我在使用php的验证脚本上遇到了问题;当用户只填写用户名表单并清空密码时,它仍然会将用户记录在其中,应该向用户显示密码字段为空错误。我是php的新手,希望你能帮助我。谢谢!
这是我检查登录的代码
<?php
$usernameErr = $passwordErr = "";
$username = $password = "";
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST['username']))
{$usernameErr = "Username is required.";}
else
{$username =($_POST['username']);}
if (empty($_POST['password']))
{$passwordErr = "Password is required.";}
else
{$password =($_POST['password']);}
}
?>
<body>
<div id="header" align="center">
<h1>PT. Sumber Urip Alfindo</h1>
</div>
<br/>
<div id="content" align="center">
<form id="login" name="login" method="post" action="checklogin.php">
<table>
<tr>
<td>Username</td>
<td></td>
<td><input name="username" type="text" id="username"><span class="error"><?php echo $usernameErr;?></span></td>
</tr>
<tr>
<td>Password</td>
<td></td>
<td><input name="password" type="password" id="password"><span class="error"><?php echo $passwordErr;?></span></td>
</tr>
<tr>
<td colspan="3" align="center"><input type="submit" name="submit" value="Login"></td>
</tr>
</table>
</form>
<?php
$sql="SELECT * FROM $tbl_name WHERE usrname='$username'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1 && $username="admin")
{
header("location:mainadmin.php");
}
else if($count==1)
{
header("location:main.php");
}
else
{
echo "Wrong username or password";
}
?>
在有人抱怨之前,我不会用mysqli/PDO代替mysql来回答这个问题。是的,使用它是错误的,但它与问题无关
正确的模型:如果(没有错误){将人员登录}其他{做其他事情}。
您的模型:检查错误。无论如何都要让用户登录。
这就是你现在正在做的
// checking stuff
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST['username']))
{$usernameErr = "Username is required.";}
// blah blah check check check
}
// don't bother considering the error, just log them in anyway
$sql="SELECT * FROM $tbl_name WHERE usrname='$username'";
// etc
但你需要做的是:
// check for errors and store them
$errors=array(); // create an empty array to store errors
if (empty($_POST['username'])){
$errors['usernameErr'] = "Username is required."; // add an error
}else{
$username =($_POST['username']);
}
if (empty($_POST['password'])){
$errors['passwordErr'] = "Password is required."; // add an error
}else{
$password =($_POST['password']);
}
// etc etc
// check if there were any errors anywhere along the way
// and if not, proceed with login
if (!count($errors)) { // check there are no errors
$sql="SELECT * FROM $tbl_name WHERE usrname='$username'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
// etc etc
}else{
// if there were errors do something else
echo implode("<br />", $errors); // output the errors however you like
}
尝试启动
<?php
/* validate form first */
if (!empty($_POST['username']))
{ $username = $_POST['username'];
}
else{ echo "Username is required."; }
if (!empty($_POST['password']))
{ $password = $_POST['password'];
}
else{ echo "password is required."; }
/* Do the queries second i.e */
SELECT * FROM Persons WHERE username='' AND password ='';
?>
hi,你应该清楚地描述你的问题,我已经阅读了你的代码并检查了它,当我没有填写密码时,它确实显示了Password is required.一般验证方法如下:
if(empty($_POST['username'])){
$usererror = '...';
return false;
}else{
$username = $_POST['username'];
}
if(empty($_POST['password'])){
$passerror = '...';
return false;
}else{
$password = $_POST['password'];
}
处理错误验证的最佳方法是使用相同的变量,尤其是当您有许多输入表单数据时
$username = $_POST['username'];
$password = $_POST['password'];
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($username == '') {
$error_msg[]= 'Username is required';
} else if ($password == '') {
$error_msg[]= 'Password is required';
}
}
if (!empty($error_msg)) {
$ERROR_MSG = implode($error_msg);
exit;
}