请检查代码,我在这里错了。表单没有提交值。页面令人耳目一新但没有发布值。我不知道发生了什么。请检查代码并识别错误。我也在另一个应用程序上使用了这个代码。它在那里工作但不在这里
<?php
if ($username && $userid) {
echo "you are already logged in as $dbuser.<a href='w-post.php'> Click here to go to Post area</a>";
}
else {
$form = "<form method=post action=123.php autocomplete=off enctype=multipart/form-data>
<table width=759 border=1>
<tr>
<td width=749>
<table width=756 border=1>
<tr>
<td colspan=3 bgcolor=#d9d9d9>
<div align=center class=style1><font color=#003366>PERSONAL INFORMATION</font></div>
</td>
</tr>
<tr>
<td width=196>
<div class=label-text>Email Address</div>
</td>
<td width=297>
<div class=accountboxes><input type=text class=accounttextboxes id=txtemail name=txtemail
size=50/>
</div>
</td>
<td width=241> </td>
</tr>
<tr>
<td width=196>
<div class=label-text>Password</div>
</td>
<td width=297>
<div class=accountboxes><input type=password class=accounttextboxes id=txtpass name=txtpass
size=50/>
</div>
</td>
<td width=241> </td>
</tr>
<tr>
<td width=196></td>
<td width=297><input name=submit type=submit id=submit value=submit/>
<td width=241> </td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</form>";
if (isset($_POST['submit'])) {
$user = $_POST['txtemail'];
$pass = $_POST['txtpass'];
if ($user) {
if ($password) {
$password = md5($pass);
//echo $epassword;
$query = mysql_query("SELECT * from users where email='$user'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$row = mysql_fetch_assoc($query);
$id = $row['id'];
$dbuser = $row['name'];
$dbpass = $row['password'];
$activate = $row['activation'];
if ($password == $dbpass) {
if ($activate == '1') {
$_SESSION['name'] = $dbuser;
$_SESSION['id'] = $id;
$_SESSION['email'] = $email;
header('location:forms.php');
exit();
}
else {
$error_account = 'Your Account is not activated yet';
}
echo $form;
}
else {
$error_pass = 'You entered an incorrect password';
}
echo $form;
}
else {
$error_email = 'Email Address not found';
echo $form;
}
}
else {
$enter_pass = 'Enter your password';
echo $form;
}
}
else {
$enter_email = 'Enter email address';
echo $form;
}
}
else {
echo $form;
}
}
?>
答案 0 :(得分:2)
您应该在整个HTML中引用所有属性值,例如post
,123.php
等,以确保安全。否则(假设您使用的是HTML而不是XHTML - 必须引用字符串)任何无效字符都会使HTML无效,您的代码可能会中断,这肯定是您的代码可能发生的事情。
使用HEREDOC语法:
$form = <<<EOD
<form method="post" action="123.php" autocomplete="off" enctype="multipart/form-data">
<table width="759" border="1">
<tr>
<!-- Rest of HTML code -->
EOD;
答案 1 :(得分:0)
如果你这样做,你的代码就会简单得多:
if (isset($_POST['submit'])) {
$error = 0;
$errorMessages = array();
$user = $_POST['txtemail'];
$pass = $_POST['txtpass'];
if (!$user) {
$errors++;
$errorMessages[] = "Please enter your email address";
}
...//rest of the form check
if($errors == 0) {
//do what you want with the data
}
}
所以你没有那么多括号。