我目前遇到一个问题,我的网站登录页面直接进入主页,而没有检查存储在数据库中的用户凭据。我用来注册用户的代码工作得很好,但由于某种原因,我无法正常工作。
<?php
session_start();
$dbhost = 'localhost:3036';
$dbuser = 'mredd';
$dbpass = 'csc255pass';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
//mysql_select_db( 'USERS_DB' );
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db("USERS_DB",$conn);
if (!$db_selected)
{
die ("Can''t use test_db : " . mysql_error());
}
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$user = $_POST['username'];
$pass = $_POST['password'];
$sql="SELECT * FROM log_tbl Where username='$user' AND password='$pass'";
$retval = mysql_query( $sql, $conn );
$row = mysql_num_rows($retval);
if ($row == 1)
$_SESSION['user'] = $user;
header("Location: homepage.php");
}
?>
Doh!您陷入了不在If语句中使用括号的陷阱。最后一个区块应该读取
$sql="SELECT * FROM log_tbl Where username='$user' AND password='$pass'";
$retval = mysql_query( $sql, $conn );
$row = mysql_num_rows($retval);
if ($row == 1) { //need this bracket
$_SESSION['user'] = $user;
header("Location: homepage.php");
} //and this one
} // this closes the 'POST' clause
?>
您编写的代码只会在返回行时设置会话,并始终重定向到homepage.php。不带括号的if语句只控制下一个命令。