0
我正在嘗試創建此登錄表單以在同一頁上進行驗證。它應該在登錄驗證後隱藏表單。我一直在測試,但沒有顯示任何錯誤。 當我點擊提交按鈕,它只是刷新頁面。使用isset()方法來驗證登錄表單。 PHP
<table width="800" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td><?php
$DisplayForm = TRUE;
$errors = 0;
if(isset($_POST['loginForm'])){
include("dbconnect.php");
if($DBConnect !== FALSE){
$SQLstring = "SELECT userid, first_name, last_name FROM users WHERE username ='".
$_POST['uname']. "' and password = '".md5($_POST['pass'])."'";
$DisplayForm = FALSE;
$QueryResult = @mysql_query($SQLstring, $DBConnect);
echo mysql_error();
if (mysql_num_rows($QueryResult)=== 0){
echo "<p>The email address/password " .
" combination is not valid.</p>\n";
++$errors;
$DisplayForm = TRUE;
}
else
{
$DisplayForm = FALSE;
}
}
}
if ($DisplayForm)
{?>
<form id="form1" name="loginForm" method="post" action="index.php">
<table width="800" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="93" bgcolor="#DACFAF"><strong> Username:</strong></td>
<td width="149" bgcolor="#DACFAF"><label for="textfield"></label>
<input type="text" name="uname" id="textfield" /></td>
<td width="76" bgcolor="#DACFAF"><strong>Password:</strong></td>
<td width="150" bgcolor="#DACFAF"><label for="textfield2"></label>
<input type="password" name="pass" id="pass" /></td>
<td width="196" bgcolor="#DACFAF"><input type="image" name="login" src="images/login.jpg" /> </td>
<td width="68" bgcolor="#DACFAF"> </td>
<td width="68" bgcolor="#DACFAF"><strong><a href="register.php">Register</a></strong> </td>
</tr>
</table>
</form>
<?php }
else {
$Row = mysql_fetch_assoc($QueryResult);
$userID = $Row['userid'];
$userName = $Row['first_name']. " ". $Row['last_name'];
echo "<p>Welcome back, $userName!</p>\n";
}
?> </td>
</tr>
</table>
1.您已開放SQL注入。 2.停止使用'mysql_'函數 - 它們已被剝奪多年。 3.不要使用'md5()'來輸入密碼 - 它已經被打破了多年。 – h2ooooooo