"并非所有字段都已输入,"当我提交表格时。我使用的是PHP 7

时间:2018-05-28 13:57:03

标签: php

我是PHP的新手:我已经搜索了20多个答案并尝试了各种编码而没有解决问题。我的问题显然在过去与其他用户一起引起了问题,因为问题已被多次提出。问题是我收到了"并未输入所有字段,"当我提交表格时。我使用的是PHP 7。

我知道我已连接到我的MySQL数据库,因为我得到了一个返回,"连接到MySQL"当我提交查询 - msqlconnect.php

这是我的代码:

<?php
include_once 'functions.php';
$error = $user = $pass = "";

if ($_POST &&isset($_POST['user'], $_POST['pass'])) {
    $user = sanitizeString($_POST['user']);
    $pass = sanitizeString($_POST['pass']);


    if ($user == "" || $pass == "") {
        $error = "Not all fields were entered<br />";
    } else {
        $token = md5("$pass");

        $query = 'SELECT user,pass FROM password
              WHERE user='$user' AND pass=\'$token\'';

        if (mysql_num_rows(queryMysql($query)) == 0) {
            $error = "Username/Password invalid<br />";
        } else {
            $_SESSION['user'] = $user;
            $_SESSION['pass'] = $token;
            die("You are now logged in. Please
               <a href='xxxx_member.php?view=$user'>click here</a>.");
        }
    }
}

    echo <<<_END
    <form method='post' action='xxxx.php'>$error<br />
    E-Mail Address: <input type='text' maxlength='255' name='user'
value='$user' /><br /><br />
    Password:  <input type='password' maxlength='255' name='pass'
value='$pass' /><br />
    <br /><br />
    <input type='submit' value='Login' />
    </form>
    _END;
    ?>

在我看来,代码并没有超越第一个&#39;其他&#39;但我无法理解为什么。

任何建议都将不胜感激。

根据要求,这里是&#39; sanitize&#39;功能:

    function sanitizeString($var)
    {
    $con = @mysqli_connect('localhost', 'root', '', 'test');
    $user = mysqli_real_escape_string($con, $_POST['user']);
    $psass = mysqli_real_escape_string($con, $_POST['pass']);

    }

    function sanitizemysqli($var)
    {
    $var = mysqli_real_escape_string($var);
    $var = sanitizeString($var);
    return $var;
    }

1 个答案:

答案 0 :(得分:0)

我认为问题出现是因为函数sanitizeString没有返回正确的字符串并且返回一个空字符串。这就是为什么你总能看到相同的信息。 我会调试这些变量,看看它们是否被填充。像这样:

 <?php
    include_once 'functions.php';
    $error = $user = $pass = "";

    if ($_POST &&isset($_POST['user'], $_POST['pass'])) 

    {
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
var_dump($_POST);
var_dump($user);
var_dump($pass);
die();


if ($user == "" || $pass == "")
{
    $error = "Not all fields were entered<br />";
}
else
{
    $token = md5("$pass");

    $query = "SELECT user,pass FROM password
              WHERE user='$user' AND pass='$token'";

    if (mysql_num_rows(queryMysql($query)) == 0)
    {
        $error = "Username/Password invalid<br />";
    }
    else
    {
        $_SESSION['user'] = $user;
        $_SESSION['pass'] = $token;
        die("You are now logged in. Please
           <a href='xxxx_member.php?view=$user'>click here</a>.");
    }
}
    }



    echo <<<_END
    <form method='post' action='xxxx.php'>$error<br />
    E-Mail Address: <input type='text' maxlength='255' name='user'
value='$user' /><br /><br />
    Password:  <input type='password' maxlength='255' name='pass'
value='$pass' /><br />
    <br /><br />
    <input type='submit' value='Login' />
    </form>
    _END;
    ?>

通过这种方式,您可以逐步检查发生了什么。

相关问题
最新问题