我在检查会话时遇到一些问题,要访问页面,我需要激活会话。
登录流程:
//Connect to mysql server
require "reservation/connect.php";
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$login = clean($_POST['user']);
$password = clean($_POST['password']);
//Create query
$qry="SELECT * FROM user WHERE username='$login' AND password='$password'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) > 0) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['user_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['position'];
session_write_close();
//if ($level="admin"){
header("location: admin/dashboard.php");
exit();
}else {
//Login failed
header("location: index.php");
exit();
}
}else {
die("Query failed");
}
?>
验证:
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
header("location: index.php");
exit();
}
?>
即使我从表单登录,页面也不会加载并将我重定向回索引!我做错了什么?我把“require_once('../auth.php');”在页面上,但它仍然无法正常工作。
那是因为它正在进入else
声明的一部分,这意味着$result
为 0 或假。
所以原因是查询一定失败了..所以添加mysql_error()
像这样..
$result=mysql_query($qry) or die(mysql_error());
想知道具体原因..
This(mysql_*
) 扩展已被弃用PHP 5.5.0
,并且将来会被删除。相反,MySQLi
or PDO_MySQL
应使用扩展名。切换到PreparedStatements
更好的抵御SQL注入攻击!
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)