0
所以我有一个网站,我试图测试新的用户注册功能。我没有得到LogInHelper.php文件中任何回声的输出。目标是能够为新用户输入信息,将其发布到LogInHelper.php,查看输入的密码是否相等,如果不是,则将结果div更新为错误消息。来自html输入的值不会发布到html文件
这是一个包含HTML我的login.php文件:
<!DOCTYPE html>
<html>
<head>
<title>Ticket Log In</title>
<script src = "../../jquery.js"></script>
<style>
body{
padding:0;
margin:0;
}
#box {
background:blue;
text-align:center;
padding:10px;
color:white;
width:500px;
height:300px;
margin: 0 auto;
}
#LogIn {
background:blue;
text-align:center;
padding:10px;
color:white;
width:500px;
height:300px;
margin: 0 auto;
}
</style>
<script>
$(document).ready(function(){
$("#sub").click(function(){
var fist_name = $("#firstname").val();
var last_name = $("#lastname").val();
var user_email = $("#email").val();
var department_id = $("#department").val();
var user_pass = $("#pass").val();
var user_pass2 = $("#pass2").val();
$.post("LogInHelper.php",{firstname:first_name,lastname:last_name,email:user_email,department:department_id,pass:user_pass,pass2:user_pass2},function(data){
$("#result").html(data);
});
});
$("#sub2").click(function(){
var loginuser_email = $("#loginemail").val();
var loginuser_pass = $("#loginpass").val();
$.post("LogInHelper.php",{loginemail:loginuser_email,loginpass:loginuser_pass},function(data){
$("#result2").html(data);
});
});
$('#box').hide();
$('.new').click(function() {
$('#box').toggle();
$('#LogIn').toggle();
});
});
</script>
</head>
<body>
<div id="box">
<input type ="submit" class = "new" value = "New User Register">
<h2>New User Register Here:</h2>
<input type ="text" name="firstname" id="firstname" placeholder="Enter Your First Name"/></br>
<input type ="text" name="lastname" id="lastname" placeholder="Enter Your Last Name"/></br>
<input type ="text" name="email" id="email" placeholder="Enter Your email"/></br>
<form action="LogInHelper.php" method="post">
<select id = "department" name = "department">
<?php
$servername = "localhost";
$username = "quantco_Ted";
$password = "Quantum1";
$database = "quantco_Interns";
$con = mysqli_connect($servername,$username,$password,$database);
if($con->connect_error){
die("Connection failed " . $con->connect_error);
}
$sql = "select Department_name,id from Department";
$result = mysqli_query($con,$sql);
while ($row = mysqli_fetch_array($result)) {
$department = $row['Department_name'];
$id = $row['id'];
echo "<option value = '$id'>$department</option>";
}
?></select></form>
<input type ="password" name="pass" id="pass" placeholder="Enter Your Password"/>
<input type ="password" name="pass2" id="pass2" placeholder="Re-Enter Your Password"/>
</br></br>
<input type ="submit" name = "sub" value = "Register" id = "sub"/>
<div id="result"></div>
</div>
<div id="LogIn">
<input type ="submit" class = "new" value = "New User Register">
<h2>Registered User Log In:</h2>
<input type ="text" name="loginemail" id="loginemail" placeholder="Enter Your Email"/></br>
<input type ="password" name="loginpass" id="loginpass" placeholder="Enter Your Password"/>
</br></br>
<input type ="submit" name = "sub2" value = "Submit" id = "sub2"/>
<div id="result2"></div>
</div>
</body>
</body>
</html>
这里是我的LogInHelper文件接收帖子:
<?php
$servername = "localhost";
$username = "user";
$password = "pass";
$database = "db";
$con = mysqli_connect($servername,$username,$password,$database);
if($con->connect_error){
die("Connection failed " . $con->connect_error);
}
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$id = $_POST['department'];
$email = $_POST['email'];
$pass = md5($_POST['pass']);
$pass2 = md5($_POST['pass2']);
echo $firstname;
echo $lastname;
echo $id;
echo $email;
echo $pass;
echo $pass2;
$sel = "select * from Employee where email='$email'";
$run = mysqli_query($con,$sel);
$check_email = mysqli_num_rows($run);
if(!($pass==$pass2)){
echo "<h2>Your emails do not match, please try again!</h2>";
exit();
}
else if($check_email==1){
echo "<h2>This email is already registered, please try another!</h2>";
exit();
}
else{
$insert = "insert into Employee (email, first, last, department_id,pass,) values ('$email','$firstname','$lastname','$id', '$pass')";
$run_insert = mysqli_query($con,$insert);
if($run_insert){
echo "<h2>Registration Successful, Thanks!</h2>";
}
}
mysqli_close($con);
?>
'var fist_name'?除非你是一个职业拳击手,否则命名你的拳头只是......怪异的。哦,还有可爱的[sql注入攻击](http://bobby-tables.com)漏洞... –
*职业拳击手....和@lazersquids mcgee,你应该阅读关于面向对象的'mysqli'和准备语句: http://php.net/manual/en/mysqli.prepare.php – Hackerman
@MarcB漏洞在哪里? –