我正在为我的项目编写登录系统的脚本。我认为我在编码方面是正确的,但它给我带来了问题。问题是它不允许我登录并重定向到login.php
页面。以下是代码;PHP登录脚本错误?
<?php
include('./include/connection.php');
$tabName = "adminuser";
$userName = $_POST['userName'];
$password = $_POST['password'];
if(empty($userName)){
header('location: login.php');
exit;
}
$userName = stripslashes($userName);
$password = stripslashes($password);
$userName = mysql_real_escape_string($userName);
$password = md5(mysql_real_escape_string($password));
$sqlQuery = "SELECT * FROM $tabName WHERE userName = '".$userName."'
AND password = '".$password."' LIMIT 1";
$sqlExe = mysql_query($sqlQuery);
$count = mysql_num_rows($sqlExe);
if($count > 0){
header('location: index.php');
$_SESSION['auth'] = 1;
}else{
echo "Wrong Username or Password <br />".
'<a href="login.php">Go back...</a>';
}
?>
这里是"index.php"
页SEESION代码
<?php
session_start();
if(!isset($_SESSION['auth']) or $_SESSION['auth'] != 1){
header('location: login.php');
exit;
}
?>
请纠正我,让我知道我错了。并且请告诉我,我的代码是否是sql注入安全的?
这需要基本的逐步调试,而不是堆栈溢出问题。 –
嗯,是的,这肯定会工作:'$ password = md5(mysql_real_escape_string($ password))''。复制/粘贴编程? – Jon