在帐户页面上记录自动增量值(登录系统)

时间:2015-11-02 17:44:03

标签: php html mysql mysqli

所以我正在创建一个登录部分。但是,我不确定它是否真的记录了用户。我有一个包含UserID(A_I),电子邮件,密码和所有常用内容的表。因此,当我登录时,我正在尝试获取并回显帐户页面上的UserID,只是为了显示用户已登录,但仍然没有取得任何成功。

登录表单:

<form method="post" action="">
            <div class="FormElement">
                    <input  name="email" type="text" required="required" class="TField"  placeholder="Email">
            </div>
            <div class="FormElement">
                    <input  type="Password" required="required" class="TField"  placeholder="Password">
            </div>
            <div class="FormElement">
                    <input name="LogIn"  type="submit" class="button" value="LogIn">
            </div>
        </form>

登录php脚本:

    <?php require 'Connections/Connections.php'; ?>
<?php

    if (isset($_POST['LogIn'])){

            $EM = $_POST['email'];
            $PW = $_POST['password'];
            $result = $con->query("select * from user where Email='$EM' AND Password='$PW'");

            $row = $result->fetch_array(MYSQLI_BOTH);
            session_start();
            $_SESSION["UserID"] = $row['UserID'];
            header('Location: Account.php');
    }
 ?>

正如您在脚本中看到的那样,我们将前往Account.php,我基本上是在尝试:

<?php echo $_SESSION["UserID"]; ?>

然而,没有UserID被回应。没有错误,通知或警告。

Connections.php($ con)只是与MYSQLI表的正常连接,它连接得很好。

这里非常新鲜,感谢任何帮助!

提前致谢。

4 个答案:

答案 0 :(得分:0)

您输入的密码中缺少名称字段,应该是:

<input name="password" type="Password" required="required" class="TField"  placeholder="Password" />

另外,请勿忘记关闭所有输入代码,以便/>

结束

作为一方,不要只是将$ _POST数组中的字符串直接传递给查询,您可以通过SQL注入进行包含。使用类似:quote()http://php.net/manual/en/pdo.quote.php

答案 1 :(得分:0)

name属性添加到密码输入。

    <form method="post" action="">
        <div class="FormElement">
                <input  name="email" type="text" required="required" class="TField"  placeholder="Email">
        </div>
        <div class="FormElement">
                <input  type="Password" required="required" name="password" class="TField"  placeholder="Password">
        </div>
        <div class="FormElement">
                <input name="LogIn"  type="submit" class="button" value="LogIn">
        </div>
    </form>

由于您没有提供名称,因此始终返回未定义的索引。它与DB中的密码不匹配。

答案 2 :(得分:0)

在输入表单中你错过name="password"的哎呀也使用单个php标签以便于理解

require_once ('Connections/Connections.php');

if (isset($_POST['LogIn'])) {

    $EM = $_POST['email'];
    $PW = $_POST['password'];
    $result = $con->query("select * from user where Email='$EM' AND Password='$PW'");

    $row = $result->fetch_array(MYSQLI_BOTH);
    if (!empty($row)) {
        session_start();
        $_SESSION["UserID"] = $row['UserID'];
    }
    header('Location: Account.php');
}

答案 3 :(得分:0)

您必须为密码字段添加属性名称。使用预准备语句和PDO也很好。最后,当您重定向页面时,请添加退出方法Why I have to call 'exit' after redirection through header('Location..') in PHP?

<form method="post" action="youraction.php">
    <div class="FormElement">
        <input  name="email" type="text" required="required" class="TField"  placeholder="Email">
    </div>
    <div class="FormElement">
        <input name="password" type="Password" required="required" class="TField"  placeholder="Password">
    </div>
    <div class="FormElement">
        <input name="LogIn"  type="submit" class="button" value="LogIn">
    </div>
</form>

<?php

if (isset($_POST['LogIn'])) {
    session_start();

    try {
        //Make your connection handler to your database
        $conn = new PDO("mysql:host=".$servername.";dbname=".$database, $username, $password, array(PDO::ATTR_ERRMODE => PDO::ERRMODE_WARNING));

        $sql = "SELECT * FROM user WHERE Email = :email AND Password = :password";
        $stmt = $conn->prepare($sql);
        //Execute the query
        $stmt->execute(array(':email'=>$email, ':password'=>$password));
        $row = $stmt->fetch();
        if (count($row) > 0) {
            $_SESSION["UserID"] = $row['UserID'];
            header('Location: Account.php');
            exit();
        }

    } catch(PDOException $e) {
        echo $e->getMessage();
        die();
    }

}
?>
相关问题
最新问题