dongzan1970
2015-06-15 13:45
浏览 71
已采纳

HTML表单没有将值传递给PHP(mysqli_real_escape_string)

HTML

<form type="POST" action="includes/login.php">
    <input type="email" name="email" placeholder="email" />
    <input type="password" name="password" placeholder="parola" />
    <input type="submit" value="Login">
</form>

PHP

<?php
require_once 'config.php';

if(isset($_POST['email'])) 
    {
       $email = mysqli_real_escape_string($_POST['email']);
    } 
else 
    {
        echo "Nu ati completat adresa de e-mail. <br />";
    }

if(isset($_POST['password'])) 
    {
       $email = mysqli_real_escape_string($_POST['password']);
    } 
else 
    {
        echo "Nu ati completat parola. <br />";
    }

if(isset($_POST['email']) && ($_POST['password']))
{ 
    $query = ("SELECT * FROM `users` WHERE password = '$password' AND email = '$email'");
    $result = mysqli_query($link, $query);
    $row = mysqli_fetch_array($result);
    $count_rows = mysqli_num_rows($result);

    if ($count_rows == 1)
    {
            $_SESSION["login"] = "OK";
            header("Location: ../index.php");
    }

    else
    {
        header("Location: ../login.php");

    }
}
?>

I tried switching from MySQL to MySQLi and I'm sure it's related to this. My form is not passing values to the PHP script even if the inputs have a name. Did some research here on StackOverflow and found many questions about forms not passing data but there was usually a typo or a missing name, which is not my case (I think).

(I know that the password is not secured yet, I'll add a SHA256 or something there soon so don't stress about it)

Tried echoing the query and it's just blank where the password and email address should be.

SELECT * FROM `users` WHERE password = '' AND email = ''

I also get this warning:

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\xampp\htdocs\breloc\includes\login.php on line 4

Line 4 in my script is:

$email = mysqli_real_escape_string($_POST['password']); 

图片转代码服务由CSDN问答提供 功能建议

HTML

 &lt; form type =“POST”action  =“includes / login.php”&gt; 
&lt; input type =“email”name =“email”placeholder =“email”/&gt; 
&lt; input type =“password”name =“password”placeholder =  “parola”/&gt; 
&lt; input type =“submit”value =“Login”&gt; 
&lt; / form&gt; 
   
 
 

PHP

 &lt;?php 
require_once'config.php'; 
 
if(isset($ _ POST ['email']))
 {
 $ email = mysqli_real_escape_string($  _POST ['email']); 
} 
else 
 {
 echo“Nu ati completat adresa de e-mail。&lt; br /&gt;”; 
} 
 
if(isset($ _ POST [  'password']))
 {
 $ email = mysqli_real_escape_string($ _ POST ['password']); 
} 
else 
 {
 echo“Nu ati completat parola。&lt; br /&gt;”;  
} 
 
if(isset($ _ POST ['email'])&amp;&amp;($ _POST ['password']))
 {
 $ query =(“SELECT * FROM`users` WHERE password  ='$ password'和email ='$ email'“); 
 $ result = mysqli_query($ link,$ query); 
 $ ro  w = mysqli_fetch_array($ result); 
 $ count_rows = mysqli_num_rows($ result); 
 
 if if($ count_rows == 1)
 {
 $ _SESSION [“login”] =“OK”; 
  header(“Location:../ index.php”); 
} 
 
 else 
 {
标题(“位置:../ login.php”); 
n} 
} \  n?&gt; 
   
 
 

我尝试从MySQL切换到MySQLi,我确信它与此有关。 即使输入具有名称,我的表单也不会将值传递给PHP脚本。 在StackOverflow上进行了一些研究并发现很多关于表单没有传递数据的问题,但通常会出现错误或缺少名称,这不是我的情况(我认为)。

(我知道) 密码还没有安全,我会尽快添加一个SHA256或其他东西,所以不要强调它。)

尝试回显查询,它只是空白密码和电子邮件的地方 地址应该是。

  SELECT * FROM`users` WHERE password =''AND email =''
   
 
 

我也收到此警告:

警告:mysqli_real_escape_string()需要2个参数,1在C:\ xampp \ htdocs \ breloc \ includes \ _login.php中给出 第4行

我的脚本中的第4行是:

  $ email = mysqli_real_escape_string($ _ POST [' 密码']);  
   
 
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

7条回答 默认 最新

  • doudui6756 2015-06-15 13:51
    已采纳
    1. Change form type="post" to method="post"
    2. Add database connection string to your mysqli_real_escape_string function.
    点赞 打赏 评论
  • dprlv04662 2015-06-15 13:47
    string mysqli_real_escape_string ( mysqli $link , string $escapestr )
    

    As from Docs, the first parameter must be mysqli resource and its missing within your code, and also change

    <form type="POST">
    

    into

    <form method="post">
    

    So your code looks like

    mysqli_real_escape_string($link,$_POST['email']);// and been repeated at all those occurences
    
    点赞 打赏 评论
  • duanli12176 2015-06-15 13:49

    According to the Documentation http://php.net/manual/de/mysqli.real-escape-string.php you must provide the mysqli ressource as first parameter of the function.

    点赞 打赏 评论
  • douqian5553 2015-06-15 13:49

    make change to Your form tag

     <form type="POST">
    

    to

     <form method="POST">   
    
    点赞 打赏 评论
  • dousi6303 2015-06-15 13:49

    You should use method instead of type in your <form> tag, like this:

    <form method="POST" action="includes/login.php">
    
    点赞 打赏 评论
  • douya7121 2015-06-15 13:55
    <form method="POST" action="includes/login.php">
        <input type="email" name="email" placeholder="email" />
        <input type="password" name="password" placeholder="parola" />
        <input type="submit" value="Login" name="submit">
    </form>
    
    <?php
    require_once 'config.php';
    
    if(isset($_POST['submit'])) {
        if(!empty($_POST[email]))
        {
           $email = mysqli_real_escape_string($link,$_POST['email']);
        } 
    else 
        {
            echo "Nu ati completat adresa de e-mail. <br />";
        }
    
    if(!empty($_POST['password'])) 
        {
           $password = mysqli_real_escape_string($link,$_POST['password']);
        } 
    else 
        {
            echo "Nu ati completat parola. <br />";
        }
    
    if(!empty($_POST['email']) && !empty($_POST['password']))
    { 
        $query = ("SELECT * FROM `users` WHERE password = '".$password."' AND email = '".$email."'");
        $result = mysqli_query($link, $query);
        $row = mysqli_fetch_array($result);
        $count_rows = mysqli_num_rows($result);
    
        if ($count_rows == 1)
        {
                $_SESSION['login'] = "OK";
                header("Location: ../index.php");
        }
    
        else
        {
            header("Location: ../login.php");
    
        }
    }}
    ?>
    
    点赞 打赏 评论
  • duanjuan3931 2015-06-15 13:56

    set 'method' not type

    <form method="POST" action="includes/login.php">
        <input type="email" name="email" placeholder="email" />
        <input type="password" name="password" placeholder="parola" />
        <input type="submit" value="Login">
    </form>
    

    don't forget to connect to your db and pass the that connection to your mysqli_query and mysqli_real_escape_string functions

    <?php
    require_once 'config.php';
    
    $con=mysqli_connect("localhost","my_user","my_password","my_db");
    
    if(isset($_POST['email'])) 
        {
           $email = mysqli_real_escape_string($con, $_POST['email']);
        } 
    else 
        {
            echo "Nu ati completat adresa de e-mail. <br />";
        }
    
    if(isset($_POST['password'])) 
        {
           $email = mysqli_real_escape_string($con,$_POST['password']);
        } 
    else 
        {
            echo "Nu ati completat parola. <br />";
        }
    
    if(isset($_POST['email']) && ($_POST['password']))
    { 
        $query = ("SELECT * FROM `users` WHERE password = '$password' AND email = '$email'");
        $result = mysqli_query($con, $query);
        $row = mysqli_fetch_array($result);
        $count_rows = mysqli_num_rows($result);
    
        if ($count_rows == 1)
        {
                $_SESSION["login"] = "OK";
                header("Location: ../index.php");
        }
    
        else
        {
            header("Location: ../login.php");
    
        }
    }
    ?>
    
    点赞 打赏 评论

相关推荐 更多相似问题