我试图在用户点击提交时在同一页面上显示我的登录错误。当我在单独的文件上有PHP和HTML代码但我合并两个文件并使用
时,我的代码可以工作<?php echo $_SERVER['PHP_SELF']; ?>
在action属性中,而不是给出文件位置,它只显示
die("Incorrect Username or Password entered");
错误。我完全不知道为什么会这样。
<?php
ob_start();
include ("cn.php");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$date = date("Y-m-d H:i:s");
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM spineless.Users WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$user_info = mysql_fetch_assoc($result)
or die ("Incorrect Username or Password entered");
extract ($user_info);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1)
{
// Register $myusername, $mypassword and redirect to file "joblist.php"
session_register("myusername");
session_register("mypassword");
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;
$_SESSION['userid'] = $User_ID;
$user_record = "INSERT INTO Login_Record (User_ID, Username, Login_Time)
VALUES
('$User_ID','$Username','$date')";
$recordresult = mysql_query($user_record)
or die ("unable to add record");
header("location:../views/joblist.php");
//echo "yes";
}
else
{
echo "Wrong Username or Password";
}
ob_end_flush();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Spineless Classics</title>
<link rel="stylesheet" type="text/css" href="css/stylesheet.css" />
</head>
<body id="loginPage">
<div class="loginContainer">
<div class="loginHolder">
<div class="block">
<div style="text-align:center; padding-bottom: 20px;"><a href="/" title=""><img src="img/spinelessclassics.png" ></a></div>
<!--<div class="login-error">
Please enter your username and password</a> // HIDE AND DISPLAY
</div>-->
<!-- /error_holder -->
<form name="login_form" id="login_form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="myusername" name="myusername" placeholder="Username" class="login-input" mouseev="true" keyev="true" clickev="true" >
<input type="password" name="mypassword" placeholder="Password" class="login-input" mouseev="true" keyev="true" clickev="true">
<button type="submit" name="Submit" class="login-submit">Login</button>
</form>
</div>
</div>
</div>
</body>
</html>
答案 0 :(得分:4)
用以下代码包装整个PHP代码:
if(isset($_POST['Submit']){
//all your PHP code
}
这样做的原因是,当您打开页面时,它会检查尚不存在的POST值(,因为您尚未提交表单)。
isset() 函数检查是否设置了提交的值,然后才应开始处理POST值。
Please, don't use mysql_*
functions in new code。它们不再被维护and are officially deprecated。请参阅red box?转而了解prepared statements,并使用PDO或MySQLi - this article将帮助您确定哪个。如果您选择PDO here is a good tutorial。