我收到以下所有错误消息的未定义变量:
if(isset($_POST['nome'])){
$name = $_POST['nome'];
}
if(isset($_POST['email'])){
$email = $_POST['email'];
}
if(isset($_POST['password'])){
$password = $_POST['password'];
}
如果我使用REQUEST而不是POST它可以工作,但我认为最好将POST用于用户表单。
这是我的整个PHP代码:
<?php
define('DB_HOST', 'localhost');
define('DB_NAME', 'class_rate');
define('DB_USER', 'root');
define('DB_PASSWORD', 'vB42lL&69_r');
$con = mysqli_connect(DB_HOST, DB_USER);
if(!$con){
die("Databese Connection Failed" . mysqli_error($con));
}
$db = mysqli_select_db($con, DB_NAME);
if(!$db){
die("Databese Selection Failed" . mysqli_error($con));
}
function NewUser($con, $db){
if(isset($_POST['nome'])){
$name = $_POST['nome'];
}
if(isset($_POST['email'])){
$email = $_POST['email'];
}
if(isset($_POST['password'])){
$password = $_POST['password'];
}
$query = "INSERT INTO users (nome_user,email_user,passw_user) VALUES ('$name','$email','$password')";
$data = mysqli_query($con, $query)or die(mysqli_error($con));
if($data) {
echo "YOUR REGISTRATION IS COMPLETED...";
}
}
function SignUp($con,$db){
if (!empty($_POST['email'])) {
$query = mysqli_query("SELECT * FROM users WHERE email_user = '$_POST[email]' AND passw_user = '$_POST[password]'") or die(mysqli_error($con));
if(!$row = mysqli_fetch_array($query) or die(mysqli_error($con)) ){
NewUser($con,$db);
}
}
else{
echo "Email already registered!";
}
}
if($_SERVER['REQUEST_METHOD'] == "POST"){
SignUp($con,$db);
}
?>
我不知道我的问题是否与表单的HTML代码有关,所以我也将其包含在这里:
<form action="cadastro.php" method="post">
<label><b>Nome:</b></label>
<div>
<input type="text" placeholder="Nome" id = "nome"name="nome" required>
</div>
<label><b>Email:</b></label>
<div>
<input type="email" placeholder="Email" id = "email "name="email" required>
</div>
<label><b>Confirmar Email:</b></label>
<div>
<input type="email" placeholder="Confirmar Email" id="confirmar_email" name="confirmar_email" required>
</div>
<label><b>Universidade:</b></label>
<div>
<input type="text" placeholder="Universidade" id="universidade" name="universidade" required>
</div>
<label><b>Curso:</b></label>
<div>
<input type="text" placeholder="Curso" id="curso" name="curso" required>
</div>
<label><b>Senha:</b></label>
<div>
<input type="password" placeholder="Senha" id="password" name="password" required>
</div>
<label><b>Confirmar Senha:</b></label>
<div>
<input type="password" placeholder="Confirmar Senha" id="confirmar_password" name="confirmar_password" required>
</div>
<input type="checkbox"> Ao apertar na caixa voce confirma que leu e conconrda com os <a href="#">Termos e Condicoes</a>.
<div class="botoes">
<button name = "sub" id = "sub" type="submit" class="signupbtn">Confirmar</button>
<button name = "cancel" id = "cancel" type="button" class="cancelbtn">Cancelar</button>
</div>
</form>
答案 0 :(得分:0)
正如你所说的所有php脚本所说的那样,对于所有类型的攻击都是完全容易受到攻击的。请使用Php PDO&amp;不要避免编码安全性。 关于你的问题:
更改此
<button type='submit' ></button>
要
<input type='submit' value='submit' />
确保所有这些内部形式标记。 当使用某些java脚本时,按钮是首选,但在您的代码中,我没有看到任何java脚本,因此请避免使用它。 希望它有所帮助。