Notice: Undefined variable: username in C:\xampp\htdocs\test_class.php
on line 20
Notice: Undefined variable: password in C:\xampp\htdocs\test_class.php
on line 20
当我使用这段代码检查我的数据库的用户名和密码时,我收到了上述错误。
<?php
class test_class {
public function __construct() {
}
public function doLogin() {
include("connection.php");
if (isset($_POST['username']))
{
$username= $_POST['username'];
}
if (isset($_POST['password']))
{
$password= $_POST['password'];
}
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_fetch_array(mysql_query($query));
if(!$result)
{
return 'assa';
}else{
return 'assa112121212';
}
}
}
?>
答案 0 :(得分:11)
这很可能意味着您的表单尚未提交。您应该确保只使用变量(如果存在)。此外,您应never ever使用用户的输入而不验证它。请尝试以下操作,例如:
if (isset($_POST['username']) && isset($_POST['password']))
{
$username= $_POST['username'];
$password= $_POST['password'];
$query = "SELECT *
FROM users
WHERE username = '".mysql_real_escape_string($username)."'
AND password = '".mysql_real_escape_string($password)."'";
$result = mysql_fetch_array(mysql_query($query));
# ...
}
else
{
return NULL;
}
答案 1 :(得分:10)
这只是通知,在查询中引用变量而不在范围内。
在doLogin()的顶部定义$ username和$ password,并将它们初始化为Null或类似。然后再检查一下。
无论是否设置了$ username和$ password,您似乎也在执行查询。你应该做更多的事情:
if( isset($_POST['username']) && isset($_POST['password'])){
//create vars, do query
}else{
// Nothing to process
}
这两个错误都发生在第20行,我假设是查询字符串插值。这里的问题是:
另外:转换变量,然后将它们像热煤一样转储到SQL 中 请参阅PDO(我会选择)或mysql_escape_string()
祝你好运!
答案 2 :(得分:3)
一个更快乐的课程和免费的bug:)
<?php
class test_class
{
private $post = array();
public function __construct ()
{
}
public function doLogin ()
{
$this->post = $_POST;
include ("connection.php");
if ($this->post['username'] && $this->post['password']) {
$username = $this->post['username'];
$password = $this->post['password'];
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_fetch_array(mysql_query($query));
if (! $result) {
return 'assa';
} else {
return 'assa112121212';
}
}
}
}
?>
答案 3 :(得分:1)
<?php
class test_class {
public function doLogin() {
include("connection.php");
if (isset($_POST['username']) && isset($_POST['password']) {
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * ".
"FROM users " .
"WHERE username = '$username' ".
" AND password = '$password'";
$result = mysql_fetch_array(mysql_query($query));
if(!$result) {
return 'assa';
} else {
return 'assa112121212';
}
} else {
echo "Missing parameter 'username' and/or 'password'";
}
}
}
此外,您应该escape $ username 和 $ password 以避免sql injection攻击。
答案 4 :(得分:1)
您还在检查数据库是否提供了用户名和密码。
也许是这样的事情;
public function doLogin() {
include("connection.php");
$username = (isset($_POST['username'])) ? $_POST['username'] : NULL ;
$password = (isset($_POST['password'])) ? $_POST['password'] : NULL ;
if ( $username !== NULL && $password !== NULL ) {
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_fetch_array(mysql_query($query));
/* auth code here */
} else {
return false; // no u/p provided
}
}
答案 5 :(得分:0)
您将要使用error_reporting(E_ALL ^ E_NOTICE);从Sam链接到的页面。通知实际上是不必要的,就像在gcc中使用WALL和WERROR标志一样。