我是PHP的新手:我已经搜索了20多个答案并尝试了各种编码而没有解决问题。我的问题显然在过去与其他用户一起引起了问题,因为问题已被多次提出。问题是我收到了"并未输入所有字段,"当我提交表格时。我使用的是PHP 7。
我知道我已连接到我的MySQL数据库,因为我得到了一个返回,"连接到MySQL"当我提交查询 - msqlconnect.php
时这是我的代码:
<?php
include_once 'functions.php';
$error = $user = $pass = "";
if ($_POST &&isset($_POST['user'], $_POST['pass'])) {
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if ($user == "" || $pass == "") {
$error = "Not all fields were entered<br />";
} else {
$token = md5("$pass");
$query = 'SELECT user,pass FROM password
WHERE user='$user' AND pass=\'$token\'';
if (mysql_num_rows(queryMysql($query)) == 0) {
$error = "Username/Password invalid<br />";
} else {
$_SESSION['user'] = $user;
$_SESSION['pass'] = $token;
die("You are now logged in. Please
<a href='xxxx_member.php?view=$user'>click here</a>.");
}
}
}
echo <<<_END
<form method='post' action='xxxx.php'>$error<br />
E-Mail Address: <input type='text' maxlength='255' name='user'
value='$user' /><br /><br />
Password: <input type='password' maxlength='255' name='pass'
value='$pass' /><br />
<br /><br />
<input type='submit' value='Login' />
</form>
_END;
?>
在我看来,代码并没有超越第一个&#39;其他&#39;但我无法理解为什么。
任何建议都将不胜感激。
根据要求,这里是&#39; sanitize&#39;功能:
function sanitizeString($var)
{
$con = @mysqli_connect('localhost', 'root', '', 'test');
$user = mysqli_real_escape_string($con, $_POST['user']);
$psass = mysqli_real_escape_string($con, $_POST['pass']);
}
function sanitizemysqli($var)
{
$var = mysqli_real_escape_string($var);
$var = sanitizeString($var);
return $var;
}
答案 0 :(得分:0)
我认为问题出现是因为函数sanitizeString没有返回正确的字符串并且返回一个空字符串。这就是为什么你总能看到相同的信息。 我会调试这些变量,看看它们是否被填充。像这样:
<?php
include_once 'functions.php';
$error = $user = $pass = "";
if ($_POST &&isset($_POST['user'], $_POST['pass']))
{
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
var_dump($_POST);
var_dump($user);
var_dump($pass);
die();
if ($user == "" || $pass == "")
{
$error = "Not all fields were entered<br />";
}
else
{
$token = md5("$pass");
$query = "SELECT user,pass FROM password
WHERE user='$user' AND pass='$token'";
if (mysql_num_rows(queryMysql($query)) == 0)
{
$error = "Username/Password invalid<br />";
}
else
{
$_SESSION['user'] = $user;
$_SESSION['pass'] = $token;
die("You are now logged in. Please
<a href='xxxx_member.php?view=$user'>click here</a>.");
}
}
}
echo <<<_END
<form method='post' action='xxxx.php'>$error<br />
E-Mail Address: <input type='text' maxlength='255' name='user'
value='$user' /><br /><br />
Password: <input type='password' maxlength='255' name='pass'
value='$pass' /><br />
<br /><br />
<input type='submit' value='Login' />
</form>
_END;
?>
通过这种方式,您可以逐步检查发生了什么。