登录页面中的Php会话和post问题
好的,我们这里有一些基本的HTML登录页面中的Php会话和post问题,php,html,mysql,session,Php,Html,Mysql,Session,好的,我们这里有一些基本的HTML <form action="main_login.php" method="post" style="text-align:right;"> Username: <input type="text" name="username" value="" size=20 style="display:inline-block;margin-left:10px"required> <br>
<form action="main_login.php" method="post" style="text-align:right;">
Username:
<input type="text" name="username" value="" size=20 style="display:inline-block;margin-left:10px"required>
<br>
Password:
<input type="password" name="password" value="" size=20 style="margin-left:12px"required>
<br>
<input type="submit" value="Log In" style="margin-left:75px"=>
</form>
MySQL\u real\u escape\u string()name=“myusername”name=“myusername”name=“username”name=“mypassword”name=“password”$myusername=$_POST["username"];
$mypassword=$_POST["password"];
在
之前还有空格。登录页面的会话可能会出现问题,因为您在浏览器中打开的url不是唯一的。例如,假设您正在为您的网站创建登录页面,并且您已成功创建会话。现在,如果您是从url登录,那么您的会话仅限于此url。如果您再次打开上述url,如(注意www.in两个url),则您将看到您未登录。
因此,请确保您的网页始终以单一url类型打开。无论是有www.还是没有www.您都可以混合使用mysqli函数和mysql函数。不推荐使用mysql对您进行分组消毒,以减少混淆。例如$username=stripslashes(mysqli_real_escape_string($_POST['username']);你的头已经发送了错误吗?这里转义并不重要…@vp\u arth我知道,但他正在使用它,所以我只是说在清理输入时对所有函数进行分组,所以我对他使用的所有函数进行分组。@vp\u arth你是什么意思?@Fred ii-我做了你所说的所有更改,但输出是相同的。我收到通知:未定义索引:用户名通知:未定义索引:密码您可能想补充一点,使用纯文本密码并将其存储在会话变量中不是最好的主意:-)@jeroen好主意谢谢,我会在清除OP的未定义索引后立即开始讨论。在这样一个有建设性的答案后只需进行一次投票+1您的第一个代码语句中没有任何问题。你写的两个都会做同样的工作。
<?php
session_start();
if ( isset( $_SESSION['username'] ) ){
header("location:main_login.php");
}
?>
<html>
<body>
Login Successful
</body>
</html>
$myusername=$_POST["username"];
$mypassword=$_POST["password"];
$myusername=$_POST["username"];
$mypassword=$_POST["password"];
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$myusername = mysqli_real_escape_string($con,$myusername);
$mypassword = mysqli_real_escape_string($con,$mypassword);
$myusername = mysqli_real_escape_string($con,$_POST['username']);
$mypassword = mysqli_real_escape_string($con,$_POST['password']);
header("location:login_success.php");
exit;
$myusername=$_POST["username"];
$mypassword=$_POST["password"];
echo $myusername . "<br>";
echo $mypassword . "<br>";
$myusername = stripslashes($_POST["username"]);
$mypassword = stripslashes($_POST["password"]);
$myusername = mysqli_real_escape_string($con,$_POST['username']);
$mypassword = mysqli_real_escape_string($con,$_POST['password']);
<form action="main_login.php" method="post" style="text-align:right;">
Username:
<input type="text" name="username" value="" size=20 style="display:inline-block;margin-left:10px"required>
<br>
Password:
<input type="text" name="password" value="" size=20 style="margin-left:12px"required>
<br>
<input type="submit" value="Log In" style="margin-left:75px"=>
</form>
<?php
$DB_HOST = 'xxx';
$DB_USER = 'xxx';
$DB_PASS = 'xxx';
$DB_NAME = 'xxx';
$conn = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($conn->connect_errno > 0) {
die('Connection failed [' . $conn->connect_error . ']');
}
$myusername = stripslashes($_POST["username"]);
$mypassword = stripslashes($_POST["password"]);
$myusername = mysqli_real_escape_string($conn,$_POST['username']);
$mypassword = mysqli_real_escape_string($conn,$_POST['password']);
echo $myusername; // echos
echo "<br>";
echo $mypassword; // echos
$sql="SELECT * FROM register WHERE username='$myusername' and password='$mypassword'";
$result=mysqli_query($conn,$sql);
$count=mysqli_num_rows($result);
if($count==1){
echo "Yep";
}
else{
echo "nope";
}
<?php
session_start();
<?php session_start();