On Thu, 2011-08-04 at 17:02 +0100, jean-baptiste verrey wrote: > if you want to force the browser to not be able to have this behaviour you > need the name tag to always change > a quick example would be that > <?php // keep the name in session > $_SESSION['formRandomName']=time(); > ?> > <input type="password" name="<?php > echo $_SESSION['formRandomName'];?>[password]" /> > > > 2011/8/4 Bálint Horváth <hbalint@xxxxxxxxx> > > > Hi, > > Use value="$_POST['user']" or sg like that because: > > before send value eq null, after if returned -cause of a fail- the inputs > > remain > > > > also set *autocomplete="off"* (at form) and if it doesn't work use js > > to set null values to input boxes (add a name for ur form...) > > > > Another way, use Google: "javascript turn off autofill" > > > > be careful: > > http://www.php.net/manual/en/security.database.sql-injection.php > > http://php.net/manual/en/security.php > > > > *Valentine* > > > > On Thu, Aug 4, 2011 at 8:54 AM, James Yerge <james@xxxxxxxxxxxxxxx> wrote: > > > > > On 08/05/2011 12:43 AM, wil prim wrote: > > > > Hello, Soooo i created a simple login system, and I am using sessions > > > Everything > > > > seems to work fine, however; when I upload my files to my server and > > type > > > my > > > > domain name my index.php page comes up and the form is automatically > > > filled out > > > > with a username and password. How do i make it empty when I initially > > > enter the > > > > site, and yes I did create a logout.php file that destroys a session. > > > Please > > > > help, it is hard to explain this when I cant show it in person. Thanks > > in > > > advance! > > > > > > > > Here is the login.php code, i didn't md5() the password yet: > > > > > > > > > > > > <?php > > > > > > > > if ($_SESSION['user']) > > > > { > > > > header("Location: error.php"); > > > > exit(); > > > > } > > > > include('connect.php'); > > > > if ($_POST['login']){ > > > > > > > > > > > > $user=$_POST['user']; > > > > $pass=$_POST['pass']; > > > > $sql="SELECT * FROM members WHERE username='$_POST[user]' and > > > > password='$_POST[pass]'"; > > > > $result=mysql_query($sql, $con); > > > > $count=mysql_num_rows($result); > > > > if ($count==1){ > > > > $_SESSION['user'] = $user; > > > > header('location: home.php'); > > > > } > > > > else > > > > echo "<p style='color:red'>Wrong Username or Password</p>"; > > > > } > > > > > > > > ?> > > > > <html> > > > > <head> > > > > <title></title> > > > > <link href="style.css" rel="stylesheet" type="text/css" /> > > > > </head> > > > > <body> > > > > > > > > <div id="main"> > > > > <div id="menu"> > > > > <ul> > > > > <li> > > > > <a href="#">Home</a> > > > > </li> > > > > <li> > > > > <a href="#">Topix</a> > > > > </li> > > > > <li> > > > > <a href="#">Mission</a> > > > > </li> > > > > </ul> > > > > </div> > > > > <div id='content'> > > > > <form method='post' action='index.php'> > > > > Username: <br/> > > > > <input type='text' name='user' maxlength='30'/><br/> > > > > Password: <br/> > > > > <input type="password" name='pass' maxlength='30'/><br/> > > > > <input type="submit" value="Log In!" name="login"/> > > > > </form> > > > > <a href="register.html"> Register? </a> > > > > > > > > </div> > > > > </body> > > > > </html> > > > > > > Your browser is more than likely filling in the username and password > > > fields for you, automatically. Most modern browsers offer this > > > functionality by default. What you're looking for isn't relative to PHP. > > > > > > Have you tried visiting your page from multiple browsers, to see if you > > > get the same results? > > > > > > You could set the value of the username and password fields in the form > > > to NULL. > > > > > > e.g.; > > > <input type='text' name='user' value='' maxlength='30'/> > > > <input type="password" name='pass' value='' maxlength='30'/> > > > > > > I doubt your visitors are going to encounter the same issue you are, > > > unless they allow their browser or some other 3rd party software to > > > automatically fill in the form values for them. > > > > > > Another method would consist of using JavaScript, once the DOM is ready > > > (all elements rendered), have JavaScript reset the form values. > > > > > > > > > > > > -- > > > PHP General Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > Please don't top-post, the gremlins don't like it :) Going back to Bálint's post, the autocomplete="off" can be set either at the form or form element (input) level. Bear in mind though that if you do this, the HTML will not validate. This isn't normally an issue, and may be an acceptable tradeoff for your website. -- Thanks, Ash http://www.ashleysheridan.co.uk
