这是我的登录页面。我可以登录时,我把相关的用户名和密码,并不能登录,如果他们不匹配。但事情是我仍然有登录权限,当我不输入任何用户名,密码并单击登录按钮。登录页面错误
这是索引页
<html>
<head>
<title>Login</title>
<link rel="stylesheet" type="text/css" href="login.css">
</head>
<body>
<div class="login-page">
<form method="post" class="form" action="login.php">
<input type="text" id="user" name="user" placeholder="username"/>
<input type="password" id="pass" name="pass" placeholder="password"/>
<button type="submit" name="submit" id="btn">login</button>
</form>
</div>
</body>
</html>
这是login.php中
<?php
//get values passe from form in login.php file
$username = $_POST['user'];
$password = $_POST['pass'];
//to prevent sql injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
//connect to the server and select database
mysql_connect("localhost","root","");
mysql_select_db('laboursalary');
//query the database for user
$result = mysql_query("SELECT * FROM login WHERE username= '$username' and password='$password'")
or die("Failed to query database" .mysql_error());
$row = mysql_fetch_array($result);
if ($row['username']==$username && $row['password']==$password) {
header("Location: ../projectdetails/index.php");
} elseif ($row['username']=="" && $row['password']==""){
echo "Failed to login";
} else {
echo "Failed to login";
}
?>
警告mysql_query,mysql_fetch_array,mysql_connect等..扩展名在PHP 5.5.0中被弃用,并且在PHP 7.0.0中被删除。相反,应该使用MySQLi或PDO_MySQL扩展。 – Melchizedek