我有以下HTML文件,用户将在其中输入用户名和密码,然后单击“提交”按钮。
<form Name ="form1" Method ="POST" ACTION = "userlogin.php" id="form1">
<div id="main_body" class="full-width">
<label>Username:</label>
<input type = "text"
id = "usernameLogin"
name="pat_username">
<label>Password:</label>
<input type = "password"
id = "passwordLogin"
name="pat_password">
<input type="submit" onclick="click_button_login()" value="Login" name="submit" id="submit"/>
</div>
</form>
PHP文件应该连接到我的数据库并检查输入的用户详细信息是否正确。我之前已经测试了数据库连接。用户点击“提交”按钮后,系统会显示以下错误:Cannot POST /http-services/emulator-webserver/ripple/userapp/x/C/xampp/htdocs/xampp/glove_project_php/www/userlogin.php
<?php
if(isset($_POST["submit"])){
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "dbname";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
//Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$newUsername = mysqli_real_escape_string($conn, $_POST['pat_username']);
$newPassword = mysqli_real_escape_string($conn, $_POST['pat_password']);
$result = $conn->query("SELECT * FROM tablename WHERE patient_username ='$newUsername' AND patient_password='$newPassword'");
if (mysqli_num_rows($result)) {
header("Location: mainmenu.html");
}
else
{
header("Location: index.html");
}
$conn->close();
}
?>
是否有一种不同的方法可以调用此PHP文件在模拟器上运行?此代码在localhost上完美运行。
答案 0 :(得分:0)
为什么要检查$ _POST超全局中是否存在$ _POST [“submit”]?我相信您应该检查您发送的变量是否已设置:
变化:
if(isset($_POST["submit"]))
为:
if ((isset($_POST["pat_username"]))&&(isset($_POST["pat_password"])))
如果错误仍然存在,请告诉我。
答案 1 :(得分:0)
Your form, you should working on security and eliminating auto submission, this eliminates auto submission as form contains SESSION_ID() which are unique on web browsing session.
<Form Name ="form1" Method ="POST" ACTION = "userlogin.php" id="form1">
<div id="main_body" class="full-width">
<br>
<br>
<label>Username:</label>
<input type = "text"
id = "usernameLogin"
name="pat_username"> <br>
<br> <label>Password:</label>
<input type = "password"
id = "passwordLogin"
name="pat_password"> <br><button value="<?php echo session_id() ?>" type="submit" name="login_check">Login</button>
</div>
</Form>
//您的登录检查页面,存在很大的安全风险。密码应加密。请使用 SALT , hash / md5 / sha 进行加密。而且对于查询使用sprintf就像这样只是一个例子
##SPRINTF EXAMPLE CODE
//$query = sprintf('SELECT * FROM TABLE WHERE username = "%s" AND password = "%s"',mysql_real_escape_string($username),mysql_real_escape_string($password));
#### EXAMPLE END HERE##
<?php
if(isset($_POST["login_check"]) && $_POST['login_check']==session_id()){
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "dbname";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
//Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$newUsername = mysqli_real_escape_string($conn, $_POST['pat_username']);
$newPassword = mysqli_real_escape_string($conn, $_POST['pat_password']);
$result = $conn->query("SELECT * FROM tablename WHERE patient_username ='$newUsername' AND patient_password='$newPassword'");
if (mysqli_num_rows($result)) {
header("Location: mainmenu.html");
}
else
{
header("Location: index.html");
}
$conn->close();
}
?>