出现在页面标题部分的PHP代码
出于某种明显的原因,我的PHP代码的一部分显示在页面的标题部分 我完全不明白为什么会发生这种情况。我重新检查了所有变量,并测试了如何在IE和Firefox上进行页面渲染,但同样的问题也出现了 reg.php:出现在页面标题部分的PHP代码,php,html,wamp,Php,Html,Wamp,出于某种明显的原因,我的PHP代码的一部分显示在页面的标题部分 我完全不明白为什么会发生这种情况。我重新检查了所有变量,并测试了如何在IE和Firefox上进行页面渲染,但同样的问题也出现了 reg.php: <? $registration = @$_POST[`submitReg`]; // Getting all other info from form and assigning it to variables $firstname = strip_tags(@$_POST
<?
$registration = @$_POST[`submitReg`];
// Getting all other info from form and assigning it to variables
$firstname = strip_tags(@$_POST[`fname`]);
$lastname = strip_tags(@$_POST[`lname`]);
$username = strip_tags(@$_POST[`username`]);
$email = strip_tags(@$_POST[`email`]);
$email2 = strip_tags(@$_POST[`email2`]);
$password = strip_tags(@$_POST[`password`]);
$password2 = strip_tags(@$_POST[`password2`]);
$DOBDay = strip_tags(@$_POST[`DOBDay`]);
$DOBMonth = strip_tags(@$_POST[`DOBMonth`]);
$DOBYear = strip_tags(@$_POST[`DOBYear`]);
$gender = strip_tags(@$_POST[`gender`]);
$sign_up_date = date("d-m-Y"); // Sign up date is not getting any data from the form
if ($registration) {
if ($email==$email2) {
// If both emails match, then check if user already exists:
$u_check = mysqli_query("SELECT username FROM users WHERE username='$username'"); // Count the amount of rows where username = $username
$e_check = mysqli_query("SELECT email FROM users WHERE email='$email'"); //Check whether Email already exists in the database
// checking the amount of rows where username is equal to $username - avoid two users with same username - same idea for email
$check = mysqli_num_rows($u_check);
$email_check = mysqli_num_rows($e_check);
if ($check == 0) {
if ($email_check == 0) {
// If no matches found then: 1. check all fields are completed correctly:
if ($firstname && $lastname && $username && $email && $email2 && $password && $password2 && $DOBDay && $DOBMonth && $DOBYear && $gender) {
// 1.2. check that passwords match:
if ($password==$password2) {
-------------------- CODE WHICH IS APPEARING IN THE HEADER ---------------------
// 1.2.1. Check fields are of valid length
if (strlen($username) > 25 || strlen($firstname) > 25 || strlen($lastname) > 25 || strlen($password) > 25) {
echo "The maximum character limit is 25.";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 6 characters
if (strlen($password)>25||strlen($password)<6) {
echo "Your password must be between 6 and 25 characters long!";
}
else
{
// if everything correct, encrypt passwords using MD5 before sending it to server.
$password = md5($password);
$password2 = md5($password2);
$query = mysqli_query("INSERT INTO users VALUES (``, `$firstname`, `$lastname`, `$username`, `$email`, `$password`, `$sign_up_date`)");
die("<h2>Welcome to Aston Unified</h2> Login to your account to get started ...");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
echo "Sorry, but it looks like someone has already used that email!";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}
_______________________________________________________________________
?>
似乎php短标记您应该在php.ini中启用短标记(在php.ini中添加short\u open\u tag=On)或使用您正在使用的php短标记(可能到处重复Dont-us@error消音器,通过使用isset()
或empty()测试$\u POST vaiables的存在来正确执行此操作
将代码转换为mysqli
不足以保护您免受SQL注入。您还必须使用准备好的语句。您的代码是黑客的天堂。
short_open_tag=On