PHP脚本未在Apache服务器上执行

时间:2017-12-10 23:42:58

标签: php mysql apache

我有这个登录系统。当使用错误的凭据登录时,表单会显示但直接指向index.php。没有错误信息......没有。有谁知道为什么会这样?

继承我的代码:

<?php
session_start();

if(isset($_POST['login'])) {
    include_once("db.php");
    $username = strip_tags($_POST['username']);
    $password = strip_tags($_POST['password']);

    $username = stripslashes($username);
    $password = stripslashes($password);

    $username = mysqli_real_escape_string($db, $username);
    $password = mysqli_real_escape_string($db, $password);

    $password = md5($password);

    $sql = "SELECT * FROM users WHERE username='$username' LIMIT 1";
    $query = mysqli_query($db, $sql);
    $row = mysqli_fetch_array($query);
    $id = $row['id'];
    $db_password = $row['password'];

    if($password == $db_password) {
        $_SESSION['username'] = $username;
        $_SESSION['id'] = $id;
        header("Location: index.php");
    } else {
        echo "You didn't enter the correct details!";
    }

}
?>

<html>
<head>
<title>Login</title>
</head>
<body>
<h1 style="font-family:         Tahoma;">Login</h1>
<form action="index.php" method="post" enctype="multipart/form-data">
    <input placeholder="Username" name="username" type="text" autofocus>
    <input placeholder="Password" name="password" type="password">
    <input name="login" type="submit" value="Login">
</form>

1 个答案:

答案 0 :(得分:0)

这个表格是你的index.php页面吗?表单操作是index.php,因此它会发布到索引页面,并且永远不会在POST上运行您的代码。从表单元素中删除action="index.php",以便它发布到当前脚本。我认为这是不同的,因为你在成功登录时进行301重定向。

一些建议是在重定向中的头函数之后抛出exit()。此外,您可以为表单错误设置一个变量,并将其与您的标记一起放入。这是一个更新的脚本:

<?php
session_start();

if(isset($_POST['login'])) {
    include_once("db.php");
    $username = strip_tags($_POST['username']);
    $password = strip_tags($_POST['password']);

    $username = stripslashes($username);
    $password = stripslashes($password);

    $username = mysqli_real_escape_string($db, $username);
    $password = mysqli_real_escape_string($db, $password);

    $password = md5($password);

    $sql = "SELECT * FROM users WHERE username='$username' LIMIT 1";
    $query = mysqli_query($db, $sql);
    $row = mysqli_fetch_array($query);
    $id = $row['id'];
    $db_password = $row['password'];

    if($password == $db_password) {
        $_SESSION['username'] = $username;
        $_SESSION['id'] = $id;
        header("Location: index.php");
        exit();
    } else {
        $error = "You didn't enter the correct details!";
    }

}
?>

<html>
<head>
    <title>Login</title>
</head>
<body>
<h1 style="font-family: Tahoma;">Login</h1>
<?php if (!empty($error)) echo '<div class="login-error">' . $error . '</div>'; ?>
<form method="post" enctype="multipart/form-data">
    <input placeholder="Username" name="username" type="text" autofocus>
    <input placeholder="Password" name="password" type="password">
    <input name="login" type="submit" value="Login">
</form>

希望有所帮助!

我还建议使用MySQLi上的PDO驱动程序。这确实有助于防止SQL注入,特别是如果您正在学习并计划部署到生产环境中。

http://php.net/manual/en/ref.pdo-mysql.php

相关问题
最新问题