我正在尝试为页面创建一个登录和注销脚本,但由于某种原因,它不适合我。它似乎工作正常,直到我尝试注销。它似乎破坏会话变量,但它仍然让我查看页面。 继承人我登录代码:在会话中注销PHP的问题
代码: 的login.php
<?php
// Use session variable on this page. This function must put on the top of page.
session_start();
////// Logout Section. Delete all session variable.
session_destroy();
$Name=$_POST['Name'];
$Pass=$_POST['Pass'];
// To protect MySQL injection (more detail about MySQL injection)
$Name = stripslashes($Name);
$Pass = stripslashes($Pass);
$Name = mysql_real_escape_string($Name);
$Pass = mysql_real_escape_string($Pass);
$sql="SELECT * FROM reg1 WHERE uname='$Name' and pass='$Pass'";
$result=mysql_query($sql);
if(mysql_num_rows($result)!='0') // If match.
{
session_register("uname"); // Craete session username.
header("location:loged.php"); // Re-direct to loged.php
exit;
}else{ // If not match.
echo '<script type="text/javascript">
window.alert("Wrong UserName And Password");
window.location="index.php"
</script>';
}
// End Login authorize check.
?>
logout.php
<?php
// Inialize session
session_start();
// Delete certain session
unset($_SESSION['uname']);
// Delete all session variables
session_destroy();
// Jump to login page
header("Location: index.php?msg=Successfully Logged out");
}
?>
感谢每一个...
'$名称=的stripslashes($名)'---这可以打破的数据,如果' magic_quotes'被关闭。 – zerkms 2011-05-16 07:03:53
如何检查用户是否在loged.php上登录? – BlueEel 2011-05-16 07:07:14
阅读关于session_destroy的手册,看看还有什么需要完成破坏会议:http://php.net/session_destroy – 2011-05-16 07:08:48