在下面的代码中,某些标题都没有重定向到指定的位置。我不知道为什么......我没有在调用标头之前发送或回显任何输出。也没有意外的“白色空间”,这也可能导致标题()的故障。我也尝试过使用ob_start(),但这是徒劳的。我的所有文件都在一个文件夹中,即在WAMP的“www”文件夹中.....有人能告诉我什么是障碍?
此代码处理用于注册新用户的表单.....使用POST方法
$user= "root" ;
$host= "localhost" ;
$password= "" ;
$database= "online_examination" ;
$fn=$_POST['fn'] ; // firstname
$ln=$_POST['ln'] ; // lastname
$un=$_POST['un'] ; // username
$pass=$_POST['pw'] ; // password
$connection= mysql_connect($host,$user,$password) ;
$db= mysql_select_db($database,$connection);
$query=" SELECT username FROM user_info " ;
$result=mysql_query ($query,$connection) ;
for ($i=0 ; $i<mysql_num_rows($result) ; $i++ )
{
$uname=mysql_result($result,$i,"username") ;
if ($un==$uname)
{
header ("Location : /username_exists.php") ;
exit;
}
}
$query=" SELECT password FROM user_info " ;
$result=mysql_query ($query,$connection) ;
for ($i=0 ; $i<mysql_num_rows($result) ; $i++ )
{
$pword=mysql_result($result,$i,"password") ;
if ($pass==$pword)
{
header ("Location : /password_exists.php") ;
exit;
}
}
$query=" INSERT INTO user_info (firstname,lastname,username,password) VALUES
('$fn','$ln','$un','$pass') " ;
mysql_query ($query,$connection)
header ("Location : /successfully_registered.php") ;
答案 0 :(得分:0)
这段代码充满了安全漏洞和逻辑错误,但我尽力重写它。
$user = 'root';
$host = 'localhost';
$password = '';
$database = 'online_examination';
// Attempt to connect to MySQL
if( !( $connection = mysql_connect( $host , $user , $password ) ) ){
die( 'Failed to connect to server' );
}elseif( !( $db = mysql_select_db( $database , $connection ) ) ){
die( 'Failed to connect to database' );
}
// Default values for Form Submitted Fields
$fn = $ln = $un = $pass = false;
// Check if Form Submitted
if( $_POST ){
// For each value, perform some basic validation before trusting them
if( isset( $_POST['fn'] ) && $_POST['fn']!='' )
$fn = $_POST['fn'] ; // firstname
if( isset( $_POST['ln'] ) && $_POST['ln']!='' )
$ln = $_POST['ln'] ; // lastname
if( isset( $_POST['un'] ) && $_POST['un']!='' )
$un = $_POST['un'] ; // username
if( isset( $_POST['pw'] ) && $_POST['pw']!='' )
$pass = $_POST['pw'] ; // password
}
// If a Username was submitted
if( !$fn || !$ln || !$un || !$pw ){
// One or more of the fields were empty or not submitted.
// Show the form again (maybe with an error message)
}else{
// Perform a Query looking for any instances where the same username is already in use
$query = 'SELECT COUNT(*) AS matches FROM user_info WHERE username="'.mysql_real_escape_string( $un ).'"';
$result = @mysql_query( $query , $connection ) ;
if( !$result ){
die( 'Query for Usernames Failed' );
}
$row = mysql_fetch_array( $result )
if( $row['matches']!=0 ){
// The Username is already in use
if( !headers_sent() ){
header( 'Location: /username_exists.php' );
}else{
echo 'Username already in use - <a href="/username_exists.php">Click here</a>';
}
die();
}
// If we have gotten to this point, the username is OK to use
$sqlTpl = 'INSERT INTO user_info ( firstname , lastname , username , password ) VALUES ( "%s" , "%s" , "%s" , "%s" )';
$sqlStr = sprintf( $sqlTpl ,
mysql_real_escape_string( $fn ) ,
mysql_real_escape_string( $ln ) ,
mysql_real_escape_string( $un ) ,
mysql_real_escape_string( $pw ) );
$result = mysql_query( $sqlStr , $connection );
if( $result ){
if( !headers_sent() ){
header( 'Location: /successfully_registered.php' );
}else{
echo 'Successfully registered - <a href="/successfully_registered.php">Click here</a>';
}
die();
}else{
// Something went wrong
}
}
臀部的几点:
headers_sent()进行检查是一种很好的做法。查看一些处理用户注册的预先存在的教程和/或PHP类。很多人都有很好的想法,你应该把它们融入你的解决方案中,而不是重新发明轮子。
答案 1 :(得分:-1)
此外,请确保您的<?php标记之外没有空格,因为这会导致文本被发送到浏览器,除非您打开输出缓冲,否则会导致出现“已发送标题”的错误。此外,您有非常不安全的SQL处理。可以利用任何变量来成功注入SQL。
答案 2 :(得分:-1)
$connection= mysql_connect($host,$user,$password);
$db= mysql_select_db($database,$connection);
由于php错误,它可能失败了。你错过了分号。
尝试error_reporting(E_ALL);在顶部仔细检查错误;