0
你好,我有一個問題惠普這個登錄腳本我登錄後,當它必須去鏈接提供它只是送我回來登錄再次,我不明白爲什麼造成時我有一個搜索腳本,而不是現在鏈接它的工作,而不是那麼多。php鏈接刷新錯誤
<html>
<head>
\t <title>User Login Form - PHP MySQL Ligin System | W3Epic.com</title>
</head>
<body>
<h1>User Login Form - PHP MySQL Ligin System | W3Epic.com</h1>
<?php
if (!isset($_POST['submit']) || !isset($_SESSION['username'])){
?>
<!-- The HTML login form -->
\t <form action="<?=$_SERVER['PHP_SELF']?>" method="post">
\t \t Username: <input type="text" name="username" /><br />
\t \t Password: <input type="password" name="password" /><br />
\t \t <input type="submit" name="submit" value="Login" />
\t </form>
<?php
} else {
\t require_once("db_const.php");
\t $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
\t # check connection
\t if ($mysqli->connect_errno) {
\t \t echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
\t \t exit();
\t }
\t $username = $_POST['username'];
\t $password = $_POST['password'];
\t $_SESSION['username'] = $_POST['username'];
\t $sql = "SELECT * from members WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1";
\t $result = $mysqli->query($sql);
\t if (!$result->num_rows == 1) {
\t \t echo "<p>Invalid username/password combination</p>";
\t } else {
\t \t echo "<table align=center><tr>
\t \t <font color=#000000 face=Arial, Helvetica, sans-serif size=+2>
\t \t <td align=center><p>Logged in successfully</p></td></tr>";
\t \t echo "<tr><td align=center><p>welcome!</p></td></tr>";
\t \t echo "<tr><td align=center><p>what wood you like to work whit today ". $username . "!</p></td></tr></table>";
\t \t
\t \t echo "<table align=center><tr><td align=center><a href=adminsearch.php>
\t \t <class\= color=#000000; face=Arial Black, Gadget, sans-seri;style=」text-decoration:none; size=+2>Admin</a></td>";
\t \t
\t \t echo "<td align=center>⇔</td>";
\t \t
\t \t echo "<td align=center><a href=constructionsearch.php>
\t \t <class\= color=#000000; face=Arial Black, Gadget, sans-seri;style=」text-decoration:none; size=+2>Construction</a></td>";
\t \t
\t \t echo "<td align=center>⇔</td>";
\t \t
\t \t echo "<td align=center><a href=drivingsearch.php>
\t \t <class\= color=#000000; face=Arial Black, Gadget, sans-seri;style=」text-decoration:none; size=+2>Driving</a></td>";
\t \t
\t \t echo "<td align=center>⇔</td>";
\t \t
\t \t echo "<td align=center><a href=industrialsearch.php>
\t \t <class\= color=#000000; face=Arial Black, Gadget, sans-seri;style=」text-decoration:none; size=+2>Industrial</a></td></font></table>";
\t \t
\t \t
}
}
?> \t \t
[你的腳本是有風險SQL注入攻擊。](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) –
你真的應該使用PHP的[內置函數](http:///jayblanchard.net/proper_password_hashing_with_PHP.html)至h安全密碼。 –
Jay先生謝謝你讓我知道我的星期安全,但散列文件,我偷了無法理解他們,同時請你幫我解決這個鏈接問題。 –