duana1986 2011-08-26 18:03
浏览 55
已采纳

PHP和HTML登录

I'm trying to make log in and register script with php and html. It doesn't work and i ant press a button. What am i doing wrong? I'm new to programming sites.This is HTML :

Register:

<form action="register.php" method="post">
<input  type=text name="uid" /><br/></form>
<form action="register.php" method="post">
<input type="password" name="pass" /><br/>
</form>

<input type="submit" action="register.php" name="R" value="Sign Up" />

PHP:

require "sqlconnect.php"


$pass=$_POST("pass")
$uid=$_POST("uid")
$clicked=$_POST("R")


if($uid and $pass) { 

 connection()

 $ins = @mysql_query("INSERT INTO Users SET id='$uid', pass='$pass'"); 

 if($ins) 
 echo "Registered!You can log in now :)";
 header("Location: index2.php"); 

 else echo "Error!"; 

mysql_close($connection);

Log in:

<center><cc><b>Please login to proceed:</b></cc></center>
<center><form action="login.php" method="post" style="border-color:#0068AD" >
<input  type=text name="uid" /><br/></form>
<form action="login.php" method="post" style="border-color:#0068AD" >
<input type="password" name="pass" /><br/>
</form>
<input type="submit" action="login.php" name="L" value="Log in"/><br/>
<center><cc><a href="register.html"> Register </a></cc></center>

PHP:

 require "sqlconnect.php"

connection()


$pass=$_POST("pass")
$uid=$_POST"uid")
$clicked=$_POST("L")

$pass = "SELECT `pass` FROM `Users` WHERE `id`='$uid'";
$passcheck = mysql_query($pass);

    if($clicked>1||$passcheck=true)
        header=index3.html
        elseif(clicked>1||passcheck=false)
            echo ("Wrong username or password")


 mysql_close($connection)
  • 写回答

7条回答 默认 最新

  • dougao9864 2011-08-26 18:06
    关注

    Your submit button needs to be inside your form element, and you should have all inputs inside the same (single form)

    HTML should be something like:

    <form action="register.php" method="post">
  <b>Username:</b> <input type="text" name="uid" /><br/>
  <b>Password:</b> <input type="password" name="pass" /><br/>
  <input type="submit" name="R" value="Sign Up" />
</form>

    While your PHP for retrieving data from the $_POST array should be:

    $pass=$_POST["pass"];
$uid=$_POST["uid"];

    And you should be escaping both those values before you include them in a SQL statement (to prevent SQL injection).

    So your $pass line should be something like:

    $pass = "SELECT `pass` FROM `Users` WHERE `id`='"+
   mysql_real_escape_string($uid)+"'";

    And your $ins line should be something like:

    $ins = @mysql_query("INSERT INTO Users SET id='".mysql_real_escape_string($uid)+
   "', pass='"+mysql_real_escape_string($pass)+"'");

    And you should be either hashing or encrypting people's passwords before storing.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(6条)

报告相同问题?

悬赏问题

  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!