login.php <? error_reporting(0); $mysql_servername = "localhost"; // $mysql_username = "root"; // $mysql_password =""; // $mysql_database ="peng"; // mysql_connect($mysql_servername , $mysql_username , $mysql_password); mysql_select_db($mysql_database); $name=$_POST['name']; $passowrd=$_POST['password']; if ($name && $passowrd){ $sql = "SELECT * FROM liuyanban WHERE name = '$name' and password='$passowrd'"; $res = mysql_query($sql); $rows=mysql_num_rows($res); if($rows){ header("refresh:0;url=a.htm");//the path exit; } echo "<script language=javascript>alert('error about password');history.back();</script>"; }else { echo "<script language=javascript>alert('error');history.back();</script>"; } ?> the login.htm <html> <body> <form name="login" action="login.php" method=post> name<input type=text name="name"> <p>password<input type=password name="password"> <p> <input name="log" type=submit value="login"> </form> </body> </html>
I wouldn't recommend this to anyone the inputs aren't sanitized i could easily grab database values if someone uploads this to a site. try implementing mysql_real_escape_string.
For a basic script, it's a nice thing for newbies, but as stated, it's not secure from injection attacks and other brute force methods... but well done though... consider: 1) making it more secure 2) keeping login data in a cookie or session to authenticate real logins