編輯
當你應該檢查submit1時,你重新檢查isset中的提交,這就是爲什麼你的代碼沒有在if塊中執行,但是我更新的答案消除了這一點。
末
更新答::
dologin.php
<?php
// here u would move these vars onto a seperate file outside
// the webroot that is readable by the server and "require_once"
// that file.
$dbhost = "localhost";
$dbuser = "mysql_user_name";
// using root is bad only use it for local development but better yet,
//// make a user for the database in question
$password = "password";
$dbname = "registration_form";
// Setup a filter array to sanitize/validate user input.
// look on php.net for more information on filters available
$filters = [
'logemail' => ["ARRAY, OF, FILTERS"],
'logpass' => ["ARRAY, OF, FILTERS"]
];
// NEVER NEVER NEVER access $_POST without filtering it.
$posted = filter_var_array(INPUT_POST, $filters, true);
// check our posted array is not empty, even if its submitted it
// could be empty values.
if (!empty($posted)) {
// I have omitted the $dbname in this procedural example
// and move it after the error No, this is just to avoid
// confusion and limit the number of possible things to go wrong.
$con = mysqli_connect($dbhost, $dbuser, $dbpass);
$username = $posted['logemail'];
$password = $posted['logpass'];
// Check no connection error
if (!mysqli_connect_errno()) {
mysqli_select_db($con, $dbname) or die("Database select error" . mysqli_error());
} else {
die("Failed to connect to MySQL: " . mysqli_connect_error());
}
$qz = "SELECT * FROM regis WHERE email1 = $username AND password3 = $password";
$result = mysqli_query($con, $qz);
if (mysqli_num_rows($result) == 1) {
// initialise the session.
session_start();
// add an entry "loggedin" and set it to true.
$_SESSION['loggedin'] = true;
header('location :index.php');
}
mysqli_close($con);
}
現在,你需要做你的索引頁。
的index.php
<?php
// Start up the session its needed to maintain logins
session_start();
// We don't know that the raw $_SESSION is safe
$session_unsafe = $_SESSION;
// Lets play with some more filtering (php.net)
$session = filter_var($session_unsafe, FILTER_VALIDATE_BOOLEAN);
// add more filtering as required.
// remember the boolean in dologin.php here === makes sure it
// matches the "type" of the variable too because:
// 1 == yes == true
// 0 == no == false
// but === means an exact match of type (integer/string/boolean) as
// well as its value. True === 1 would return false.
if ($session === true) {
// show logged in stuff
} else {
// do your none logged in actions
}
結論:這不是解決這個最好的方法,你可以使用使用庫MySQLi或PDO的OOP方式,實現更清潔更看代碼可管理相同的結果。由於您似乎剛剛從樹上移開,您可能希望查看這兩種方法之一併在繼續之前瞭解這些方法。同時注意保護會話。我給你的例子會讓你的登錄工作,但它不會是安全的,你也不會做很多事情。
所以你的檢查要點:
PHP:面向對象,會話,過濾器這些關鍵點我想看看作爲一個優先事項,然後再繼續。
現在,你會選擇sql查詢,但它不會同時學習它們。所以找到一些用於學習SQL的好資源。
不要使用引號替換。我會說這是你的問題。 http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 – chris85 2015-04-03 02:19:04
你沒有任何代碼重定向,所以它不會重定向。您可能正在尋找標頭,http://php.net/manual/en/function.header.php,但回聲後無法使用。 – Jonathan 2015-04-03 02:19:24
停止並重組,如果可用,'password_hash'用於保存密碼和'password_verify'用於檢查,並且最後使用準備好的語句 – Ghost 2015-04-03 02:23:16