我的PHP代码中出现了一个奇怪的错误。我想比较我的用户名和密码。当我回显表单时,会有正确的值,当我在$username变量中更改$password和$sql时,它可以正常工作。
它获得了正确的变量,但它不接受它们。
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<?php
if(isset($_POST['Submit']))
{
$username = $_POST['myusername'];
$password = $_POST['mypassword'];
echo $username;
echo $password;
include "connect.php";
$sql="SELECT * FROM access WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
echo $count;
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
} else {
echo "Wrong Username or Password";
}
}
?>
PS
我知道没有任何加密,但我想先让它工作。
答案 0 :(得分:0)
无论发生什么,这都行不通:
header("location:login_success.php");
因为你之前有HTML ...在打印任何html之前你必须拥有所有header()。见http://us2.php.net/manual/en/function.header.php
要解决这个问题,请在HTML代码块之前放置PHP代码块,就像这样。 (确保<?php之前没有空格,因为这会使header()无用。
<?php
if(isset($_POST['Submit']))
{
$username = $_POST['myusername'];
$password = $_POST['mypassword'];
echo $username;
echo $password;
include "connect.php";
$sql="SELECT * FROM access WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
echo $count;
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
} else {
echo "Wrong Username or Password";
}
}
?>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
人们不断提出的另一件事是SQL Injection。这是您使用mysqli的方法。 (不要忘记你的连接需要使用mysqli)
$query = "SELECT * FROM access WHERE username = ? and password= ?";
if($stmt = $mysqli->prepare($query)){
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
$stmt->store_result();
$count = $stmt->num_rows;
$stmt->free_result();
$stmt->close();
echo $count;
}else die("Failed to prepare!");
将取代此:
$sql="SELECT * FROM access WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
echo $count;