<?php
$email = mysqli_stmt_bind_param("s", $_POST['email']);
$password = mysqli_stmt_bind_param("s", $_POST['password']);
$select = mysqli_query($con, "SELECT * FROM faculty where facultyEmail = $email");
if(mysqli_num_rows($select)==0){
$result = array("status"=>0, "msg"=>"Faculty Member Does Not Exist");
}else{
while ($row = mysqli_fetch_array($select)) {
$checkPassword = $row['password'];
}
if($password==$checkPassword){
#Use encrypted password instead.
$result = array("status"=>1, "msg"=>"Faculty Member now logged in.");
}else{
$result = array("status"=>0, "msg"=>"Password entered is wrong.");
}
}
header('Content-type: application/json');
echo json_encode(array("index" => htmlspecialchars($result)));
?>
htmlspecialchars()函数返回null。我试图阻止它进行XSS攻击。怎么解决呢提前谢谢。