我很擅长使用php和MySQL创建登录脚本,并希望得到一些帮助。我已经掌握了实际检查输入的信息是否正确并且我已使会话正常工作的基础知识。但是,我无法让用户的信息从他/她的行中提取并显示在会员页面上。我是否需要执行另一个查询并在此页面中添加while循环来收集信息?以下是脚本:
的login.php
$p_num = "";
$pwd = "";
$errors = "";
$num_rows = 0;
$user_id = "";
$user_name = "";
$password = "";
$image = "";
$user_email = "";
$program = "";
if($_SERVER["REQUEST_METHOD"] == "POST"){
include("database.php");
$p_num = $_POST["username"];
$pwd = $_POST["password"];
$query = "SELECT * FROM $user_table WHERE user_id = '$p_num' AND password = '$pwd'";
$result = mysqli_query($connect, $query);
$num_rows = mysqli_num_rows($result);
if($result){
echo "There is/are " .$num_rows ." set(s) in the database with this info.<br>";
if($num_rows > 0){
session_start();
$_SESSION["login"] = 1;
header("Location: ../pages/instructor.php");
}
else{
echo "Unable to login";
}
}
}
instructor.php
<!DOCTYPE html>
<?php
include("../php/login.php");
include("../php/database.php");
?>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title></title>
<link href="../css/style.css" rel="stylesheet/less" type="text/css">
<script src="../js/jquery.2.0.3.js"></script>
<script src="../js/script.js"></script>
<script src="../js/less-1.7.4.min.js"></script>
</head>
<body>
<div id="page">
<header>
<div id="logo" class="logo_bg"></div>
<div id="fsi_logo" class="logo_bg"></div>
</header>
<div id="main">
<?php
session_start();
if(isset($_SESSION["login"])){
echo "Hello";
}
?>
<div id="bleg">
<h1><a href="../pages/create_scenario.html">BUILD SCENARIO</a></h1>
<h1><a href="#">SEARCH SCENARIOS</a></h1>
<h1><a href="#">VIEW SCENARIOS</a></h1>
</div>
</div>
<footer>Copyright© 2014 FlightSafety International</footer>
</div>
</body>
</html>
database.php中
$db = "spartan";
$host = "localhost";
$user = "root";
$password = "";
$connect = mysqli_connect($host, $user, $password) or die(mysqli_error($connect));
$user_table = "users";
$user_info = "user_info";
$create_db_spartan = "CREATE DATABASE IF NOT EXISTS $db";
$create_table_users = "CREATE TABLE IF NOT EXISTS $user_table(user_id VARCHAR(10) NOT NULL, user_name VARCHAR(100), password VARCHAR(16), PRIMARY KEY(user_id))";
$create_table_users_info = "CREATE TABLE IF NOT EXISTS $user_info(user_id VARCHAR(10) NOT NULL, user_name VARCHAR(100), email VARCHAR(50), program VARCHAR(4), PRIMARY KEY(user_name))";
mysqli_query($connect, $create_db_spartan) or die(mysqli_error($connect));
mysqli_select_db($connect, $db) or die(mysqli_error($connect));
mysqli_query($connect, $create_table_users) or die(mysqli_error($connect));
mysqli_query($connect, $create_table_users_info) or die(mysqli_error($connect));
就像一个FYI,我现在不关心SQL注入,这不是已发布的内容,而是内部网络上的内容。提前谢谢。
答案 0 :(得分:1)
在两个脚本中,在将数据发送到浏览器后发出session_start()。这意味着设置标头的机会已经过去,因此无法设置会话cookie。因此,会议将无法运作。
在这两种情况下,请将此命令放在脚本的顶部,或者至少在打开DOCTYPE之前。然后你的会话应该开始工作。
同样,在输出发送之前需要使用header('Location: X'),否则重定向将无效。但是,这会出现在echo和DOCTYPE的输出之后。删除echo,然后编辑instructor.php文件的开头:
<?php
include("../php/login.php");
include("../php/database.php");
?>
<!DOCTYPE html>
在加载文件和初始化完成之前,DOCTYPE的输出不应该发生。如果有任何cookie /会话/重定向要做,可以在这里完成。
所有这些标题已经发送过&#39;问题应该引发警告。如果您在开发环境中没有看到这一点,则可能会禁用屏幕上的错误 - 请确保它们已打开。