duanhua9398 2013-12-06 02:51
浏览 49
已采纳

php:表单仍然在无效表单上提交

i got a problem on my validation script using php; when the user only fills out username form and emptied the password it still logs the user in it should show the user that the password field is blank error. i'm kinda new to php and i'm hoping you can help me. thanks!

here's my code for checking login

<?php
$usernameErr = $passwordErr = "";
$username = $password = "";

if ($_SERVER["REQUEST_METHOD"] == "POST")
{

   if (empty($_POST['username']))
     {$usernameErr = "Username is required.";}
   else
     {$username =($_POST['username']);}

   if (empty($_POST['password']))
     {$passwordErr = "Password is required.";}
   else
     {$password =($_POST['password']);}
}
?>

<body>
<div id="header" align="center">
<h1>PT. Sumber Urip Alfindo</h1>
</div>
<br/>
<div id="content" align="center">
<form id="login" name="login" method="post" action="checklogin.php">
<table>
<tr>
<td>Username</td>
<td></td>
<td><input name="username" type="text" id="username"><span class="error"><?php echo $usernameErr;?></span></td>
</tr>
<tr>
<td>Password</td>
<td></td>
<td><input name="password" type="password" id="password"><span class="error"><?php echo $passwordErr;?></span></td>
</tr>
<tr>
<td colspan="3" align="center"><input type="submit" name="submit" value="Login"></td>
</tr>
</table>
</form>

<?php
$sql="SELECT * FROM $tbl_name WHERE usrname='$username'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);

if($count==1 && $username="admin")
{
header("location:mainadmin.php");
}

else if($count==1)
{
header("location:main.php");
}

else
{
echo "Wrong username or password";
}
?>
  • 写回答

4条回答 默认 最新

  • dongyue6199 2013-12-06 03:31
    关注

    Before anyone moans, I'm not replacing mysql with mysqli/PDO to answer the question. Yes it's wrong that it's used but it's not related to the question.

    Correct model: if (there is not an error) { log the person in } else { do something else}.

    Your model: check for errors. log the user in anyway.

    This is what you're doing now

    // checking stuff
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
   if (empty($_POST['username']))
     {$usernameErr = "Username is required.";}
   // blah blah check check check 
}
// don't bother considering the error, just log them in anyway
$sql="SELECT * FROM $tbl_name WHERE usrname='$username'";
// etc

    But what you need to do is this:

    // check for errors and store them

$errors=array(); // create an empty array to store errors
if (empty($_POST['username'])){
    $errors['usernameErr'] = "Username is required."; // add an error
}else{
    $username =($_POST['username']);
}

if (empty($_POST['password'])){
     $errors['passwordErr'] = "Password is required."; // add an error
}else{
     $password =($_POST['password']);
}

// etc etc

// check if there were any errors anywhere along the way
// and if not, proceed with login
if (!count($errors)) { // check there are no errors
    $sql="SELECT * FROM $tbl_name WHERE usrname='$username'";
    $result=mysql_query($sql);
    $count=mysql_num_rows($result);
    // etc etc
}else{
    // if there were errors do something else
    echo implode("<br />", $errors); // output the errors however you like
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥20 求数据集和代码#有偿答复
  • ¥15 关于下拉菜单选项关联的问题
  • ¥20 java-OJ-健康体检
  • ¥15 rs485的上拉下拉,不会对a-b<-200mv有影响吗,就是接受时,对判断逻辑0有影响吗
  • ¥15 使用phpstudy在云服务器上搭建个人网站
  • ¥15 应该如何判断含间隙的曲柄摇杆机构,轴与轴承是否发生了碰撞?
  • ¥15 vue3+express部署到nginx
  • ¥20 搭建pt1000三线制高精度测温电路
  • ¥15 使用Jdk8自带的算法,和Jdk11自带的加密结果会一样吗,不一样的话有什么解决方案,Jdk不能升级的情况
  • ¥15 画两个图 python或R