dtt3399 2015-06-08 13:45
浏览 19
已采纳

为什么striplashes不会在没有斜杠的情况下返回数据?

When you press login on my site, the script uses mysqli_real_escape_string and than process the login.

When you are for example at the homepage and you press the login button there, the site goes to this file. if everything goes well, you will be redirected to the begin page but when something goes wrong, you will stay at this page and see a form. The form contains the data you entered before your pressed login. THAT data contains a slash at the end.

I want to remove the slashes by using stripslashes so I created a function called slash to remove them but when you enter the wrong things I still see the slashes.

//the slash function is placed in a previous loaded file
function slash($username, $password){
     $password =  stripslashes($password);
     $username =  stripslashes($username);
     return $username;
     return $password;
}

    if(empty($_POST === false)){
    $username = $_POST['username'];
    $password = $_POST['password'];

    //check if the fields are empty
    if (empty($username) || empty($password)){
        $errors[] = 'You need to enter a username and password';
    //check if the username exists
    }else if(user_exists($username) === false){
        $errors[] = 'We can\'t find that username';
        slash($username, $password);
    //check if the username is active
    }else if(user_active($username) === false){
        $errors[] = 'You haven\'t activated your account';
        slash($username, $password);
    //if none of the previous checks are false, log in
    }else{
        $login = login($username, $password);
        //if username or password is incorrect, display error
        if($login === false){
            $errors[] = 'That username or password combination is incorrect';
            slash($username, $password);
        //if everthing is fine, log in
        }else{
            //set the user session
            $_SESSION['user_id'] = $login;
            //redirect user to home
            header('Location: index.php');
            exit();
        }
    }

}
?>
<html>
<head>
    <link rel="stylesheet" href="css/error_login.css"/>
</head>
<body>
<?php
    include 'templates/menu/menu.php';
?>
<div class="error_login">
    <h3>Login</h3>
    <form action="login.php" method="POST">
        <div id="login">
                username:<br>
                <input type="text" name="username" value=<?php echo $username; ?>/><br><br>

                password:<br>
                <input type="password" name="password" value=<?php echo $password; ?>/><br><br>

                <input type="submit" value="Log In"/><br><br>
                <a href="register.php">Register</a>
                <ul>
                    <?php
                        error_output($errors);
                    ?>
                </ul>
        </div>
    </form>
</div>
    <?php
        include 'templates/footer/footer.php';
    ?>
</body>
</html>

edit

input:
username: test
password:

The input is invalid like your see because there is no password so the site will reshow a form with the userinput + an added slash

output: 
username: test/ 
password: ●
  • 写回答

1条回答 默认 最新

  • dtqie02844 2015-06-08 14:31
    关注

    In your HTML:

    <input type="text" name="username" value=<?php echo $username; ?>/>

    You missed the double-quotes to the value attribute:

    <input type="text" name="username" value="<?php echo $username; ?>"/>

    This is the same for password.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 基于卷积神经网络的声纹识别
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 stm32开发clion时遇到的编译问题