这是PHP中的管理员登录代码,当我运行代码时,它不会加载我想要的页面
头函数的使用方式如下:这是PHP中的管理员登录代码,当我运行代码时,它不会加载我想要的页面,php,Php,头函数的使用方式如下: <?php //start the session mysql_connect("localhost","root",""); @mysql_select_db(fcs) or die("Unable to select Database"); //check if the form has been submitted if(isset($_POST['submit'])){ $msg=""; //VALIDATE form informatio
<?php
//start the session
mysql_connect("localhost","root","");
@mysql_select_db(fcs)
or die("Unable to select Database");
//check if the form has been submitted
if(isset($_POST['submit'])){
$msg="";
//VALIDATE form information
if(empty($_POST['uname'])){
$msg="Please enter your username.";
}
if(empty($_POST['upass'])){
$msg .="Please enter your password.";
}
//check length of password
if(strlen($_POST['upass']) > 6){
$msg .="Invalid password.";
}
if(empty($msg)){
$sql = "SELECT uname,upass FROM administrator WHERE user ='".$_POST['uname']."'";
$sql .= "AND password ='".md5($_POST['password'])."'";
if(!$res = mysql_query($sql)){
$msg.=mysql_error();
}else{
//user exists in system, set the session variables
if (mysql_num_rows($res) == 1) {
while($row = mysql_fetch_assoc($res)){
// the user name and password match,
$_SESSION['uname'] = $row['uname'];
$_SESSION['upass'] = $_POST['upass'];
//Now go to the main page
header('location../admin.php');
}
}else{
$msg = "Your login details did not match";
}//end numrows check
}//end res check
}
}//end submit check
?>
header('Location: ../admin.php');
<?php
//start the session
mysql_connect("localhost","root","");
@mysql_select_db(fcs)
or die("Unable to select Database");
//check if the form has been submitted
if(isset($_POST['submit'])){
$msg="";
//VALIDATE form information
if(empty($_POST['uname'])){
$msg="Please enter your username.";
}
if(empty($_POST['upass'])){
$msg .="Please enter your password.";
}
//check length of password
if(strlen($_POST['upass']) > 6){
$msg .="Invalid password.";
}
if(empty($msg)){
$sql = "SELECT uname,upass FROM administrator WHERE user ='".$_POST['uname']."'";
$sql .= "AND password ='".md5($_POST['password'])."'";
if(!$res = mysql_query($sql)){
$msg.=mysql_error();
}else{
//user exists in system, set the session variables
if (mysql_num_rows($res) == 1) {
while($row = mysql_fetch_assoc($res)){
// the user name and password match,
$_SESSION['uname'] = $row['uname'];
$_SESSION['upass'] = $_POST['upass'];
//Now go to the main page
header('location../admin.php');
}
}else{
$msg = "Your login details did not match";
}//end numrows check
}//end res check
}
}//end submit check
?>
header('Location: ../admin.php');
header函数的使用方式如下:
<?php
//start the session
mysql_connect("localhost","root","");
@mysql_select_db(fcs)
or die("Unable to select Database");
//check if the form has been submitted
if(isset($_POST['submit'])){
$msg="";
//VALIDATE form information
if(empty($_POST['uname'])){
$msg="Please enter your username.";
}
if(empty($_POST['upass'])){
$msg .="Please enter your password.";
}
//check length of password
if(strlen($_POST['upass']) > 6){
$msg .="Invalid password.";
}
if(empty($msg)){
$sql = "SELECT uname,upass FROM administrator WHERE user ='".$_POST['uname']."'";
$sql .= "AND password ='".md5($_POST['password'])."'";
if(!$res = mysql_query($sql)){
$msg.=mysql_error();
}else{
//user exists in system, set the session variables
if (mysql_num_rows($res) == 1) {
while($row = mysql_fetch_assoc($res)){
// the user name and password match,
$_SESSION['uname'] = $row['uname'];
$_SESSION['upass'] = $_POST['upass'];
//Now go to the main page
header('location../admin.php');
}
}else{
$msg = "Your login details did not match";
}//end numrows check
}//end res check
}
}//end submit check
?>
header('Location: ../admin.php');
<?php
//start the session
mysql_connect("localhost","root","");
@mysql_select_db(fcs)
or die("Unable to select Database");
//check if the form has been submitted
if(isset($_POST['submit'])){
$msg="";
//VALIDATE form information
if(empty($_POST['uname'])){
$msg="Please enter your username.";
}
if(empty($_POST['upass'])){
$msg .="Please enter your password.";
}
//check length of password
if(strlen($_POST['upass']) > 6){
$msg .="Invalid password.";
}
if(empty($msg)){
$sql = "SELECT uname,upass FROM administrator WHERE user ='".$_POST['uname']."'";
$sql .= "AND password ='".md5($_POST['password'])."'";
if(!$res = mysql_query($sql)){
$msg.=mysql_error();
}else{
//user exists in system, set the session variables
if (mysql_num_rows($res) == 1) {
while($row = mysql_fetch_assoc($res)){
// the user name and password match,
$_SESSION['uname'] = $row['uname'];
$_SESSION['upass'] = $_POST['upass'];
//Now go to the main page
header('location../admin.php');
}
}else{
$msg = "Your login details did not match";
}//end numrows check
}//end res check
}
}//end submit check
?>
header('Location: ../admin.php');
您的位置标题应为:
Location = "Location" ":" absoluteURI
header('Location: http://www.example.com/admin.php');
会话开始代码应位于需要访问$\u会话变量的每个页面的开头。您的位置标题应为:
Location = "Location" ":" absoluteURI
header('Location: http://www.example.com/admin.php');
会话开始代码应该位于需要访问$\u会话变量的每个页面的开头。消息在哪里,您的问题是什么?为什么重定向到管理页面是一个循环?将未切换的$\u POST变量连接到MySQL查询字符串中是一个巨大的安全问题-。最起码考虑使用PDO和准备好的语句:消息在哪里,你的问题是什么?为什么在循环中重定向到管理页面?将un逃脱$$POST变量连接到MySQL查询字符串是一个巨大的安全问题。至少考虑使用PDO和准备好的语句: