我试图登录使用该code:
I am trying to log in using this code :
session_start();
require "connect.php";
$username = $_POST['username'];
$password = $_POST['password'];
if($username&&$password)
{
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow!=0)
{
while($row = mysql_fetch_assoc($query))
{
$db_username = $row['username'];
$db_password = $row['password'];
}
if($username==$db_username&&$password==$db_password)
{
//echo 1;
header("Location: members.php");
$_SESSION['username']=$db_username;
}
else echo 0;
}
else die("That user doesn't exist");
}
else die("Please enter a username and password");
在成功登录后,应该带我去members.php:
upon successful log in it should take me to members.php :
session_start();
if($_SESSION['username']) <------ this is line 5
{
echo "20730312";
echo " You are logged in as: ".$_SESSION['username'];
echo "<p><a href='logout.php'>Click here to logout</a>";
}
但是当我要求members.php在我的应用程序它给了我:
but when i request members.php in my application it gives me :
Notice: Undefined index: username in E:\Program Files\xampp\htdocs\adddrop\members.php on line 5
请注意,我使用的Android的WebView要求成功登录后members.php,这是正确的?我究竟做错了什么?
note that i am using android webview to request members.php after successful log in, is this right ? what am i doing wrong ?
在一个侧面说明:你有一个SQL注入存在。可能想阅读更多: http://en.wikipedia.org/wiki/SQL_injection
On a side note: you have an SQL injection there. Might want to read more: http://en.wikipedia.org/wiki/SQL_injection
您所面临的问题是,该用户名不是总是POST'd(当你只是加载网页第一次):
The problem you are facing is that the username is not always POST'd (when you just load the page first time):
$username = isset($_POST['username']) ? $_POST['username'] : null;
$password = isset($_POST['password']) ? $_POST['password'] : null;
这应该修复它。基本上,我检查POST索引设置,且仅当它是我尝试访问它,否则我将它设置为空
。
That should fix it. Basically, I check if the POST index is set, and only if it is I try to access it, otherwise I set it to null
.
另外,你可能想要做这样的:
Also, you might want to do it like this:
$query = mysql_query("SELECT * FROM users WHERE username='" . mysql_real_escape_string($username) . "'");
这prevents的SQL注入漏洞。
That prevents the SQL injection vulnerability.
,并添加退出;
:
header("Location: members.php");
$_SESSION['username']=$db_username;
exit; // Add this.
上一篇:如何加密的ConnectionString写入在codebehind的web.config?codebehind、ConnectionString、config、web
下一篇:需要的Htt presponseCache在Android的一个例子例子、Htt、presponseCache、Android