English 中文(简体)
登录脚本未执行 - 蓝色主机
原标题:Login Script Not Executing - Bluehost

用户在www.msheeks productures.com 登录表格上按下提交键时运行的脚本日志记录如下。 出于安全原因, 我删除了 DB 登录信息 。

    <?php
error_reporting(E_ALL);
        $user =  *************** ;
        $pass =  *************** ;
        $host =  *************** ;
        $data =  *************** ;
$userN=$_POST[ userN ];
$passW=$_POST[ passW ];

mysql_connect($host, $user, $pass)or die("Could not connect");
mysql_select_db($data)or die("Database Not Found");

$query="SELECT userID FROM sec_login WHERE Username= $userN  AND Password= passW ";
$result=mysql_query($query) or die(mysql_error());

$user=mysql_num_rows($result);
if($user==1) {
    session_register("userN");
    header("location: ../index.php");
}
else {
echo("You have entered invalid login information.");
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
</body>
</html>

我的问题是,如果你在安全.php页面上着陆,就不会发生任何事情。 PHP 脚本似乎根本没有被执行。 我不确定我是否在某处有语法错误, 或是否与主机账户存在配置问题。 服务器正在使用 PHP 5. 2 。 有人知道Bluehost是否有这类问题吗? 如果有编码错误, 那么显然我也很想知道。 我是新来的, 所以我可能没有做对。

此外,我正试图在索引.php文件中再次调用变量,因为文件似乎没有返回任何数据。

<?php $usr=$_SESSION[ username ]; 
echo "User Name Is: $usr"; ?>

提前感谢!

最佳回答

请考虑以下各点:

  • Beware of SQL injection(Stopped by mysql_real_escape_string);
  • Beware of session fixation / hijacking;
  • Beware or brute force attacks;

  • 请检查 < a href=> "http://php.net/pdo" rel="nofollow" >http://php.net/pdo , 以更好地处理错误和查询参数....

    <?php
error_reporting(E_ALL);
ini_set( display_errors , 1);

if ($_SERVER[ REQUEST_METHOD ] ==  POST ) {
    $user =  *************** ;
    $pass =  *************** ;
    $host =  *************** ;
    $data =  *************** ;

    mysql_connect($host, $user, $pass) or die("Could not connect");
    mysql_select_db($data) or die("Database Not Found");

    $result=mysql_query("SELECT COUNT(1) FROM sec_login WHERE Username= ".mysql_real_escape_string($_POST[ username ])."  AND Password= ".mysql_real_escape_string($_POST[ password ])." ") or die(mysql_error());

    if(mysql_result($result) == 1) {
        $_SESSION[ username ] = $_POST[ username ];
        header("location: ../index.php");
        exit;
    } else {
        $message =  You have failed to provide valid credentials. ;
    }
} else {
    $message =  <form method="post">
                    <input type="text" name="username" value="username" />
                    <br />
                    <input type="password" name="password" value="password" />
                    <br />
                    <input type="submit" />
                </form> ;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Untitled Document</title>
    </head>

    <body>
        <?php echo $message; ?>
    </body>
</html>
时间:2012-05-21 17:30:45
问题回答

好吧,万一有人碰巧发现这一点,需要举个例子。下面是我现在使用的代码, 用于一个功能化的脚本日志 :

<?php
session_start();
error_reporting(E_ALL);
ini_set( display_errors , 1);

if ($_SERVER[ REQUEST_METHOD ] ==  POST ) {
    $user =  *********** ;
    $pass =  *********** ;
    $host =  *********** ;
    $data =  *********** ;

    mysql_connect($host, $user, $pass) or die("Could not connect");
    mysql_select_db($data) or die("Database Not Found");

    $result=mysql_query("SELECT userID FROM sec_login WHERE Username= ".mysql_real_escape_string($_POST[ userN ])."  AND Password= ".mysql_real_escape_string($_POST[ passW ])." ") or die(mysql_error());

    if(mysql_num_rows($result) == 1) {
        $_SESSION[ login ]=1;
        $_SESSION[ username ]=$_POST[ userN ];
        $session= session_name() .  =  . session_id();
        header("location: ../index.php?".$session);
        exit();
    } else {
        $message =  You have failed to provide valid credentials. ;
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Untitled Document</title>
    </head>

    <body>
        <?php echo $message; ?>
    </body>
</html>

当然,链接变量省略了。为了让其他页面在会话变量中获取变量,请确定每个页面的起始位置(在代码的直径第一行中,甚至在 Doctype 声明之前)

感谢你们帮助大家!

时间:2012-05-22 20:27:55


上一篇:
下一篇:


相关问题
SQL SubQuery getting particular column

I noticed that there were some threads with similar questions, and I did look through them but did not really get a convincing answer. Here s my question: The subquery below returns a Table with 3 ...

时间:2009-11-13 05:35:38 回答:3 展示:1
please can anyone check this while loop and if condition

<?php $con=mysql_connect("localhost","mts","mts"); if(!con) { die( unable to connect . mysql_error()); } mysql_select_db("mts",$con); /* date_default_timezone_set ("Asia/Calcutta"); $date = ...

时间:2009-11-13 05:25:03 回答:3 展示:1
php return a specific row from query

Is it possible in php to return a specific row of data from a mysql query? None of the fetch statements that I ve found return a 2 dimensional array to access specific rows. I want to be able to ...

时间:2009-11-09 16:40:04 回答:2 展示:1
Character Encodings in PHP and MySQL

Our website was developed with a meta tag set to... <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> This works fine for M-dashes and special quotes, etc. However, I ...

时间:2009-11-09 16:15:32 回答:3 展示:1
Pagination Strategies for Complex (slow) Datasets

What are some of the strategies being used for pagination of data sets that involve complex queries? count(*) takes ~1.5 sec so we don t want to hit the DB for every page view. Currently there are ~...

时间:2009-11-09 16:02:04 回答:5 展示:1
Averaging a total in mySQL

My table looks like person_id | car_id | miles ------------------------------ 1 | 1 | 100 1 | 2 | 200 2 | 3 | 1000 2 | 4 | 500 I need to ...

时间:2009-11-09 14:43:41 回答:4 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全