dtjkl42086 2014-04-27 12:33
浏览 57
已采纳

使用'include'将用户重定向到另一个PHP文件是不对的?

I have created a HTML login form which checks for email and password authentication and then redirects to the user account.

My PHP code is as below:

 <?php  

 require('connect.php');//for connection to the database.


$email = $_POST['email'];
$password = $_POST['password'];

$query = "SELECT * FROM `account` WHERE pemail='$email' and password='$password'";

$result1 = mysql_query($query) or die(mysql_error());
$usercount = mysql_num_rows($result1);




if ($usercount == 1){
include 'myaccount.php';
}


else{

echo "Invalid Details.";
echo "<a href='login.php'>Back to Login</a>";
}

Here, I have tried include to redirect to the user account...and it works fine.

Though my instructor says me that it is wrong to use include and you should implement it in another ways.

Why it is wrong to use include to redirect to the user account? I searched for it but I didn't found the answer.

plz do not discourage...thanks in advance.

  • 写回答

2条回答 默认 最新

  • dongyunqin7307 2014-04-27 12:37
    关注

    Yes, your instructor is correct. include() is for including PHP code, not for redirecting. header() function does that, so use it. Using include() works, but that doesn't mean you should use it.

    Why shouldn't you use include?

    • include() is a function for "including" code from a different file. It loads and executes the code from the file and is not exclusively built for redirecting. On the other hand, the sole purpose of header() is to send raw HTTP headers, i.e. perform redirects and the like. Use that instead.

    • If you have multiple lines of code in the file you're using for the redirect, include() will execute it completely, every time you perform a redirect. If your application uses redirects heavily, this would mean a performance loss and would result in a laggy application. Moreover, you'll be needlessly executing several lines of code if you're using include(). If you were to use header(), you could avoid this problem. (By calling exit() right after header().)

    More problems in your code:

    • You're using mysql_* functions. The ext/mysql extension is deprecated and shouldn't be used. Use MySQLi or PDO instead.

    • You're blindly injecting user input into your database query, thereby making it vulnerable to SQL injection. A user with malicious intent could technically cause troubles, or even delete your database entirely. Use PDO / MySQLi with prepared statements to prevent this from happening. See this question for more details on how.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 unity第一人称射击小游戏,有demo,在原脚本的基础上进行修改以达到要求
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?
  • ¥15 加热介质是液体,换热器壳侧导热系数和总的导热系数怎么算
  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
  • ¥15 cmd cl 0x000007b
  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line