PHP脚本不适用于登录表单
问题描述:
I have made one login form using session variables. This login form is index.php and this form action is redirecting it to a validate.php page before he proceeds further. Vaidate.php code contains this
<?php
session_start(); // Initialize session
include('config.php'); // Include database connection settings
$sql= mysql_query("select * from users where (username= '". mysql_real_escape_string($_post['uname'])."') and (password='".mysql_real_escape_string($_post['pass'])."')"); // Retrieve username and password from database according to user's input
// check if the username and password exists
if(mysql_num_rows($sql)==1)
{
// store the USERNAME in SESSION VARIABLE
$_SESSION['name'] = $_POST['uname'];
// and then JUMP to WELCOME page
header('Location:welcome.php');
}
else
{
// Jump to login page
//echo "<script type='javascript'>{alert('Username Or Password Incorrect')
// return false;
// }
header('Location:index.php');
}
?>
and index.php contains below code
<?php
session_start(); // function to start the session
if (isset($_SESSION['name'])) // Check, if user is already login, then jump to Welcome page
{
header('Location: welcome.php');
}
?>
</head>
<title>Login</title>
<body>
<form action="validate.php" method="post" name="log"/>
<h3 align="center" style="margin-top:40px">User Login</h3>
<table border="1" cellpadding="3" cellspacing="0" width="40%" align="center" style="margin-top:60px">
<tr>
<td>User Name</td>
<td >
<input type="text" name="uname"/>
</td>
</tr>
<tr>
<td>Password</td>
<td>
<input type="password" name="pass"/>
</td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Submit">
<input type="reset" value="Clear ">
</td>
</tr>
</table>
</body>
</html>
This problem is that it is redirecting to index.php even if the username password is right. I'm not able to figure out what I'm missing in this case. Code seems to be right.
答
$_post['pass'] and $_post['uname'] are undefined. Use $_POST['pass']
and $_POST['uname']
.
答
$_POST must be capital. Besides, i recommend to store the $_POST['uname'] in a variable first, then use it in the query.