<?php
$output = NULL;
$ip = $_SERVER['REMOTE_ADDR'];
if (isset($POST['submit'])) {
$username = $mysqli->real_escape_string($_post['username']);
$password = $mysqli->real_escape_string($_post['password']);
$rpassword = $mysqli->real_escape_string($_post['rpassword']);
$email = $mysqli->real_escape_string($_post['email']);
$query = $mysqli->query("SELECT * FROM users WHERE username = '$username'");
if (empty($username) OR empty($password) OR empty($email) or empty($rpassword)) {
$output = "Please fill in all fields!";
} elseif ($query->num_rows != 0) {
$output = "That username is already taken!";
} elseif ($rpassword != $password) {
$output = "Password does not match!";
}
}
?>
稍后在脚本中,我使用了这个:
<?php
echo $output;
?>
它没有回显,是的,我添加了mysqli查询,但为了数据库的安全性我删除了它。您还可以看到它不会在网站上回显: vobern.com
答案 0 :(得分:3)
PHP是一种区分大小写的语言。 $_POST和$_post之间存在差异。您可能还想考虑这一点。现在为什么不尝试这样做?
<?php
$output = NULL;
$ip = $_SERVER['REMOTE_ADDR'];
if(isset($_POST['submit'])){
// FOR THE VARIABLES BELOW, THERE IS A DIFFERENCE BETWEEN
// $_POST AND $_post (AS YOU WROTE)....
$username = htmlspecialchars(trim($_POST['username']));
$password = htmlspecialchars(trim($_POST['password']));
$rpassword = htmlspecialchars(trim($_POST['rpassword']));
$email = htmlspecialchars(trim($_POST['email']));
$query = $mysqli->query("SELECT * FROM users WHERE username = '$username'");
if (empty($username) || empty($password) || empty($email) || empty($rpassword)){
$output = "Please fill in all fields!";
}elseif($query->num_rows != 0){
$output = "That username is already taken!";
}elseif ($rpassword != $password){
$output = "Password does not match!";
}
}else{
// IF THIS POINT IS REACHED, THEN EVERYTHING SHOULD BE OK
$output = "Login Data is Correct";
}
var_dump($output);
?>
答案 1 :(得分:0)
在评论DarkBee中指出您有很多错误
if(isset($POST['submit'])) replace this with if(isset($_POST['submit']))
答案 2 :(得分:0)
代码中的所有$ _post都应该是大写的$ _POST。 你还可以在最后一个
添加一个 elseif ($rpassword != $password){
$output = "Password does not match!";
}else{
$output = "Valid input!";
}