db_connect文件:
<?php
//connects to the database
$username = "username";
$password = "password";
$hostname = "host";
$database="database";
$link=mysql_connect($hostname, $username, $password) or die("Unable to connect to MySQL".mysql_error());
mysql_select_db($database, $link) or die("Could not select the database".mysql_error());
?>
进程登录文件:
<?php session_start();
include "DB_connect.php";
if( !isset($_SESSION) )
$username=$_POST["UserName"];
$password=$_POST["Password"];
$errormessage = "";
$sql="SELECT * FROM members where UserName='$username' and Password='$password'";
$result = mysql_query($sql, $link) or exit('$sql failed: '.mysql_error());
$num_rows = mysql_num_rows($result);
if($num_rows==0){header("Location:login.php");}
else {
header("Location:MyPage.php");
exit;
}?>
你能帮忙找出错误吗?
我建议?>从代码文件中删除PHP结束标记().解析器不需要它们,并且后面的任何空格字符?>都会导致输出到浏览器,并干扰setcookie()和header()调用.在打开<?php标记之前,确保文件顶部没有空格.我的猜测是你的db_connect文件末尾有空格.
顺便说一句,您有一个明显的SQL注入漏洞,因为您将$_POST变量直接放入查询而不清理它们.你应该做这个:
$sql="SELECT * FROM members where UserName='".
mysql_real_escape_string($username)."' and
Password='".mysql_real_escape_string($password)."'";
| 归档时间: |
|
| 查看次数: |
1334 次 |
| 最近记录: |