PHP/HTML可以';提交表单后是否不能跳转到另一个.php页面?
在一个简单的login.php中点击“登录”后,它输出一个“未找到对象”,并具有链接“localhost/post?username=asd&password=asd&Submit=log+in”。有人能帮我找出哪里不对劲吗 下面是对初始页面login.php的编码PHP/HTML可以';提交表单后是否不能跳转到另一个.php页面?,php,html,Php,Html,在一个简单的login.php中点击“登录”后,它输出一个“未找到对象”,并具有链接“localhost/post?username=asd&password=asd&Submit=log+in”。有人能帮我找出哪里不对劲吗 下面是对初始页面login.php的编码 <!DOCTYPE html> <html> <?php $error=""; //sets the error var to empty?> <head></head>
<!DOCTYPE html>
<html>
<?php $error=""; //sets the error var to empty?>
<head></head>
<body>
<form name="form1" method="check_login.php" action="post">
Username <input name="username" type="text" id = "username" placeholder="Username">
<br><br>
Password <input name="password" type="password" id = "password" placeholder="********">
<br><br>
<input name="Submit" type="submit" value="Log In">
<br><br>
</form>
</body>
</html>
用户名
暗语
下面是check_login.php
<!DOCTYPE html>
<html>
<?php $error=""; //sets the error var to empty?>
<head></head>
<body>
<form name="form1" method="check_login.php" action="post">
Username <input name="username" type="text" id = "username" placeholder="Username">
<br><br>
Password <input name="password" type="password" id = "password" placeholder="********">
<br><br>
<input name="Submit" type="submit" value="Log In">
<br><br>
</form>
</body>
</html>
<?php
//sets the host/username/password/database name into variables
$host = "localhost";
$user = "root";
$pass = "enterpasshere";
$myDB = "abc";
$error = "";
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
$username = $_POST['username']; //gets the username input
$password = $_POST['password']; //gets the password input
$connection = mysql_connect($host, $user, $pass); //connects to the database
mysql_select_db($myDB); //selects the database
$result = mysql_num_rows(mysql_query("SELECT * FROM user WHERE username='$username' AND password='$password'")); //performs the query and gets the number of rows
if($result == 1){ //if the query was right
header("location: home.php");//Redirecting to other page
} else {
$error = "Wrong username or password";
}
mysql_close(); //Make sure to close out the database connection
}
?>
您的操作和方法是反向的。方法是post或get,操作是指向控制器的路径
<form name="form1" method="check_login.php" action="post">
应该是:
<form name="form1" action="check_login.php" method="post">
您获得localhost/post?username=asd&password=asd&Submit=Log+In
,因为表单提交到post
,并假设get
,因为方法无效,因此将表单值附加到URL的查询字符串中。您的操作和方法是向后的。方法是post或get,操作是指向控制器的路径。危险:您正在使用并且应该使用。你也容易受到现代API的攻击,因为它会让你更容易使用。你正在使用并且需要修改你用户的密码。我只是在编写基本登录页面的代码。如中所示,我只对检查user/pass是否无效进行了编码。我将在实际工作后编写安全部分的代码。但是感谢您提供的额外资源,我将尽快更改mysql。谢谢。我没注意到。