<?php
include("includes/connect.php");
if(isset($_POST['login'])){
$user_name = $_POST['user_name'];
$user_pass = $_POST['user_pass'];
$admin_query = "select * from admin_login where user_name='$user_name' AND user_pass='$user_pass'";
$run=mysql_query($admin_query);
if(mysql_num_rows($run)>0){
//echo (mysql_num_rows($run));
$_SESSION['user_name']=$user_name;
header('location:index.php');
//echo "<script>window.open('index.php','_self')</script>";
}
else{
echo "<script>alert('User name or password is incorrect')</script>";
}
}
?>
我无法登录索引页面。当我提供错误的凭证时,它会弹出错误。但是当我提供正确的凭据时,它不会弹出任何错误。但仍然无法登录。请帮忙。
我已将其包含在我的index.php
中<?php
session_start();
if(!isset($_SEESION['user_name'])){
header("location:login.php");
}
else {
?>
答案 0 :(得分:1)
在代码顶部添加session_start();;这是因为你不能保存会话变量,除非会话已启动并且你的$_SESSION['user_name']=$user_name;当前没有做任何事情。
您的代码很容易受到SQL注入攻击,请阅读this question有关如何防止它们的信息。
答案 1 :(得分:0)
尝试使用
if(!isset($_SESSION['user_name'])){
而不是
if(!isset($_SEESION['user_name'])){
index.php - 已添加session_start(); // added here
<?php session_start(); // added here
include("includes/connect.php");
if(isset($_POST['login'])){
$user_name = $_POST['user_name'];
$user_pass = $_POST['user_pass'];
$admin_query = "select * from admin_login where user_name='$user_name' AND user_pass='$user_pass' ";
$run=mysql_query($admin_query);
if(mysql_num_rows($run)>0){
//echo (mysql_num_rows($run));
$_SESSION['user_name']=$user_name;
header('location:index.php');
//echo "<script>window.open('index.php','_self')</script>";
}
else{
echo "<script>alert('User name or password is incorrect')</script>";
}
}
?>
答案 2 :(得分:0)
您需要在要添加会话的session_start();上添加file
在代码开头添加
<?php
session_start();