登录没有发生,我正在返回同一页面。当我提供正确的详细信息时,我将再次返回登录状态,当我提供错误的详细信息时,我收到无效电子邮件或密码的消息。
<?php
$con=mysqli_connect("","","","");
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$email=addslashes($_POST['email']);
$password=addslashes($_POST['password']);
$sql="SELECT id FROM register WHERE email='$email' and password='$password'";
$result=mysqli_query($con,$sql);
$row=mysqli_fetch_array($result);
$active=$row['active'];
$count=mysqli_num_rows($result);
echo "$count";
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1)
{
echo "hi";
session_register("email");
$_SESSION['login_user']=$email;
header("location: welcome.php");
}
else
{
$error="Your email or Password is invalid";
echo "$error";
}
}
?>
<form action="" method="post">
<label>Email :</label>
<input type="email" name="email"/><br />
<label>Password :</label>
<input type="password" name="password"/><br/>
<input type="submit" value=" Submit "/><br />
</form>
答案 0 :(得分:0)
The PHP directive magic_quotes_gpc was on by default before PHP 5.4, and it essentially ran addslashes() on all GET, POST, and COOKIE data. Do not use addslashes() on strings that have already been escaped with magic_quotes_gpc as you'll then do double escaping.
所以这些输入现在被双重转义。您可以调用函数get_magic_quotes_gpc()来查找当前设置的内容并确切知道。