我正在尝试使用此代码登录:
session_start();
require "connect.php";
$username = $_POST['username'];
$password = $_POST['password'];
if($username&&$password)
{
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow!=0)
{
while($row = mysql_fetch_assoc($query))
{
$db_username = $row['username'];
$db_password = $row['password'];
}
if($username==$db_username&&$password==$db_password)
{
//echo 1;
header("Location: members.php");
$_SESSION['username']=$db_username;
}
else echo 0;
}
else die("That user doesn't exist");
}
else die("Please enter a username and password");
成功登录后,它应该带我到members.php:
session_start();
if($_SESSION['username']) <------ this is line 5
{
echo "20730312";
echo " You are logged in as: ".$_SESSION['username'];
echo "<p><a href='logout.php'>Click here to logout</a>";
}
但是当我在我的应用程序中请求members.php时,它给了我:
Notice: Undefined index: username in E:\Program Files\xampp\htdocs\adddrop\members.php on line 5
请注意,我在成功登录后使用 android webview 请求members.php,这是对的吗?我究竟做错了什么 ?
附带说明:那里有 SQL 注入。可能想阅读更多内容:http://en.wikipedia.org/wiki/SQL_injection http://en.wikipedia.org/wiki/SQL_injection
您面临的问题是用户名并不总是 POST(当您第一次加载页面时):
$username = isset($_POST['username']) ? $_POST['username'] : null;
$password = isset($_POST['password']) ? $_POST['password'] : null;
那应该解决它。基本上,我检查是否设置了 POST 索引,只有在设置了时我才尝试访问它,否则我将其设置为null.
另外,您可能想这样做:
$query = mysql_query("SELECT * FROM users WHERE username='" . mysql_real_escape_string($username) . "'");
这可以防止 SQL 注入漏洞。
并且还添加exit;:
header("Location: members.php");
$_SESSION['username']=$db_username;
exit; // Add this.
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
