为什么striplashes不会在没有斜杠的情况下返回数据?

时间:2015-06-08 13:45:20

标签: php

当您在我的网站上按登录时,该脚本使用mysqli_real_escape_string而不是处理登录。

例如,当您在主页上按下登录按钮时,该站点将转到此文件。如果一切顺利,您将被重定向到开始页面,但是当出现问题时,您将留在此页面并查看表单。表单包含您在按下登录之前输入的数据。这些数据最后包含一个斜杠。

我想使用stripslashes删除斜杠,所以我创建了一个名为slash的函数来删除它们但是当你输入错误的东西时我仍然会看到斜杠。

//the slash function is placed in a previous loaded file
function slash($username, $password){
     $password =  stripslashes($password);
     $username =  stripslashes($username);
     return $username;
     return $password;
}

    if(empty($_POST === false)){
    $username = $_POST['username'];
    $password = $_POST['password'];

    //check if the fields are empty
    if (empty($username) || empty($password)){
        $errors[] = 'You need to enter a username and password';
    //check if the username exists
    }else if(user_exists($username) === false){
        $errors[] = 'We can\'t find that username';
        slash($username, $password);
    //check if the username is active
    }else if(user_active($username) === false){
        $errors[] = 'You haven\'t activated your account';
        slash($username, $password);
    //if none of the previous checks are false, log in
    }else{
        $login = login($username, $password);
        //if username or password is incorrect, display error
        if($login === false){
            $errors[] = 'That username or password combination is incorrect';
            slash($username, $password);
        //if everthing is fine, log in
        }else{
            //set the user session
            $_SESSION['user_id'] = $login;
            //redirect user to home
            header('Location: index.php');
            exit();
        }
    }

}
?>
<html>
<head>
    <link rel="stylesheet" href="css/error_login.css"/>
</head>
<body>
<?php
    include 'templates/menu/menu.php';
?>
<div class="error_login">
    <h3>Login</h3>
    <form action="login.php" method="POST">
        <div id="login">
                username:<br>
                <input type="text" name="username" value=<?php echo $username; ?>/><br><br>

                password:<br>
                <input type="password" name="password" value=<?php echo $password; ?>/><br><br>

                <input type="submit" value="Log In"/><br><br>
                <a href="register.php">Register</a>
                <ul>
                    <?php
                        error_output($errors);
                    ?>
                </ul>
        </div>
    </form>
</div>
    <?php
        include 'templates/footer/footer.php';
    ?>
</body>
</html>

修改 

input:
username: test
password:

输入无效,就像你看到的那样,因为没有密码所以网站会重新显示一个带有userinput +添加的斜杠的表单

output: 
username: test/ 
password: ●

1 个答案:

答案 0 :(得分:2)

在您的HTML中:

<input type="text" name="username" value=<?php echo $username; ?>/>

您错过了value属性的双引号:

<input type="text" name="username" value="<?php echo $username; ?>"/>

密码也一样。

相关问题
最新问题