeholder="Your Password" required>
            <input type="submit"  value="Login" name="submit_login">
        </form>
        <?php if (isset($error))
        {echo $error;}?>
      <p id="copyright_admin"> © CAMELHORSE CREATIVE STUDIO 2013 </p>
    </div><!--login_container-->

    <?php } ?>
</body>
</html>

请有人帮我解决这个问题吗？如果有人发现可能存在安全问题的问题，请纠正我吗？

My Login screen when i open the page or refresh

Answer 1

输入结尾处的

autocomplete="off"

例如

 <input type="password" name="password" placeholder="Your Password" required autocomplete="off">

Place Holder也可以填充它，以便你可以删除

 <input type="password" name="password" required autocomplete="off">

您也可以将autocomplete="off"放在表单标记

中

Answer 2

默认情况下，autocomplete属性设置为“on”。将其关闭将阻止浏览器显示可能已存储的其他值。我很确定autocomplete属性在表单标签内不起作用。在要编辑的输入标记内，放入

autocomplete="off"

更多信息here

密码和用户名显示在输入字段中？

2 个答案: