尝试使用php和MySQL设置一个简单的登录系统后,我被告知MySQL折旧,所以我开始研究mysqli。
我还是PHP的新手并连接到数据库所以我找到了一些在线教程,我能够设置一个有效的简单登录脚本(我使用了本教程http://w3epic.com/php-mysql-login-system-a-super-simple-tutorial/)。我迷失了一部分。
以下是我的登录页面中的代码:
<html>
<head>
<title>User Login Form - PHP MySQL Ligin System | W3Epic.com</title>
</head>
<body>
<h1>User Login Form - PHP MySQL Ligin System | W3Epic.com</h1>
<?php
if (!isset($_POST['submit'])){
?>
<!-- The HTML login form -->
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="submit" value="Login" />
</form>
<?php
} else {
require_once("db-const.php");
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
# check connection
if ($mysqli->connect_errno) {
echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
exit();
}
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * from clients WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1";
$result = $mysqli->query($sql);
if (!$result->num_rows == 1) {
echo "<p>Invalid username/password combination</p>";
} else {
echo "<p>Logged in successfully</p>";
// do stuffs
}
}
?>
</body>
</html>
它有效,我可以登录。
但是,如果用户在数据库中找到匹配项,我想将用户重定向到另一个页面
我的想法是做一些事情:
if (!$result->num_rows == 1) {
echo "<p>Invalid username/password combination</p>";
header( 'Location: http://www.galactek.com/support/offmaint.html' );
} else {
echo "<p>Logged in successfully</p>";
// do stuffs
header("Location:output.php");
}
然而,这会产生错误:
警告:无法修改标题信息 - 已在第38行的/home4/galactek/public_html/test/login.php中发送的标题(在/home4/galactek/public_html/test/login.php:7中开始输出)< / p>
如何成功重定向用户?
答案 0 :(得分:0)
您需要在页面顶部进行密码检查。如果已经将任何内容写入输出(例如PHP之前的HTML和head标记),则不允许更改标题。此外,查找参数化的SQL查询,因为这将有助于防止您当前易受攻击的SQL注入
<?php
header("Location: " . my_url);
<?php
$failed = false;
if (isset($_POST["username"]) && isset($_POST["password"])) {
require_once("db-const.php");
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
# check connection
if ($mysqli->connect_errno) {
echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
exit();
}
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * from clients WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1";
$result = $mysqli->query($sql);
if ($result->num_rows == 1) {
//redirect the user to their account page since they logged in!
header("Location: http://example.com/youraccount");
} else {
$failed = true;
}
}
?>
<html>
<head>
<title>User Login Form - PHP MySQL Ligin System | W3Epic.com</title>
</head>
<body>
<h1>User Login Form - PHP MySQL Ligin System | W3Epic.com</h1>
<!-- The HTML login form -->
<form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="submit" value="Login" />
</form>
<?php
if ($failed) {
echo "<p>Invalid username/password combination</p>";
}
?>