我想在弹出窗口中显示结果。
代码:
<?php
$con=mysqli_connect("localhost","root","1234","fyp");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT password FROM admin WHERE email = '$_POST[email]' AND Admin = '$_POST[admin]'");
while($row = mysqli_fetch_array($result))
echo "your password is : " . " $row['password']" ;
mysqli_close($con);
?>
是否可以在弹出窗口中回显javascript警告消息?
我试过这个但仍然无法正常工作
echo "<script> alert ("<?php echo 'your password is: ' . '$row['password']'?>")</script>";
答案 0 :(得分:0)
我一时间找到了一个奇怪的解决方案。
echo "<style onload=\"jsfunc($row['password']);\"></style>";
//in your html or javascript add this function
<script type='text/javascript'>
function jsfunc(data){
alert(data);
}
</script>
样式标记是不可见的并且将运行函数onload,因此当它被回显时。我也使用样式标签,因为它是onload在你回复它时工作的少数标签之一。
这是一个奇怪的解决方案,但它确实有效。
答案 1 :(得分:0)
您的代码存在一些严重缺陷,包括对SQL Injection开放。我建议将其更改为更像这样:
$con = new MySQLi("localhost","root","1234","fyp");
if($con->connect_errorno) {
echo "Failed to connect to MySQL: ".$sql->connect_error;
}
$email = $sql->real_escape_string($_POST['email']);
$admin = $sql->real_escape_string($_POST['admin']);
$query = "SELECT password FROM admin WHERE email = '$email' AND Admin = '$admin'";
$result = $sql->query($query);
if($result) {
$row = mysqli_fetch_assoc($result);
$pass = $row['password'];
echo '<script> alert("Your password is '.$pass.'");</script>';
} else {
//do some error handling
}
//the closing of a mysqli connection is not required but
mysqli_close($con);
真正的逃脱字符串不是100%防止注射,但是开始消毒你的输入是个好地方。此外,我强烈建议不要以明文形式存储您的密码。在最初存储密码时,请查看PHP sha1()函数或SQL等效函数。
答案 2 :(得分:-2)
使用此代码
<?php
$alert='your password is: '.$row['password'];
?>
<script>
alert("<?php echo $alert; ?>");
</script>
它肯定会起作用。