Question

好奇为什么当我点击提交按钮并且动作发生到我的php页面时，页面只是更改为action_page.php并且具有整个php文件的平面黑色文本。显然这意味着Php文件没有被执行，但我不能为我的生活理解为什么。

我知道php是作为PHP V7.0.4安装的，我的服务器运行得很好。

这是php：

 <?php
    //setting variables for connecting to database
    $host     = 'localhost';
    $username = 'root';
    $password = '';
    $db       = 'aquamandb';
    date_default_timezone_set('America/Chicago');

    //connecting to the database
    $connect  = new mysqli($host,$username, $password, $db) or die("Unable to connect");

    //getting the username, and password for sanitizing
    $_US_username = $_POST['username'];
    $_US_password = $_POST['password'];

    //sanitize the variable to remove SQL statements that could drop the database potentially.
    $username     = mysql_real_escape_string($_US_username);
    $password     = mysql_real_escape_string($_US_password);

    $sql      = "SELECT * FROM user WHERE username = '$username' AND password = '$password'";
    $result   = mysqli_query($sql);

    $numrows = mysql_num_rows($result);

    if($numrows > 0)
    {
        while($row = mysqli_fetch_assoc($result))
        {
            echo "id: " . $row["userID"]. " - UserName: " . $row["username"]. " " . $row["password"]. " - Type: " . $row["type"]. "<br>";
        }
    }
    else
    {
        echo "username does not match!";
    }
?>

这是html：

     <!DOCTYPE html><!-- login.html -->
<?php include "../php/action_page.php"; ?>
<html>
<head lang="en">
    <meta charset="UTF-8">
    <title>Login</title>
    <link href="css/login_2.css" rel="stylesheet">
</head>
<body>
    <div class="login-form">
        <form id = "login_form" action="php/action_page.php" method ="POST">
                <h1> Login </h1>
                <input type='hidden' name='submitted' id='submitted' value='1' />

                <div class="form">
                <input type ="text" name='username' class="credentials-form" placeholder="Username" id="Username">
            </div>
            <div class="form data">
                <input type ="password" name='password' class="credentials-form" placeholder="Password" id="Password">
            </div>
            <input type='submit' name='Submit' value='Login' class='button'/>
            <button type="button" class="button" id="acc" onclick="location.href='createAccount.html';"><span>Create Account</span></button>
    </form>
</div>

Answer 1

您在php7中使用mysql_ *函数。 mysql_ *函数完全从php7中删除。并且为了避免sql注入使用下面的代码。

$sql = $connect->prepare("select * from user where username = ? and password=?");
$sql->bind_param("ss",$_US_username,$_US_password);
$sql->execute();
$result=$sql->get_result(); 
$row=$result->fetch_assoc();

PHP被误读，代码被转换为平面HTML文本

1 个答案: