我有这个ajax代码。 数据包含登录凭据。
$.ajax({
url: "app/php/login.php",
type: "GET",
data: data,
dataType: 'json',
async: true,
success: function(response){
blah blah
}
})
这是我的login.php。每当我发送请求时,都会弹出一条警告,其中显示消息 Something Went Wrong 。我这样做对吗?请原谅我在登录中使用GET方法
header('Content-Type: application/json');
$dbconn = mysqli_connect("localhost","root","","alumni_tracker") or die("Could not connect to database!"); //host, username, password, db
mysqli_select_db($dbconn,"alumni_tracker");
$student_no = $_GET["student_no"];
$password = $_GET["password"];
$query = "SELECT * FROM user WHERE student_no= '$student_no' AND password=MD5('$password')";
$res = mysqli_query($dbconn, $query);
if(empty($res)){
$data = "1";
}
else if(!empty($res) && $student_no == "111111111"){
$data = "2";
}
else{
while($row = mysqli_fetch_array($res)){
$data = array('student_no'=>$row['student_no'],'password'=>$row['password']);
}
}
return json_encode($data);
exit();
答案 0 :(得分:1)
无视安全问题,修复方法是在 json_encode($ data)
中使用 echo 而不是 return