![](/img/trans.png)
[英]PHP and SQL: using login session variable not updating the database correctly
[英]PHP login session not coming through (Login with SQL database)
我为自己做的最新的小“挑战”是尝试在我为一些朋友制作的网站上编写一个好的登录屏幕。 但是,当我输入我的电子邮件和密码时,它们显示在我的 SQL 数据库中,我用来检查它的文件根本不会发送任何内容。 我的代码如下所示:
<?php
session_start();
if (isset($_SESSION['user'])) {
header('Location: mainpage.php');
}
require_once 'config.php';
$error_message = '';
if (isset($_POST['submit'])) {
$db = "epiz_31045019_TCDB";
$response = $db->check_credentials($_POST['email'], $_POST['password']);
if ($response['status'] == 'success') {
$_SESSION['user'] = array('id' => $response['id'], 'nickname' => $response['nickname']);
header('Location: mainpage.php');
}
}
?>
如果这可能被证明是有用的,这里是我的登录表单和我包括的配置代码:
<?php
$hostnaam = "host.com";
$gebruikersnaam = "username";
$wachtwoord = "password";
$db = "database";
$verbinding = mysqli_connect($hostnaam, $gebruikersnaam, $wachtwoord,
$db) or die ("Er kan geen verbinding tot stand worden gebracht:" .
mysqli_connect_error());
?>
<form action="datacheck.php" method="POST">
<div class="form-field">
<input type="email" name="email" id="email" placeholder="E-mailadres" required />
</div> <br>
<div class="form-field">
<input type="password" name="password" id="password" placeholder="Wachtwoord" required />
</div> <br>
<div class="form-field">
<button class="btn" type="submit">Log in</button>
</div>
</form>
您的代码示例:
$hostnaam = "host.com";
$gebruikersnaam = "username";
$wachtwoord = "password";
$db = "database";
$verbinding = mysqli_connect($hostnaam, $gebruikersnaam, $wachtwoord,
$db) or die ("Er kan geen verbinding tot stand worden gebracht:" .
mysqli_connect_error());
如果您使用变量来保存连接/登录信息,您将使用它们一次然后不需要它们,但稍后在您的代码中,所有这些变量( $wachtwoord
、 $gebruikersnaam
等)仍然存在。
在您给出的示例中,更安全的做法是
将数据直接硬编码到连接函数中:
mysqli_connect("host.com", "username", "password", "database");
或确保在完成数据后立即销毁数据:
$hostnaam = "host.com"; $gebruikersnaam = "username"; $wachtwoord = "password"; $db = "database"; $verbinding = mysqli_connect($hostnaam, $gebruikersnaam, $wachtwoord, $db); unset($hostnaam,$gebruikersnaam, $wachtwoord,$db); // Or alternatively: // $hostnaam = $gebruikersnaam = $wachtwoord = $db = NULL;
使用die
语句并直接向浏览器/用户显示错误消息是非常糟糕的做法,永远不应该这样做。
而是尝试将错误抛出到PHP error log
。
if(!mysqli_connect("host.com", "username", "password", "database")){
error_log("There was a failure to connect to MySQL: ".mysqli_connect_error());
header("location: index.php?msg=".urlencode('Sorry there was an error.Can not connect.');
}
header
函数应该始终跟在 die/exit 语句之后,因为当到达标头函数时,PHP 将继续执行脚本的其余部分,即使浏览器被重定向到新页面也是如此。 if(!mysqli_connect("host.com", "username", "password", "database")){
error_log("There was a failure to connect to MySQL: ".mysqli_connect_error());
header("location: index.php?msg=".urlencode('Sorry there was an error.Can not connect.'));
exit;
}
最后,我还强烈推荐使用 PDO 接口和使用面向对象编程。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.