<body>
<div class="login-card">
<h1>Log-in</h1><br>
<form action="incident-form.php" method="POST">
<input type="text" name="username" placeholder="Username">
<input type="password" name="password" placeholder="Password">
<input type="submit" name="submit" class="login login-submit" value="Login">
</form>
<div class="login-help">
<a href="#">Register</a> <a href="#">Forgot Password</a>
</div>
</div>
</body>
</html>
<?php
$connect = mysql_connect("localhost", "root", "");
mysql_select_db("aid");
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$query = mysql_query("SELECT * FROM users WHERE username='".$username."'");
if (mysql_num_rows($query) > 0){
while($row = mysql_fetch_assoc($query)) {
if ($row = ['password'] == $password){
echo "Successfully logged in!";
}else{
echo "Wrong password";
}
}
}else{
echo "Username not found";
}
}
?>
我在PHP 5.5中使用phpMyAdmin.我的数据库名称是aid,table是用户.表单就在那里,db和table在那里,但它直接进入提交的目标页面而不检查用户.
action首先更改您的代码.
<form action="" method="POST"> <!-- MEANS THAT PAGE WILL SUBMIT ON SELF FIRST -->
你的while循环中的if条件应该是:
if ($row['password'] == $password){
然后使用header()重定向用户,incident-form.php如果登录成功.
header("LOCATION:incident-form.php"); /* PUT THIS INSIDE YOUR IF CONDITION */
至少用于*_real_escape_string()防止SQL注入.
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
但是,仍然使用mysqli_*而不是弃用的 mysql_* API.
| 归档时间: |
|
| 查看次数: |
70 次 |
| 最近记录: |