我正在制作PHP登录/注册表单。
我成功登录,注册和配置它有效,但我真的无法理解为什么我的代码将变量名称“email1”和“pass1”插入表而不是我输入的内容?
请帮助我彻底查看了大约50次并且看不出什么错误。
这是我的REGISTER表单:
<?php
require ('config.php');
if(isset($_POST['submit'])){
//Perform the verification
$email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($email1 == $email2){
if($pass1 == $pass2){
//All good carry on
$name = mysql_escape_string($_POST['name']);
$lname = mysql_escape_string($_POST['lname']);
$uname = mysql_escape_string($_POST['uname']);
$email1 = mysql_escape_string('email1');
$email2 = mysql_escape_string('email2');
$pass1 = mysql_escape_string('pass1');
$pass2 = mysql_escape_string('pass2');
$sql = mysql_query("SELECT * FROM `users` WHERE `uname` = '$uname'");
if (mysql_num_rows($sql) > 0){
echo "That user already exists";
exit();
}
mysql_query("INSERT INTO `users`(`id`, `name`, `lname`, `uname`, `email`, `pass`) VALUES (NULL, '$name', '$lname', '$uname', '$email1', '$pass1')") or die(mysql_error());
}else{
echo "Sorry, your passwords do not match. <br />";
exit();
}
}else{
echo "Sorry your emails do not match. <br />";
}
}else{
$form = <<<EOT
<form action="register.php" method="POST">
First Name: <input type="text" name="name" /><br />
Last Name: <input type="text" name="lname" /><br />
Username: <input type="text" name="uname" /><br />
Email: <input type="text" name="email1" /><br />
Confirm Email: <input type="text" name="email2" /><br />
Password: <input type="password" name="pass1" /><br />
Confirm password: <input type="password" name="pass2" /><br />
<input type="submit" value="Register" name="submit" />
</form>
EOT;
echo $form;
}
?>
这是我的登录表单:
<!--KODA ZA ŠUMNIKE-->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<?php
require ('config.php');
if(isset($_POST['submit'])){
$uname = mysql_escape_string($_POST['uname']);
$pass = mysql_escape_string($_POST['pass']);
$sql = mysql_query("SELECT * FROM `users` WHERE `uname` = '$uname' AND `pass` = '$pass'");
if(mysql_num_rows($sql) > 0){
echo "You are now logged in.";
exit();
}else{
echo "Wrong username or password combination.";
}
}else{
$form = <<<EOT
<form action="login.php" method="POST">
Username: <input type="text" name="uname" /><br />
Password: <input type="password" name="pass" /><br />
<input type="submit" value="Log in" name="submit" />
</form>
EOT;
echo $form;
}
答案 0 :(得分:1)
$name = mysql_escape_string($_POST['name']);
$lname = mysql_escape_string($_POST['lname']);
$uname = mysql_escape_string($_POST['uname']);
$email1 = mysql_escape_string($email1);
$email2 = mysql_escape_string($email2);
$pass1 = mysql_escape_string($pass1);
$pass2 = mysql_escape_string($pass2);
应该修复它。你正在逃避字符串“email1”等。
也希望转向mysqli或pdo而不是旧的mysql方法
答案 1 :(得分:0)
$email1 = mysql_escape_string('email1');
$email2 = mysql_escape_string('email2');
$pass1 = mysql_escape_string('pass1');
$pass2 = mysql_escape_string('pass2');
这里没有读取$ _POST值,而是指定静态值。 由于您已经在代码中先前读过$ _POST值,我猜您可以删除这四行。
答案 2 :(得分:0)
您必须使用以下代码,例如
$email1 = mysql_escape_string($email1);
$email2 = mysql_escape_string($email2);
$pass1 = mysql_escape_string($pass1);
$pass2 = mysql_escape_string($pass2);
现在它将是所需的输出。
希望它有所帮助。