我对以下代码有疑问:
<?php
if (isset($_POST["newuser"])) {
include('Connections/conn.php');
$name = mysqli_real_escape_string($conn, $_POST["name"]);
$username = mysqli_real_escape_string($conn, $_POST["username"]);
$age = mysqli_real_escape_string($conn, $_POST["age"]);
$email = mysqli_real_escape_string($conn, $_POST["email"]);
$password = mysqli_real_escape_string($conn, $_POST["password"]);
$uid = uniqid();
$registration = "INSERT INTO KG_user(id,name,username,email,age,password,type,points,groupID,emailstatus,forumstatus) VALUES ('NULL','$name','$username','$email','$age','$password',1,0,0,1,1)";
$registration2 = "INSERT INTO KG_notifications(id,icon,message,user,link) VALUES (NULL,'far fa-smile', 'Welcome to Kinder Generation, we have amazing articles to get you started!','$username','!')";
$registrationresult = mysqli_query($conn, $registration) or die(mysqli_error($conn));
$registrationresult2 = mysqli_query($conn, $registration2) or die(mysqli_error($conn));
$username = $_SESSION["3047_2019_id"];
header("location: secure/hub.php");
exit;
$to = "$email";
$subject = "Thank you for registering to Kinder Generation!";
$message = "
<html>
<head>
<title>HTML email</title>
</head>
<body>
<p>This email contains HTML Tags!</p>
<table>
<tr>
<th>Firstname</th>
<th>Lastname</th>
</tr>
<tr>
<td>John</td>
<td>Doe</td>
</tr>
</table>
</body>
</html>
";
// Always set content-type when sending HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
// More headers
$headers .= 'From: <info@kindergeneration.com>' . "\r\n";
mail($to, $subject, $message, $headers);
}
?>
我不确定这是怎么回事,我已将表单设置为method="POST"
和action = ""
,还命名为form id ="newuser"
并将提交按钮ID设置为“ newuser”。
任何帮助都会很棒!
这是更新后的表格,我仍然不确定这里发生了什么。我已经做了很多次,我认为这只是一个愚蠢的错误。
<form method="POST" action="" name="newuser" id="newuser" class="px-5">
<h1 class="">Register now!</h1>
<div id="error">
</div>
<div class="form-group row"> <label for="name" class="col-form-label col-4">Name</label>
<div class="col-10">
<input type="text" name ="name" class="form-control" id="name" placeholder="Name" required="required"> </div>
</div>
<div class="form-group row"> <label for="username" class="col-form-label col-4">Username</label>
<div class="col-10">
<input type="text" name ="username" class="form-control" id="username" placeholder="Username" required="required"> </div>
</div>
<div class="form-group row"> <label for="age" class="col-form-label col-4">Age</label>
<div class="col-10">
<input type="number" name ="age" class="form-control" id="age" placeholder="Age" required="required"> </div>
</div>
<div class="form-group row"> <label for="email" class="col-form-label col-4">E-mail</label>
<div class="col-10">
<input type="email" class="form-control" id="email" placeholder="E-mail" required="required"> </div>
</div>
<div class="form-group row"> <label for="email" class="col-form-label col-4">E-mail</label>
<div class="col-10">
<input type="email" name ="cemail" class="form-control" id="cemail" placeholder="Enter again..." required="required"> </div>
</div>
<div class="form-group row"> <label for="password" class="col-form-label col-4">Password</label>
<div class="col-10">
<input type="password" class="form-control" id="password" placeholder="Password" required="required"> </div>
</div>
<div class="form-group row"> <label for="password" class="col-form-label col-4">Password</label>
<div class="col-10">
<input type="password" name ="cpassword" class="form-control" id="cpassword" placeholder="Password" required="required"> </div>
</div>
<div id="usersave">
</div>
<div id="usersavet">
</div>
<button type="submit" id="usersubmit" class="btn btn-primary btn-block btn-lg">Submit</button>
</form>
答案 0 :(得分:0)
发布<form>
代码后,就会出现以下问题:
$_POST["newuser"]
不是输入字段,这是您正在使用的表单名称。因此您可以将其添加为<button>
名称或更改此行:
if (isset($_POST["newuser"])) {
收件人:
if(count($_POST) > 0){
侧注::您的代码已广泛用于SQL注入,您可以在此处使用PDO防止SQL注入,还可以查看我的评论中的一些技巧。
一些参考文献:
How can I prevent SQL injection in PHP?
Are PDO prepared statements sufficient to prevent SQL injection?