我是PHP的初学者并且正在使用参数$ _POST发现mysqli_real_escape的登录项目 错误:未定义的索引,所以你认为它可能是重复的主题,但对于这种情况,它在mysqli_real_escape函数
所以我用isset修复错误但它仍然有错误:语法错误,意外'如果'(T_IF)
这是我的代码。
session_start();
$con = mysqli_connect("localhost","root","", "test2");
$sql = "SELECT * FROM member WHERE Username = '".mysqli_real_escape_string($con, $_POST['username'])."'
AND Password = '".mysqli_real_escape_string($con, $_POST['password'])."'";
$query = mysqli_query($con, $sql);
这是我的尝试。
mysqli_real_escape_string($con, if(isset($_POST['password'])) $_POST['password'])
页面:index.php
<form name="form1" method="post" action="login.php">
<b>Login</b><br><br>
<table border="1" style="width: 300px">
<tr>
<td> Username</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td> Password</td>
<td><input type="password" name="password"></td>
</tr>
</table>
<br>
<input type="submit" name="Submit" value="Login">
<a href="regispage.php"> Register </a>
答案 0 :(得分:1)
请检查您的查询
$username = $password = ''; // To escape the undefined variable/index error
// Or you can simply use at the beginning, error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING); to suppress notice and warning type error
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$sql = "SELECT * FROM member WHERE Username = '{$username}' AND Password = '{$password}'";
希望它能奏效。还有一件事请使用加密密码进行良好练习。
答案 1 :(得分:0)
如果之前你应该使用它。
$ con = .....
$username = $password = '';
if (isset($_POST['password'])) {
$password = mysqli_real_escape_stringw($con, $_POST['password']);
}
if (isset($_POST['username'])) {
$username = mysqli_real_escape_string($con, $_POST['username'])
}
$sql = "SELECT * FROM member WHERE Username = '".$username"' AND Password = '".$password."'";
这可以作为更清晰的代码,并提供更好的可读性。