&引用;并非所有字段都已输入,";当我提交表格时。我正在使用PHP7
我是PHP新手:我搜索了20多个答案,并尝试了建议的各种编码,但没有解决问题。我的问题显然在过去引起了其他用户的问题,因为这个问题被问了很多次。问题是,当我提交表单时,我会得到一个“并非所有字段都已输入”的返回。我使用的是PHP7 我知道我已连接到MySQL数据库,因为当我提交查询-msqlconnect.php时,返回“connected to MySQL” 这是我的密码:&引用;并非所有字段都已输入,";当我提交表格时。我正在使用PHP7,php,Php,我是PHP新手:我搜索了20多个答案,并尝试了建议的各种编码,但没有解决问题。我的问题显然在过去引起了其他用户的问题,因为这个问题被问了很多次。问题是,当我提交表单时,我会得到一个“并非所有字段都已输入”的返回。我使用的是PHP7 我知道我已连接到MySQL数据库,因为当我提交查询-msqlconnect.php时,返回“connected to MySQL” 这是我的密码: <?php include_once 'functions.php'; $error = $user = $pas
<?php
include_once 'functions.php';
$error = $user = $pass = "";
if ($_POST &&isset($_POST['user'], $_POST['pass'])) {
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if ($user == "" || $pass == "") {
$error = "Not all fields were entered<br />";
} else {
$token = md5("$pass");
$query = 'SELECT user,pass FROM password
WHERE user='$user' AND pass=\'$token\'';
if (mysql_num_rows(queryMysql($query)) == 0) {
$error = "Username/Password invalid<br />";
} else {
$_SESSION['user'] = $user;
$_SESSION['pass'] = $token;
die("You are now logged in. Please
<a href='xxxx_member.php?view=$user'>click here</a>.");
}
}
}
echo <<<_END
<form method='post' action='xxxx.php'>$error<br />
E-Mail Address: <input type='text' maxlength='255' name='user'
value='$user' /><br /><br />
Password: <input type='password' maxlength='255' name='pass'
value='$pass' /><br />
<br /><br />
<input type='submit' value='Login' />
</form>
_END;
?>
我认为出现问题是因为函数sanitizeString没有返回正确的字符串,而是返回了一个空字符串。这就是为什么你总是看到相同的信息。 我会调试这些变量,看看它们是否已填充。大概是这样的:
<?php
include_once 'functions.php';
$error = $user = $pass = "";
if ($_POST &&isset($_POST['user'], $_POST['pass']))
{
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
var_dump($_POST);
var_dump($user);
var_dump($pass);
die();
if ($user == "" || $pass == "")
{
$error = "Not all fields were entered<br />";
}
else
{
$token = md5("$pass");
$query = "SELECT user,pass FROM password
WHERE user='$user' AND pass='$token'";
if (mysql_num_rows(queryMysql($query)) == 0)
{
$error = "Username/Password invalid<br />";
}
else
{
$_SESSION['user'] = $user;
$_SESSION['pass'] = $token;
die("You are now logged in. Please
<a href='xxxx_member.php?view=$user'>click here</a>.");
}
}
}
echo <<<_END
<form method='post' action='xxxx.php'>$error<br />
E-Mail Address: <input type='text' maxlength='255' name='user'
value='$user' /><br /><br />
Password: <input type='password' maxlength='255' name='pass'
value='$pass' /><br />
<br /><br />
<input type='submit' value='Login' />
</form>
_END;
?>
有了这个,你可以一步一步地检查发生了什么。你还应该发布函数代码
sanitizeString
警告:mysql\u num\u rows()
和所有mysql\u xx
函数很久以前就被弃用了,并且从PHP7开始被删除。出于安全原因,您不能在代码中使用它们。请参阅Crozet-Seen,Understanding and edited.CBroe and Jack:谢谢:@Hamish请编辑您的问题,以包含消毒功能,而不是下面的答案。我尝试了另一个浏览器,它返回:“数组(2){[“用户”]=>string(6)“xxxxxx”[“传递”]=>string(3)“xxx”}NULL”。但我不明白它在告诉我什么。那件事是什么时候发生的?如果不删除Sanitizestring功能,请单独尝试查看发生了什么:当我在2个字段中输入数据并单击“提交”时,就会发生这种情况。返回上面的错误。
<?php
include_once 'functions.php';
$error = $user = $pass = "";
if ($_POST &&isset($_POST['user'], $_POST['pass']))
{
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
var_dump($_POST);
var_dump($user);
var_dump($pass);
die();
if ($user == "" || $pass == "")
{
$error = "Not all fields were entered<br />";
}
else
{
$token = md5("$pass");
$query = "SELECT user,pass FROM password
WHERE user='$user' AND pass='$token'";
if (mysql_num_rows(queryMysql($query)) == 0)
{
$error = "Username/Password invalid<br />";
}
else
{
$_SESSION['user'] = $user;
$_SESSION['pass'] = $token;
die("You are now logged in. Please
<a href='xxxx_member.php?view=$user'>click here</a>.");
}
}
}
echo <<<_END
<form method='post' action='xxxx.php'>$error<br />
E-Mail Address: <input type='text' maxlength='255' name='user'
value='$user' /><br /><br />
Password: <input type='password' maxlength='255' name='pass'
value='$pass' /><br />
<br /><br />
<input type='submit' value='Login' />
</form>
_END;
?>