我正在尝试提交表单并检查登录信息,但它不会从A转到B,是否有人可以看到代码有任何问题?
以下是表格部分:
<form action="check_login.php" name="form1" method="post">
<ul data-role="listview" data-inset="true">
<li data-role="list-divider" role="heading" tabindex="0">Member login</li>
<li><input type="text" name="myusername" id="myusername" value="Email" /></li>
<li><input type="password" name="mypassword" id="mypassword" value="Password" /></li>
<li><button type="submit" name="login-submit" id="login-submit" data-icon="arrow-r" data-iconpos="right">LOG ON</button></li>
</ul>
</form>
这是第2部分(检查登录......似乎没有到达。
<?php
$host="localhost"; // Host name
$username="usernamehere"; // Mysql username
$password="passwordhere"; // Mysql password
$db_name="dbnamehere"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or
die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and
password='$mypassword'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
session_register("myusername");
session_register("mypassword");
//header("location:login_success.php");
echo 'login success';
}
else {
echo "Wrong Username or Password";
}
?>
有关代码登录部分的更多信息,请查看此处:
http://devlup.com/programming/php/toa-simple-php-login-form-mysql/200/
有任何问题,请询问。
感谢。
答案 0 :(得分:4)
对于未来的访问者,我认为这是最终解决问题的答案:
相对路径(如表单操作中使用的路径)始终开始查看当前目录。
在原始问题中,表单提交到action="check_login.php"这意味着浏览器会将数据提交到 http://www.domain.tl/wherever/theform/was/check_login.php
如果需要将表单提交到其他位置,则需要指定绝对路径(http://www.domain.tl/handler.php)或者需要了解目录遍历,并指出正确的路径(。 ./../ handler.php)。
你的文件结构是什么?表单html与处理程序php在同一个地方吗?
要明确它应该是/{parent}/form.html和/{parent}/check_login.php。是这样的吗?
你说你没有在$ _POST中获得任何数据。这是否意味着获得TO check_login.php但是没有工作,或根本没有达到它?
在我们获得有关此处发生的事情的更多信息之后,我会更新这个问题以回答您的真实问题,但我想发布此内容以便您确保看到它。
看起来你有一些糟糕的编码习惯,虽然我当然不是专业人士,但我觉得我可以提供一些改进。请参阅下面的修订代码块。
<?php
$host="localhost"; // Host name
$username="usernamehere"; // Mysql username
$password="passwordhere"; // Mysql password
$db_name="dbnamehere"; // Database name
$tbl_name="members"; // Table name
//Ideally, your database information is stored in another file, and you include it here.
//Mostly, it's just so you're not having to change it in multiple places if it changes
//but there could be a small security benefit, too
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or
die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
//What if the $_POST vars don't exist?
//$myusername=$_POST['myusername'];
//$mypassword=$_POST['mypassword'];
//Try:
$myusername = isset($_POST['myusername']) ? $_POST['myusername'] : null;
$mypassword= isset($_POST['mypassword']) ? $_POST['mypassword'] : null;
//then you should check if the variables exist
if( $myusername == null || $myusername == "" || $mypassword == null || $mypassword == "" )
{
echo "You need to fill in both fields.";
}
// To protect MySQL injection (more detail about MySQL injection)
//why are you forcing php to write to that variable twice?
//$myusername = stripslashes($myusername);
//$mypassword = stripslashes($mypassword);
//$myusername = mysql_real_escape_string($myusername);
//$mypassword = mysql_real_escape_string($mypassword);
//Try:
$myusername = mysql_real_escape_string(stripslashes($myusername));
$mypassword = mysql_real_escape_string(stripslashes($mypassword));
//As another person said, you desperately need to store hashed passwords
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
//This is a terrible idea.
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
//from @Jimmy Sawczuk
//This is deprecated, since a while ago.
//session_register("myusername");
//session_register("mypassword");
//Try:
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;
//header("location:login_success.php");
echo 'login success';
}
else {
echo "Wrong Username or Password";
}
?>
在最后的$ _SESSION编辑中,更大的问题是:为什么你要保存这些变量。如果您以后需要在会话中使用密码,那么您的应用安全性就会出错。
答案 1 :(得分:1)
不确定这是否相关,但是按钮元素会导致IE中出现问题:
http://www.sitepoint.com/forums/html-xhtml-52/button-submit-input-submit-better-598656.html
另外,试试
print_r($_POST);
在你做任何其他事情之前,看看你是否得到任何东西。