-2
我創建登錄表單與PHP或MySQL,但它有問題。當我登錄並按提交時,我看到一個空白網站。 這是表單處理頁面:
<?php
define('DB_HOST', 'localhost');
define('DB_NAME', 'loginform');
define('DB_USER','user');
define('DB_PASSWORD','pass');
$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
/*
$ID = $_POST['user'];
$Password = $_POST['pass'];
*/
function SignIn()
{
session_start(); //starting the session for user profile page
if(!empty($_POST['user'])) //checking the 'user' name which is from index.html, is it empty or have some text
{
$query = mysql_query("SELECT * FROM UserName where userName = ".$_POST['user']." AND pass = ".$_POST['pass'].") or die(mysql_error());
$row = mysql_fetch_array($query) or die(mysql_error());
if(!empty($row['userName']) AND !empty($row['pass']))
{
$_SESSION["a"] = "a";
$_SESSION['user'] = $_POST['user'];
$_SESSION['userName'] = $row['pass'];
echo "Succesfully login, redirecting to member page.";
header("Location: http://192.168.100.13/member");
}
else
{
echo "Wrong password or Name try again";
}
}
}
if(isset($_POST['submit']))
{
SignIn();
}
if(!isset($_POST['submit']))
{
header("Location: http://192.168.100.13/login");
}
?>
MySQL表看起來像這樣
+------------+----------+------+
| UserNameID | userName | pass |
+------------+----------+------+
| 1 | user | pass |
+------------+----------+------+
我認爲這個問題是在PHP代碼第9行,因爲我與CodingGround運行代碼。
注意的:mysql-LIB被棄用。改用mysqli或PDO。你的腳本也容易受到sql注入的影響。 – AbcAeffchen
什麼是「header」中的「login」(「Location:http://192.168.100.13/login」);?它是一個文件嗎?它是一個目錄嗎?也許「login」需要擴展名如.php,if這是一個目錄,也許它應該有一個名爲「index.php」的文件。 –
你也應該只在數據庫中存儲安全的哈希值,而不是原始密碼。使用php的[password_hash](http://php.net/ manual/en/function.password-hash.php) – AbcAeffchen