Session Tag instance: Simple System login code (cleverly avoids SQL injection attacks)

Submit the user name and password to the server, the user to query the user records, and then determine whether the user has been registered, if the registration is correct password, correct login, in the session to record the user's relevant information. The query, with the user name only, allows the database to quickly find a matching user record from a single-column index, much faster than a query that uses both a user name and password as a condition, and cleverly avoids SQL injection attacks.

Login Page

Form code

<form name=form1 action= "" Method=post onsubmit= "return Checkval ();" > <input name=url value= "base/index.html" type=hidden> <TR> <td Align=righ                   T width=64 height=25> user:</td> <td valign=top width=112 height=25><input Style= "FONT-SIZE:12PX; width:100px; COLOR: #000000; Background-color: #fef7d4 "name=username></td> <td valign=top width=1> &lt                ;/td></tr> <TR> <td align=right width=64 height=25> password:</td> &LT;TD valign=top width=112 height=25><input style= "MARGIN-TOP:14PX; font-size:12px; width:100px; COLOR: #000000; Background-color: #fef7d4 "Type=password name=pass> </TD> <td valign=top Widt H=1> </TD></TR>

Script for validation

var url = location.href;function Checkval () {var pos = url.indexof ("index.htm"); url = url.substring (0,pos) + "base/ Check.chtml "; form1.action = Url;if (Form1. username.value== "") {alert ("Please enter user name"); Form1. Username.focus (); return false;}  

Effect

Login Confirmation Page

Inquire

<esql module=base Id=user>select We_id,username,pass,cnname,dept,acl,photo,phone,mobile,email,oicq,msn, Enrolltime from Base_users Where username= ' @{ppage:username} ' </ESql>

Determine if the user exists no, does not exist return to the form page

<if x= "@{logic:@{user:getlength}=0}" Else=1><we X=true><script>alert ("User: @{pPage:USERNAME} not yet registered! "); History.back (); </script></we> ...</if>

Determine if the password is correct, not correct, return to the form page

<if x= "@{user:pass}" Else=1><we x= "@{ppage:pass}" ... </we><script>alert ("The password is wrong! "); History.back ();</script></if>

The password is correct, the login is successful, and the user's information is recorded in the session

<session><we Name=we_id>@{user:we_id}</we><we name=username>@{user:username}</we> <we name=pass>@{user:pass}</we><we name=cnname>@{user:cnname}</we><we name=DEPT>@{ User:dept}</we><we Name=acl>@{user:acl}</we><we name=photo>@{user:photo}</we>< We name=phone>@{user:phone}</we><we name=mobile>@{user:mobile}</we><we name=EMAIL>@{ User:email}</we><we Name=oicq>@{user:oicq}</we><we Name=msn>@{user:msn}</we><we Name=enrolltime>@{user:enrolltime}</we></session>

Jump to the specified Web page after successful login

<script>location.href= ' @{sys:face}@{ppage:url} ';</script>

Full Code

If you do not understand, please put it in the comments, I will discuss with you in depth
Download and description of light-open platform resources
Platform and Latest development Manuals free Download: http://download.csdn.net/detail/tx18/8464425
Development example: Light Open e-commerce website , free download: http://download.csdn.net/detail/tx18/8318585
Light open platform will be upgraded to provide you with more powerful and easy features, please note  Download the latest version
Session Tag instance: Simple System login code (cleverly avoids SQL injection attacks)