HTML 表单未将值传递给 PHP (mysqli_real_escape_string)
HTML form not passing values to PHP (mysqli_real_escape_string)
HTML
<form type="POST" action="includes/login.php">
<input type="email" name="email" placeholder="email" />
<input type="password" name="password" placeholder="parola" />
<input type="submit" value="Login">
</form>
PHP
<?php
require_once 'config.php';
if(isset($_POST['email']))
{
$email = mysqli_real_escape_string($_POST['email']);
}
else
{
echo "Nu ati completat adresa de e-mail. <br />";
}
if(isset($_POST['password']))
{
$email = mysqli_real_escape_string($_POST['password']);
}
else
{
echo "Nu ati completat parola. <br />";
}
if(isset($_POST['email']) && ($_POST['password']))
{
$query = ("SELECT * FROM `users` WHERE password = '$password' AND email = '$email'");
$result = mysqli_query($link, $query);
$row = mysqli_fetch_array($result);
$count_rows = mysqli_num_rows($result);
if ($count_rows == 1)
{
$_SESSION["login"] = "OK";
header("Location: ../index.php");
}
else
{
header("Location: ../login.php");
}
}
?>
我尝试从 MySQL 切换到 MySQLi,我确定这与此有关。即使输入有名称,我的表单也没有将值传递给 PHP 脚本。在 Whosebug 上做了一些研究,发现了很多关于表单不传递数据的问题,但通常有拼写错误或缺少名称,这不是我的情况(我认为)。
(我知道密码还不安全,我会尽快添加一个 SHA256 或其他东西,所以不要紧张)
尝试回显查询,但密码和电子邮件地址应为空白。
SELECT * FROM `users` WHERE password = '' AND email = ''
我也收到这个警告:
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\xampp\htdocs\breloc\includes\login.php on line 4
我脚本中的第 4 行是:
$email = mysqli_real_escape_string($_POST['password']);
string mysqli_real_escape_string ( mysqli $link , string $escapestr )
从 Docs 开始,第一个参数必须是 mysqli resource 并且您的代码中缺少它,并且还要更改
<form type="POST">
进入
<form method="post">
所以你的代码看起来像
mysqli_real_escape_string($link,$_POST['email']);// and been repeated at all those occurences
根据文档 http://php.net/manual/de/mysqli.real-escape-string.php
您必须提供 mysqli 资源作为函数的第一个参数。
更改您的表单标签
<form type="POST">
到
<form method="POST">
您应该在 <form> 标签中使用 method 而不是 type,如下所示:
<form method="POST" action="includes/login.php">
- 将表格
type="post" 更改为 method="post"
- 将数据库连接字符串添加到您的
mysqli_real_escape_string 函数。
<form method="POST" action="includes/login.php">
<input type="email" name="email" placeholder="email" />
<input type="password" name="password" placeholder="parola" />
<input type="submit" value="Login" name="submit">
</form>
<?php
require_once 'config.php';
if(isset($_POST['submit'])) {
if(!empty($_POST[email]))
{
$email = mysqli_real_escape_string($link,$_POST['email']);
}
else
{
echo "Nu ati completat adresa de e-mail. <br />";
}
if(!empty($_POST['password']))
{
$password = mysqli_real_escape_string($link,$_POST['password']);
}
else
{
echo "Nu ati completat parola. <br />";
}
if(!empty($_POST['email']) && !empty($_POST['password']))
{
$query = ("SELECT * FROM `users` WHERE password = '".$password."' AND email = '".$email."'");
$result = mysqli_query($link, $query);
$row = mysqli_fetch_array($result);
$count_rows = mysqli_num_rows($result);
if ($count_rows == 1)
{
$_SESSION['login'] = "OK";
header("Location: ../index.php");
}
else
{
header("Location: ../login.php");
}
}}
?>
设置'method'不输入
<form method="POST" action="includes/login.php">
<input type="email" name="email" placeholder="email" />
<input type="password" name="password" placeholder="parola" />
<input type="submit" value="Login">
</form>
不要忘记连接到您的数据库并将该连接传递给您的 mysqli_query 和 mysqli_real_escape_string 函数
<?php
require_once 'config.php';
$con=mysqli_connect("localhost","my_user","my_password","my_db");
if(isset($_POST['email']))
{
$email = mysqli_real_escape_string($con, $_POST['email']);
}
else
{
echo "Nu ati completat adresa de e-mail. <br />";
}
if(isset($_POST['password']))
{
$email = mysqli_real_escape_string($con,$_POST['password']);
}
else
{
echo "Nu ati completat parola. <br />";
}
if(isset($_POST['email']) && ($_POST['password']))
{
$query = ("SELECT * FROM `users` WHERE password = '$password' AND email = '$email'");
$result = mysqli_query($con, $query);
$row = mysqli_fetch_array($result);
$count_rows = mysqli_num_rows($result);
if ($count_rows == 1)
{
$_SESSION["login"] = "OK";
header("Location: ../index.php");
}
else
{
header("Location: ../login.php");
}
}
?>
HTML
<form type="POST" action="includes/login.php">
<input type="email" name="email" placeholder="email" />
<input type="password" name="password" placeholder="parola" />
<input type="submit" value="Login">
</form>
PHP
<?php
require_once 'config.php';
if(isset($_POST['email']))
{
$email = mysqli_real_escape_string($_POST['email']);
}
else
{
echo "Nu ati completat adresa de e-mail. <br />";
}
if(isset($_POST['password']))
{
$email = mysqli_real_escape_string($_POST['password']);
}
else
{
echo "Nu ati completat parola. <br />";
}
if(isset($_POST['email']) && ($_POST['password']))
{
$query = ("SELECT * FROM `users` WHERE password = '$password' AND email = '$email'");
$result = mysqli_query($link, $query);
$row = mysqli_fetch_array($result);
$count_rows = mysqli_num_rows($result);
if ($count_rows == 1)
{
$_SESSION["login"] = "OK";
header("Location: ../index.php");
}
else
{
header("Location: ../login.php");
}
}
?>
我尝试从 MySQL 切换到 MySQLi,我确定这与此有关。即使输入有名称,我的表单也没有将值传递给 PHP 脚本。在 Whosebug 上做了一些研究,发现了很多关于表单不传递数据的问题,但通常有拼写错误或缺少名称,这不是我的情况(我认为)。
(我知道密码还不安全,我会尽快添加一个 SHA256 或其他东西,所以不要紧张)
尝试回显查询,但密码和电子邮件地址应为空白。
SELECT * FROM `users` WHERE password = '' AND email = ''
我也收到这个警告:
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\xampp\htdocs\breloc\includes\login.php on line 4
我脚本中的第 4 行是:
$email = mysqli_real_escape_string($_POST['password']);
string mysqli_real_escape_string ( mysqli $link , string $escapestr )
从 Docs 开始,第一个参数必须是 mysqli resource 并且您的代码中缺少它,并且还要更改
<form type="POST">
进入
<form method="post">
所以你的代码看起来像
mysqli_real_escape_string($link,$_POST['email']);// and been repeated at all those occurences
根据文档 http://php.net/manual/de/mysqli.real-escape-string.php 您必须提供 mysqli 资源作为函数的第一个参数。
更改您的表单标签
<form type="POST">
到
<form method="POST">
您应该在 <form> 标签中使用 method 而不是 type,如下所示:
<form method="POST" action="includes/login.php">
- 将表格
type="post"更改为method="post" - 将数据库连接字符串添加到您的
mysqli_real_escape_string函数。
<form method="POST" action="includes/login.php">
<input type="email" name="email" placeholder="email" />
<input type="password" name="password" placeholder="parola" />
<input type="submit" value="Login" name="submit">
</form>
<?php
require_once 'config.php';
if(isset($_POST['submit'])) {
if(!empty($_POST[email]))
{
$email = mysqli_real_escape_string($link,$_POST['email']);
}
else
{
echo "Nu ati completat adresa de e-mail. <br />";
}
if(!empty($_POST['password']))
{
$password = mysqli_real_escape_string($link,$_POST['password']);
}
else
{
echo "Nu ati completat parola. <br />";
}
if(!empty($_POST['email']) && !empty($_POST['password']))
{
$query = ("SELECT * FROM `users` WHERE password = '".$password."' AND email = '".$email."'");
$result = mysqli_query($link, $query);
$row = mysqli_fetch_array($result);
$count_rows = mysqli_num_rows($result);
if ($count_rows == 1)
{
$_SESSION['login'] = "OK";
header("Location: ../index.php");
}
else
{
header("Location: ../login.php");
}
}}
?>
设置'method'不输入
<form method="POST" action="includes/login.php">
<input type="email" name="email" placeholder="email" />
<input type="password" name="password" placeholder="parola" />
<input type="submit" value="Login">
</form>
不要忘记连接到您的数据库并将该连接传递给您的 mysqli_query 和 mysqli_real_escape_string 函数
<?php
require_once 'config.php';
$con=mysqli_connect("localhost","my_user","my_password","my_db");
if(isset($_POST['email']))
{
$email = mysqli_real_escape_string($con, $_POST['email']);
}
else
{
echo "Nu ati completat adresa de e-mail. <br />";
}
if(isset($_POST['password']))
{
$email = mysqli_real_escape_string($con,$_POST['password']);
}
else
{
echo "Nu ati completat parola. <br />";
}
if(isset($_POST['email']) && ($_POST['password']))
{
$query = ("SELECT * FROM `users` WHERE password = '$password' AND email = '$email'");
$result = mysqli_query($con, $query);
$row = mysqli_fetch_array($result);
$count_rows = mysqli_num_rows($result);
if ($count_rows == 1)
{
$_SESSION["login"] = "OK";
header("Location: ../index.php");
}
else
{
header("Location: ../login.php");
}
}
?>