我是php的初学者。我正在尝试制作登录表单(索引1.php(。如果我将其重定向到登录.php在表单标签中使用"操作"属性,它可以正常工作。但我也想对相同的索引形式进行一些验证。因此,我使用标头函数而不是"操作"属性将其重定向到"登录.php"。
无论我是否输入正确的用户名和密码,在执行最后一个登录.php(//该用户不存在(时,它都会给我无效变量"$username"和"$password"的错误。请帮助我知道我的代码出了什么问题,我应该怎么做才能让它在登录.php上运行?
这是索引 1 的代码.php
<!DOCTYPE HTML>
<html>
<head><br>
<style>
.error {color: #FF0000;}
</style>
</head>
<body style="font-family: verdana, sans-serif;";>
<hr />
<div style="width: 77%; height: 300px; padding: 30px; border: 5px solid #e3e3e3; background-color: #F8F8F8 ; color: #000; margin: 100px;" align="center">
<br>
<?php
$username=$password="";
$Err="";
if($_SERVER['REQUEST_METHOD']== "POST")
{
$valid = true;
if ((empty($_POST["username"])) || (empty($_POST["password"])))
{
$Err = "Please Enter your username and password";
$valid = false;
}
else
{
$username = test_input($_POST["username"]);
$password = test_input($_POST["password"]);
}
if($valid)
{
header("location:login.php");
}
}
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<span class="error"><?php echo $Err; ?></span>
<h2>Login</h2>
<form action="menubar.php?page=index1" method="post">
<font size="3">Username:<input type="text" name="username" style="padding: 4px;"/><p>
Password: <input type="password" name="password" style="padding: 4px;"/><p>
<input type="submit" value="Login" style="padding: 4px; width: 5em; height: 1.9em;"/></font>
</form>
<h5> No Account?<a href="menubar.php?page=register">Register!</a></h5>
</div>
</body>
</html>
这是登录代码.php。
<?php
session_start();
$username=$_POST["username"];
$password=$_POST["password"];
$message[]="Fill up both username and password";
$connect=mysql_connect("localhost","root","") or die("Couldnt connect to Database");
mysql_select_db("login") or die("Couldnt find Database");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if($numrows!==0)//username exists in database
{
while($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username==$dbusername&&$password==$dbpassword)//valid username and password
{
$_SESSION['username'] = $username;
header("Location: menubar.php?page=home");
}
else//incorrect password or username
die("incorrect password or username");
}
else//that user doesnt exit
die("that user doesnt exit");//
?>
好的,现在我用了"sqli"代替
这是更新的登录.php代码
<?php
session_start();
$username=$_POST["username"];
$password=$_POST["password"];
$message[]="Fill up both username and password";
$connect=mysqli_connect("localhost","root","") or die("Couldnt connect to Database");
mysqli_select_db($connect,'login') or die("Couldnt find Database");
$query = mysqli_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysqli_num_rows($query);
if($numrows!==0)//username exists in database
{
while($row = mysqli_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username==$dbusername&&$password==$dbpassword)//valid username and password
{
$_SESSION['username'] = $username;
header("Location: menubar.php?page=home");
}
else//incorrect password or username
die("incorrect password or username");
}
else//that user doesnt exit
die("that user doesnt exit");//
?>
现在更新后我没有收到无效变量的错误.但它仍然无法正常进行。无论我是否输入正确的用户名和密码,它都在执行最里面的,即(//有效的用户名和密码(
谢谢。。。。
- 正如已经建议的那样,将所有PHP代码放在任何HTML输出之前
- 您没有使用 header(( 函数传递 POST 变量,您可以使用会话或 POST 到同一页面
所以你的代码将是这样的
<?php
$username=$password="";
$Err="";
if($_SERVER['REQUEST_METHOD']== "POST")
{
$valid = true;
if ((empty($_POST["username"])) || (empty($_POST["password"])))
{
$Err = "Please Enter your username and password";
$valid = false;
}
else
{
$username = test_input($_POST["username"]);
$password = test_input($_POST["password"]);
}
if($valid)
{
include("login.php");
}
}
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<!DOCTYPE HTML>
<html>
<head><br>
<style>
.error {color: #FF0000;}
</style>
</head>
<body style="font-family: verdana, sans-serif;";>
<hr />
<div style="width: 77%; height: 300px; padding: 30px; border: 5px solid #e3e3e3; background-color: #F8F8F8 ; color: #000; margin: 100px;" align="center">
<br>
<span class="error"><?php echo $Err; ?></span>
<h2>Login</h2>
<form action="menubar.php?page=index1" method="post">
<font size="3">Username:<input type="text" name="username" style="padding: 4px;"/><p>
Password: <input type="password" name="password" style="padding: 4px;"/><p>
<input type="submit" value="Login" style="padding: 4px; width: 5em; height: 1.9em;"/></font>
</form>
<h5> No Account?<a href="menubar.php?page=register">Register!</a></h5>
</div>
</body>
</html>
代码中的问题在于 login.php
,$_POST["username"]
并且从未设置过$_POST["password"]
,所以你能做的最好的事情就是不使用header
,只使用require_once
<!DOCTYPE HTML>
<html>
<head><br>
<style>
.error {color: #FF0000;}
</style>
</head>
<body style="font-family: verdana, sans-serif;";>
<hr />
<div style="width: 77%; height: 300px; padding: 30px; border: 5px solid #e3e3e3; background-color: #F8F8F8 ; color: #000; margin: 100px;" align="center">
<br>
<?php
$username=$password="";
$Err="";
if($_SERVER['REQUEST_METHOD']== "POST"){
$valid = true;
if ((empty($_POST["username"])) || (empty($_POST["password"]))){
$Err = "Please Enter your username and password";
$valid = false;
}else{
$username = test_input($_POST["username"]);
$password = test_input($_POST["password"]);
}
if($valid)
{
require_once('login.php');
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<span class="error"><?php echo $Err; ?></span>
<h2>Login</h2>
<form action="menubar.php?page=index1" method="post">
<font size="3">Username:<input type="text" name="username" style="padding: 4px;"/><p>
Password: <input type="password" name="password" style="padding: 4px;"/><p>
<input type="submit" value="Login" style="padding: 4px; width: 5em; height: 1.9em;"/></font>
</form>
<h5> No Account?<a href="menubar.php?page=register">Register!</a></h5>
</div>
</body>
</html>
非常重要的是要注意,在设置标头之前,您应该没有向客户端发送任何输出-
header("Location: menubar.php?page=home");//or login.php
因此,在发送任何数据之前,请验证您的数据并设置标头,如果数据无效,则发送正常数据。
更新:以下是完整的测试代码
索引1.php
<?php session_start();?>
<!DOCTYPE HTML>
<html>
<head><br>
<style>
.error {color: #FF0000;}
</style>
</head>
<body style="font-family: verdana, sans-serif;";>
<hr />
<div style="width: 77%; height: 300px; padding: 30px; border: 5px solid #e3e3e3; background-color: #F8F8F8 ; color: #000; margin: 100px;" align="center">
<br>
<?php if(isset($_SESSION['message'])){ echo "<span class='error'>".$_SESSION['message']."</span>"; $_SESSION['message']=null;}?>
<h2>Login</h2>
<form action="login.php" method="post">
<font size="3">Username:<input type="text" name="username" style="padding: 4px;"/><p>
Password: <input type="password" name="password" style="padding: 4px;"/><p>
<input type="submit" value="Login" style="padding: 4px; width: 5em; height: 1.9em;"/></font>
</form>
<h5> No Account?<a href="menubar.php?page=register">Register!</a></h5>
</div>
</body>
</html>
登录.php
<?php
session_start();
$username=$password="";
$Err="";
if($_SERVER['REQUEST_METHOD']== "POST")
{
$valid = true;
if ((empty($_POST["username"])) || (empty($_POST["password"])))
{
$Err = "Please Enter your username and password";
$valid = false;
}
else
{
$username = test_input($_POST["username"]);
$password = test_input($_POST["password"]);
}
if($valid) {
$valid = false;//reset $valid value to validate for Database test
//$username=$_POST["username"];
//$password=$_POST["password"];
//$message[]="Fill up both username and password";
$connect=mysqli_connect("localhost","root","") or die("Couldnt connect to Database");
mysqli_select_db($connect,'login') or die("Couldnt find Database");
//Note: mysqi_query() returns results of query
$result = mysqli_query($connect, "SELECT * FROM users WHERE username='$username'");//update here pass the $connect parameter
$numrows = mysqli_num_rows($result);//change here
if($numrows!==0)//username exists in database
{
$dbusername = null;//move it up for visibility after while block
$dbpassword = null;
while($row = mysqli_fetch_assoc($result))//Note here pass the result
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username == $dbusername&&$password==$dbpassword)//valid username and password
{
$_SESSION['username'] = $username;
header("Location: menubar.php?page=home");//the landing page
die();
}
else{
//incorrect password or username
$Err = "incorrect password or username";
$valid = false;
}
}
else {
//that user doesnt exit
$Err = "that user doesnt exit";
$valid = false;
}
//header("location:index.php");
}
if(!$valid) {
$_SESSION['message'] = $Err;//Put the message in $_SESSION variable
header("location:index1.php");
}
}
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
菜单栏.php
<?php
session_start();
$page=isset($_GET["page"])?$_GET["page"]:"";
if(isset($page)) {
header("location: ".$page.".php");
} else {
header("location: 404.php");
}
?>
这是因为您有一个输出:
?>
<?php
导致空行输出。
在发送任何实际输出之前,必须通过普通 HTML 标记、文件中的空行或从 PHP 调用 header((
合并所有PHP代码,并确保文件开头没有任何空格。
同样在header('location: index.php');
之后添加exit();
如果您有任何其他脚本在下面。
还要将您的重定向标头移到最后一个 if 之后。