我正在爲我的項目編寫登錄系統的腳本。我認爲我在編碼方面是正確的,但它給我帶來了問題。問題是它不允許我登錄並重定向到login.php
頁面。以下是代碼;PHP登錄腳本錯誤?
<?php
include('./include/connection.php');
$tabName = "adminuser";
$userName = $_POST['userName'];
$password = $_POST['password'];
if(empty($userName)){
header('location: login.php');
exit;
}
$userName = stripslashes($userName);
$password = stripslashes($password);
$userName = mysql_real_escape_string($userName);
$password = md5(mysql_real_escape_string($password));
$sqlQuery = "SELECT * FROM $tabName WHERE userName = '".$userName."'
AND password = '".$password."' LIMIT 1";
$sqlExe = mysql_query($sqlQuery);
$count = mysql_num_rows($sqlExe);
if($count > 0){
header('location: index.php');
$_SESSION['auth'] = 1;
}else{
echo "Wrong Username or Password <br />".
'<a href="login.php">Go back...</a>';
}
?>
這裏是"index.php"
頁SEESION代碼
<?php
session_start();
if(!isset($_SESSION['auth']) or $_SESSION['auth'] != 1){
header('location: login.php');
exit;
}
?>
請糾正我,讓我知道我錯了。並且請告訴我,我的代碼是否是sql注入安全的?
這需要基本的逐步調試,而不是堆棧溢出問題。 –
嗯,是的,這肯定會工作:'$ password = md5(mysql_real_escape_string($ password))''。複製/粘貼編程? – Jon