编辑
当你应该检查submit1时,你重新检查isset中的提交,这就是为什么你的代码没有在if块中执行,但是我更新的答案消除了这一点。
末
更新答::
dologin.php
<?php
// here u would move these vars onto a seperate file outside
// the webroot that is readable by the server and "require_once"
// that file.
$dbhost = "localhost";
$dbuser = "mysql_user_name";
// using root is bad only use it for local development but better yet,
//// make a user for the database in question
$password = "password";
$dbname = "registration_form";
// Setup a filter array to sanitize/validate user input.
// look on php.net for more information on filters available
$filters = [
'logemail' => ["ARRAY, OF, FILTERS"],
'logpass' => ["ARRAY, OF, FILTERS"]
];
// NEVER NEVER NEVER access $_POST without filtering it.
$posted = filter_var_array(INPUT_POST, $filters, true);
// check our posted array is not empty, even if its submitted it
// could be empty values.
if (!empty($posted)) {
// I have omitted the $dbname in this procedural example
// and move it after the error No, this is just to avoid
// confusion and limit the number of possible things to go wrong.
$con = mysqli_connect($dbhost, $dbuser, $dbpass);
$username = $posted['logemail'];
$password = $posted['logpass'];
// Check no connection error
if (!mysqli_connect_errno()) {
mysqli_select_db($con, $dbname) or die("Database select error" . mysqli_error());
} else {
die("Failed to connect to MySQL: " . mysqli_connect_error());
}
$qz = "SELECT * FROM regis WHERE email1 = $username AND password3 = $password";
$result = mysqli_query($con, $qz);
if (mysqli_num_rows($result) == 1) {
// initialise the session.
session_start();
// add an entry "loggedin" and set it to true.
$_SESSION['loggedin'] = true;
header('location :index.php');
}
mysqli_close($con);
}
现在,你需要做你的索引页。
的index.php
<?php
// Start up the session its needed to maintain logins
session_start();
// We don't know that the raw $_SESSION is safe
$session_unsafe = $_SESSION;
// Lets play with some more filtering (php.net)
$session = filter_var($session_unsafe, FILTER_VALIDATE_BOOLEAN);
// add more filtering as required.
// remember the boolean in dologin.php here === makes sure it
// matches the "type" of the variable too because:
// 1 == yes == true
// 0 == no == false
// but === means an exact match of type (integer/string/boolean) as
// well as its value. True === 1 would return false.
if ($session === true) {
// show logged in stuff
} else {
// do your none logged in actions
}
结论:这不是解决这个最好的方法,你可以使用使用库MySQLi或PDO的OOP方式,实现更清洁更看代码可管理相同的结果。由于您似乎刚刚从树上移开,您可能希望查看这两种方法之一并在继续之前了解这些方法。同时注意保护会话。我给你的例子会让你的登录工作,但它不会是安全的,你也不会做很多事情。
所以你的检查要点:
PHP:面向对象,会话,过滤器这些关键点我想看看作为一个优先事项,然后再继续。
现在,你会选择sql查询,但它不会同时学习它们。所以找到一些用于学习SQL的好资源。
不要使用引号替换。我会说这是你的问题。 http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 – chris85 2015-04-03 02:19:04
你没有任何代码重定向,所以它不会重定向。您可能正在寻找标头,http://php.net/manual/en/function.header.php,但回声后无法使用。 – Jonathan 2015-04-03 02:19:24
停止并重组,如果可用,'password_hash'用于保存密码和'password_verify'用于检查,并且最后使用准备好的语句 – Ghost 2015-04-03 02:23:16