当我单击“注册”按钮时,我希望将页面重定向到server.php,以便它可以运行验证(名为reg_user)。
但是当点击该按钮时,该页面只会刷新到相同的内容。没有显示验证/错误消息。
下面是我的server.php的代码,我已经说明了我想要发生的所有验证:
<?php
session_start();
// initializing variables
$name = "";
$email = "";
$username = "";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', 'root', 'register');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$name = mysqli_real_escape_string($db, $_POST['name']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$username = mysqli_real_escape_string($db, $_POST['username']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($name)) { array_push($errors, "Full name is required");
}
if (empty($email)) { array_push($errors, "Email is required");
}
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}
// ...
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
以下是注册用户的html页面:
<?php include('server.php') ?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Register</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="css/util.css">
<link rel="stylesheet" type="text/css" href="css/main.css">
</head>
<body style="background-color: #999999;">
<div class="header">
<div class="limiter">
<div class="container-login100">
<div class="login100-more" style="background-image: url('images/bg-01.jpg');"></div>
<div class="wrap-login100 p-l-50 p-r-50 p-t-72 p-b-50">
<form class="login100-form validate-form">
<span class="login100-form-title p-b-59">
Sign Up
</span>
<form method="post" action="register.php">
<?php include('errors.php'); ?>
<div class="wrap-input100 validate-input">
<span class="label-input100">Full Name</span>
<input class="input100" type="text" name="name" placeholder="Name...">
<span class="focus-input100"></span>
</div>
<!------------------------------------------->
<div class="wrap-input100 validate-input">
<span class="label-input100">Email</span>
<input class="input100" type="text" name="email" placeholder="Email addess...">
<span class="focus-input100"></span>
</div>
<!------------------------------------------->
<div class="wrap-input100 validate-input">
<span class="label-input100">Username</span>
<input class="input100" type="text" name="username" placeholder="Username...">
<span class="focus-input100"></span>
</div>
<!------------------------------------------->
<div class="wrap-input100 validate-input">
<span class="label-input100">Password</span>
<input class="input100" type="password" name="password_1" placeholder="*************">
<span class="focus-input100"></span>
</div>
<!------------------------------------------->
<div class="wrap-input100 validate-input">
<span class="label-input100">Repeat Password</span>
<input class="input100" type="password" name="password_2" placeholder="*************">
<span class="focus-input100"></span>
</div>
<!------------------------------------------->
<div class="flex-m w-full p-b-33">
<div class="contact100-form-checkbox">
<input class="input-checkbox100" id="ckb1" type="checkbox" name="remember-me">
<label class="label-checkbox100" for="ckb1">
<span class="txt1">
I agree to the
<a href="#" class="txt2 hov1">
Terms of User
</a>
</span>
</label>
</div>
</div>
<div class="container-login100-form-btn">
<div class="wrap-login100-form-btn">
<div class="login100-form-bgbtn" ></div>
<button type = "submit" class="login100-form-btn" name="reg_user">
Sign Up
</button>
</div>
<a href="register.php" class="dis-block txt3 hov1 p-r-30 p-t-10 p-b-10 p-l-30">
Sign in
<i class="fa fa-long-arrow-right m-l-5"></i>
</a>
</div>
</form>
</form>
</div>
</div>
</div>
</div>
</body>
</html>
<!-- ===============================================================================================-->
<!--<script src="vendor/jquery/jquery-3.2.1.min.js"></script>
<!--===============================================================================================-->
<!--<script src="vendor/animsition/js/animsition.min.js"></script>
<!--===============================================================================================-->
<!--<script src="vendor/bootstrap/js/popper.js"></script>
<script src="vendor/bootstrap/js/bootstrap.min.js"></script>
<!--===============================================================================================-->
<!--<script src="vendor/select2/select2.min.js"></script>-->
<!--===============================================================================================-->
<!--<script src="vendor/daterangepicker/moment.min.js"></script>
<script src="vendor/daterangepicker/daterangepicker.js"></script>
<!--===============================================================================================-->
<!--<script src="vendor/countdowntime/countdowntime.js"></script>
<!--===============================================================================================-->
<!--<script src="js/main.js"></script>
</body>
</html>
我正在使用mysql创建一个名为'register'的数据库,该数据库有一个名为'users'的表,其中包含名称,用户名,电子邮件和密码字段。
提前致谢!
答案 0 :(得分:0)
在表单提交中使用Post Requests实际上是一种很好的做法。这通常更安全! 以下是您需要对表单标记进行的更改,以便您重定向到server.php并使用Post请求发送数据。
替换:
// (previous code from question)
NFinger finger;
finger.SetFileName("F:\\input\\000001\\MDT1.BMP");
finger.SetPosition(nfpUnknown);
finger.SetImpressionType(nfitNonliveScanPlain);
// Needed initializations:
Client::NBiometricClient m_biometricClient;
m_biometricClient.SetFingersReturnProcessedImage(true);
NBiometricTask task = m_biometricClient.CreateTask(nboEnroll, NULL);
NSubject subject;
subject.SetId("F:\\input\\000001\\MDT1.BMP"); // I'm just using the filename as argument as its purpose is rather temporary
subject.GetFingers().Add(finger);
task.GetSubjects().Add(subject);
m_biometricClient.PerformTask(task);
// ok, everything should work now
// (...)
使用:
(plot4 <- ggplot(p3, aes(x, y)) +
geom_ribbon(aes(group=cut(p3$x,c(0,70,85,max(p3$x)))),ymin = p3$lcl, ymax = p3$ucl, fill = "black", alpha = 0.05) +
geom_line(color = "black", size = 1, aes(group=cut(p3$x,c(0,70,85,max(p3$x))))) +
geom_line(aes(x, cl, group=cut(p3$x,c(0,70,85,max(p3$x))))) +
geom_point(color = "black" , fill = "black", size = 2) +
geom_point(data = p3 %>% filter(sigma.signal == TRUE), color = "red", size = 2) +
ggtitle(label = NULL) +
labs(x = NULL, y = NULL) +
scale_y_continuous(breaks = seq(0, 100, by = 10)) +
coord_cartesian(ylim = c(0, 100)) +
theme_bw() +
theme(
text = element_text(size = 18),
axis.text.x = element_text(angle = 90, vjust = 0.5, hjust = 0.6),
axis.text.y = NULL,
panel.grid.major = element_blank(),
panel.grid.minor = element_blank(),
strip.text.x = element_text(size = 14, color = "black", angle = 0)))
从我看到你发送的名称,电子邮件,用户名,密码_1,密码_2,reg_user作为请求参数。最好在你的server.php文件中进行一些验证。
<form class="login100-form validate-form">
这样你也只允许访问POST请求。
$ _ POST对象包含所有请求数据。
<form action="server.php" method="post" class="login100-form validate-form">
关于提到的SQL注入RiggsFolly,您需要稍微更改一下代码,如下所示:
<?php
if(!isset($_POST['name']) or !isset($_POST['email']) or !isset($_POST['username'])
or !isset($_POST['password_1']) or !isset($_POST['password_2']) or
!isset($_POST['reg_user']) or $_SERVER['REQUEST_METHOD'] !== 'POST'){
//redirect to an unauthorized page or something eg...
header("Location: unauthorized.php");
exit;
}
答案 1 :(得分:0)
您需要为表单标记添加属性才能发布
form action="server.php" method="POST">