即时创建一个登录页面,这是有不同的多用户可以登录,如学生,经理和东西..当我试图运行我的代码,它显示空白页,可以任何人都可以帮我的代码?低于PHP和mysqli的代码 即时通讯新显示我的数据库 enter image description here在不同的用户使用php和mysql多登录
<?php
require('db.php');
session_start();
// If form submitted, insert values into the database.
if (isset($_POST['username'])){
$username = stripslashes($_REQUEST['username']); // removes backslashes
$username = mysqli_real_escape_string($con,$username); //escapes special characters in a string
$password = stripslashes($_REQUEST['password']);
$password = mysqli_real_escape_string($con,$password);
//Checking is user existing in the database or not
$query = "SELECT * FROM `users` WHERE username='$username' and password='".md5($password)."'";
$result = mysqli_query($con,$query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if($rows==1)
{
if($rows ['level'] == "student")
{
header("localtion: student.php");
}
elseif($rows ['level'] == "manager")
{
header("location: manager.php");
}
}
else
{
echo "wrong Username or Password";
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Login</title>
<link rel="stylesheet" href="css2/style.css" />
</head>
<body>
<div class="form">
<h1>Log In</h1>
<form action="" method="post" name="login">
<input type="text" name="username" placeholder="Username" required />
<input type="password" name="password" placeholder="Password" required />
<input name="submit" type="submit" value="Login" />
</form>
<p>Not registered yet? <a href='registration.php'>Register Here</a></p>
</div>
<?php } ?>
</body>
</html>
除了这个问题,你必须有一个又一个..这是现在怎么样'mysqli_ *'应该是使用.. –
注意,查看'password_hash()'/'password_verify()','md5()'不足以进行密码验证。另外,你应该在重定向之后放置'exit;'。 – Rasclatt
@ S.I。可能是指使用参数化查询。 [这个问题的答案](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)解释他们。 – Terminus