$ _SESSION上的未定义索引和所有$ _POST部分

时间:2017-05-06 01:06:19

标签: php mysqli registration

我想为我的网站制作注册表格。但我遇到了错误,这是我的代码:

<?php

/* Registration process, inserts user info into the database 
and sends account confirmation email message
*/

// Set session variables to be used on profile.php page

$_SESSION['email'] = $_POST['email'];
$_SESSION['first_name'] = $_POST['firstname'];
$_SESSION['last_name'] = $_POST['lastname'];


$mysqli = mysqli_connect("localhost","root","","data");

// Check connection
if (mysqli_connect_errno())
 {
 echo "Failed to connect to MySQL: " . mysqli_connect_error();
 }

 // Escape all $_POST variables to protect against SQL injections
$first_name = $mysqli->escape_string($_POST['firstname']);
$last_name = $mysqli->escape_string($_POST['lastname']);
$email = $mysqli->escape_string($_POST['email']);
$password = $mysqli->escape_string(password_hash($_POST['password'],                     
PASSWORD_BCRYPT));
 $hash = $mysqli->escape_string( md5( rand(0,1000) ) );

  // Check if user with that email already exists
  $result = $mysqli->query("SELECT * FROM login WHERE email='$email'") or        
 die($mysqli->error());

// We know user email exists if the rows returned are more than 0
if ( $result->num_rows > 0 ) {

$_SESSION['message'] = 'User with this email already exists!';
header("location: error.php");

  }
 else { // Email doesn't already exist in a database, proceed...

// active is 0 by DEFAULT (no need to include it here)
$sql = "INSERT INTO login (first_name, last_name, email, password, hash)" 
        ."VALUES ('$first_name','$last_name','$email','$password',     '           
   $hash')";

// Add user to the database
if ( $mysqli->query($sql) ){

    $_SESSION['active'] = 0; //0 until user activates their account with    

  verify.php
    $_SESSION['logged_in'] = true; // So we know the user has logged in
    $_SESSION['message'] =

             "Confirmation link has been sent to $email, please verify
             your account by clicking on the link in the message!";

    // Send registration confirmation link (verify.php)
    $to      = $email;
    $subject = 'Account Verification ( clevertechie.com )';
    $message_body = '
    Hello '.$first_name.',

    Thank you for signing up!

    Please click this link to activate your account:

    http://localhost/login-system/verify.php?email='.$email.'&               
    hash='.$hash;  

    mail( $to, $subject, $message_body );

    header("location: profile.php"); 

     }


else {
    $_SESSION['message'] = 'Registration failed!';
    header("location: error.php");
    exit();
}

 }

错误状态:

Undefined index: firstname, lastname, email, password

在行设置会话变量和换行符所有$ _POST变量以保护SQL注入。任何人都知道如何解决此错误。谢谢。

2 个答案:

答案 0 :(得分:0)

您在代码开头缺少session_start(),这需要在您向浏览器回送/输出任何内容之前调用。

您还需要将session_start添加到error.php,以便从那里的会话中阅读。

  

当调用session_start()或会话自动启动时,PHP将调用open和read会话保存处理程序...

     

读取回调将检索任何现有的会话数据(以特殊的序列化格式存储),并且将被反序列化并用于在读取回调将已保存的会话数据返回到PHP会话处理时自动填充$ _SESSION超全局。

请参阅:http://php.net/manual/en/function.session-start.php

答案 1 :(得分:0)

If(isset($_POST['first_name']) &&     isset($_POST['last_name']) && isset($_POST['email'])){
 // Escape all $_POST variables to protect  against SQL injections
$first_name = $mysqli->escape_string($_POST['firstname']);
$last_name = $mysqli- >escape_string($_POST['lastname']);
}

在PHP中,从未设置过的变量或数组元素与值为null的变量或数组元素不同。尝试访问此类未设置值是运行时错误。

您遇到的是:数组$ _POST在索引中没有任何元素&#34;用户名&#34;,因此解释程序会在您的程序到达之前中止您的程序无效性测试。

相关问题
最新问题