HTML表单没有将值传递给PHP(mysqli_real_escape_string)

时间:2015-06-15 13:45:46

标签: php html mysql mysqli xampp

HTML 

<form type="POST" action="includes/login.php">
    <input type="email" name="email" placeholder="email" />
    <input type="password" name="password" placeholder="parola" />
    <input type="submit" value="Login">
</form>

PHP 

<?php
require_once 'config.php';

if(isset($_POST['email'])) 
    {
       $email = mysqli_real_escape_string($_POST['email']);
    } 
else 
    {
        echo "Nu ati completat adresa de e-mail. <br />";
    }

if(isset($_POST['password'])) 
    {
       $email = mysqli_real_escape_string($_POST['password']);
    } 
else 
    {
        echo "Nu ati completat parola. <br />";
    }

if(isset($_POST['email']) && ($_POST['password']))
{ 
    $query = ("SELECT * FROM `users` WHERE password = '$password' AND email = '$email'");
    $result = mysqli_query($link, $query);
    $row = mysqli_fetch_array($result);
    $count_rows = mysqli_num_rows($result);

    if ($count_rows == 1)
    {
            $_SESSION["login"] = "OK";
            header("Location: ../index.php");
    }

    else
    {
        header("Location: ../login.php");

    }
}
?>

我尝试从MySQL切换到MySQLi,我确信它与此有关。即使输入具有名称,我的表单也不会将值传递给PHP脚本。在StackOverflow上进行了一些研究并发现了许多关于表单没有传递数据的问题,但通常会出现错字或缺少名称,这不是我的情况(我认为)。

(我知道密码还没有安全保障,我会尽快添加一个SHA256或其他东西,所以不要强调它)

尝试回显查询,它只是密码和电子邮件地址应该是空白的。

SELECT * FROM `users` WHERE password = '' AND email = ''

我也收到了这个警告:

  

警告:mysqli_real_escape_string()正好需要2个参数,1在第4行的C:\ xampp \ htdocs \ breloc \ includes \ login.php中给出

我脚本中的第4行是:

$email = mysqli_real_escape_string($_POST['password']);

7 个答案:

答案 0 :(得分:5)

更改表单标记

 <form type="POST">


 <form method="POST">

答案 1 :(得分:3)

  1. 将表单type="post"更改为method="post"
  2. 将数据库连接字符串添加到mysqli_real_escape_string函数。

答案 2 :(得分:2)

根据文件http://php.net/manual/de/mysqli.real-escape-string.php 你必须提供mysqli ressource作为函数的第一个参数。

答案 3 :(得分:2)

您应该在method标记中使用type代替<form>,如下所示:

<form method="POST" action="includes/login.php">

答案 4 :(得分:2)

<div th:each="phoneStat : *{phones}">
    <select th:field="*{phones[__${phoneStat.index}__].variety}">
        <option></option>
    </select>
    <div class=" input-field col s4">
        <input class="validate" th:field="*{phones[__${phoneStat.index}__].number}"
               th:id="${'phonenumber-'+ phones[__${phoneStat.index}__]}" type="text"/>
        <label th:for="${'phonenumber-'+ phones[__${phoneStat.index}__]}"> Mobile</label>
    </div>
</div>

答案 5 :(得分:2)

设置&#39;方法&#39;不输入

<form method="POST" action="includes/login.php">
    <input type="email" name="email" placeholder="email" />
    <input type="password" name="password" placeholder="parola" />
    <input type="submit" value="Login">
</form>
不要忘记连接到您的数据库并将该连接传递给您的mysqli_query和mysqli_real_escape_string函数

<?php
require_once 'config.php';

$con=mysqli_connect("localhost","my_user","my_password","my_db");

if(isset($_POST['email'])) 
    {
       $email = mysqli_real_escape_string($con, $_POST['email']);
    } 
else 
    {
        echo "Nu ati completat adresa de e-mail. <br />";
    }

if(isset($_POST['password'])) 
    {
       $email = mysqli_real_escape_string($con,$_POST['password']);
    } 
else 
    {
        echo "Nu ati completat parola. <br />";
    }

if(isset($_POST['email']) && ($_POST['password']))
{ 
    $query = ("SELECT * FROM `users` WHERE password = '$password' AND email = '$email'");
    $result = mysqli_query($con, $query);
    $row = mysqli_fetch_array($result);
    $count_rows = mysqli_num_rows($result);

    if ($count_rows == 1)
    {
            $_SESSION["login"] = "OK";
            header("Location: ../index.php");
    }

    else
    {
        header("Location: ../login.php");

    }
}
?>

答案 6 :(得分:1)

string mysqli_real_escape_string ( mysqli $link , string $escapestr )

Docs开始,第一个参数必须为mysqli resource且代码中缺少该参数,并且还会更改

<form type="POST">


<form method="post">

所以你的代码看起来像

mysqli_real_escape_string($link,$_POST['email']);// and been repeated at all those occurences
相关问题
最新问题