我正在尝试制作一个php登录脚本。这是代码:
<?php
$mysqli = new mysqli("localhost", "root", "YesPassword213", "staffcenter");
$query = $mysqli->query("SELECT * FROM members where username = '$_POST[user]' AND password = '$_POST[pass]'");
function SignIn() {
session_start();
if(!empty($_POST['user'])) {
$row = $query->fetch_assoc();
if(!empty($row['username']) AND !empty($row['password'])) {
$row['username'] = $_SESSION['username'];
$row['password'] = $_SESSION['password'];
$row['admin'] = $_SESSION['admin'];
echo '<meta http-equiv="refresh" content="0; url=areaprivata.php" />';
}
else echo "Password errata!";
}
}
if(isset($_POST['submit'])) {
SignIn();
} ?>
我不知道这段代码有什么问题,也许是一些我看不到的语法错误。你能帮我么?我尝试了一切,但没有任何工作。
答案 0 :(得分:2)
看起来你的作业是错误的:
$row['username'] = $_SESSION['username'];
$row['password'] = $_SESSION['password'];
$row['admin'] = $_SESSION['admin'];
应该是
$_SESSION['username'] = $row['username'];
$_SESSION['password'] = $row['password'];
$_SESSION['admin'] = $row['admin'];
正如弗雷德所说,看看sql注入!