1. 首頁
  2. 問答
  3. 無限重定向循環+ php不回顯變量

無限重定向循環+ php不回顯變量

2017-08-01 58 views
0

我創建了一個登錄系統,登錄後用戶將被重定向到profile.php。在profile.php頁面,標題會說Welcome [username]無限重定向循環+ php不回顯變量

session.php文件:

$connection = mysqli_connect("localhost", "root", ""); 
$db = mysqli_select_db($connection, "id2290767_wp"); 

session_start(); 
$user_check = isset($_SESSION['login_user']); 

$ses_sql = mysqli_query($connection, "select name from login where name='$user_check'"); 
$row = mysqli_fetch_assoc($ses_sql); 
$login_session = $row['name']; 
if(!empty($login_session)) { 
    mysqli_close($connection); 
    header('Location: members.php'); 
}

profile.php(一個與問候)

<?php 
include('session.php'); 

if(!isset($_SESSION['login_user'])){ 
    header("location: profile.php"); 
} 
?> 

<h1>Welcome <i><?php echo $login_session; ?></h1>

的signin.php的登錄鏈接form.php:

session_start(); // Starting Session 
$error = ''; // Variable To Store Error Message 
if(isset($_POST['submit'])) { 
    if(empty($_POST['username']) || empty($_POST['password'])) { 
     $error = "Username or Password is invalid"; 
    } else { 
     // Define $username and $password 
     $username = $_POST['username']; 
     $password = $_POST['password']; 
     // Establishing Connection with Server by passing server_name, user_id and password as a parameter 
     $connection = mysqli_connect("localhost", "root", ""); 
     // To protect MySQL injection for Security purpose 
     $username = stripslashes($username); 
     $password = stripslashes($password); 
     $username = mysqli_real_escape_string($connection, $username); 
     $password = mysqli_real_escape_string($connection, $password); 
     // Selecting Database 
     $db = mysqli_select_db($connection, "id2290767_wp"); 
     // SQL query to fetch information of registerd users and finds user match. 
     $query = mysqli_query($connection, "select * from login where password='$password' AND name='$username'"); 
     $rows = mysqli_num_rows($query); 
     if($rows == 1) { 
      $_SESSION['login_user'] = $username; // Initializing Session 
      header("location: profile.php"); // Redirecting To Other Page 
     } else { 
      $error = "Username or Password is invalid"; 
     } 
     mysqli_close($connection); // Closing Connection 
    } 
}

members.php:

<?php 
include('signin.php'); // Includes Login Script 

if(isset($_SESSION['login_user'])){ 
    header("location: profile.php"); 
}

但是我在PHP頁面中沒有找到任何文本。它只是說「歡迎」。

我做錯了什麼?

編輯:獲得無限循環改變

$user_check = isset($_SESSION['login_user']); 


$user_check=isset($_SESSION['login_user']) ? $_SESSION['login_user'] : "";

來源

2017-08-01 The ZZ Gamerz

+0

[小博](http://bobby-tables.com/)說** [你的腳本是在對SQL注入攻擊的風險( http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)**。瞭解[MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)的[Prepared Statements](準備語句)(http://en.wikipedia.org/wiki/Prepared_statement)。即使** [轉義字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)**是不安全的! – GrumpyCrouton

+0

你的歡迎頁面是'members.php'?我對嗎? –

+0

不,歡迎頁面在profile.php,memebrs.php有登錄表單並且重定向到profile.php,如果會話 –

回答

2

isset()功能用於檢查變量是否被設定或沒有。

變化

$user_check=isset($_SESSION['login_user']); 


$user_check=isset($_SESSION['login_user']) ? $_SESSION['login_user'] : "";

來源

2017-08-01 14:39:41

+0

我想提到的問題是,OP將'$ user_check'設置爲true/false,因爲從答案中不太清楚一個新手開發者) – GrumpyCrouton

+0

我認爲它應該可以工作,但是我現在卡在一個無限重定向循環中, –

+0

它會工作無限重定向循環是因爲太多'檢查會話條件'根據你給定的代碼,這是但是,你需要提供更多的細節,所以我們可以理解這些功能,並且可以給出一些建議@TheZZGamerz –

相關問題

 相關問題