Hi All Nightowls在那里:),
我需要根据我的数据库表(名为regdata)验证登录页面上提供的用户名和密码。验证成功后,用户将被带到/countdown_clock/countdown.html。当我运行页面时,我没有被带到指定的countdown.html,但同一页面刷新,并且/authlogin.php被添加到URL的末尾。有人可以建议如何补救以下代码吗?
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
$Database = array(
"Host" => 'myhost',
"User" => 'myuser',
"Password" => 'mypass',
"Name" => 'mydb'
);
$mysqli = new mysqli($Database['Host'], $Database['User'], $Database['Password'], $Database['Name']);
if ($mysqli->connect_error)
{
?><span class="error">Connect Error (<?php echo $mysqli->connect_errno; ?>) <?php echo $mysqli->connect_error; ?></span><?php
exit();
}
$result = mysqli->prepare("SELECT username, password from regdata where username = $_POST['user_name'] and password = $_POST['password']");
if ($result && 0)
{
$result->execute();
$result->close();
header("Location: http://www.mydomain.com/countdown_clock/countdown.html");
}
else
{
$_SESSION['error'] = "Sorry, we cannot process your login at this time. Please try back later.";
header("Location: http://www.mydomain.com/");
}
?>
我的login.php调用authlogin.php,如下所示:
<form id="form1" name="form1" method="post" action="authlogin.php">
<input type="submit" class="form_login" alt="Login" value="" /></p></form>
谢谢, SID
编辑:修订声明
$result = mysqli->prepare("SELECT username, password from regdata where username = '" . $_POST['email_address'] . "' and password = '" . $_POST['password']."'
");
这是正确的方法吗?
答案 0 :(得分:1)
如果表单在您要使用的同一页面上,那么:
if (!empty($_POST)) {
// code
}
在执行PHP的其余部分之前。
此外,您可能会收到错误但未在PHP配置中打开display_errors。
除此之外,您的查询将无效,您只能引用字段值,也无法正确转义输入。