由于某种原因,$ password(从表单发送的那个)将变为空白。来自POST表单的PHP变量变为空白
我手动此与此代码检查:
echo "<p>$username does not match $firstandlast</p>";
echo "<p>$password does not match $dbpassword</p>";
这里是我的代码...
<?php
if(isset ($_POST['submit'])) {
$username = $_POST['name'];
$password = $_POST['pw'];
if ($username&&$password){
require('includes/cxn.php');
$login_query = "SELECT * FROM users WHERE username='$username'";
$result = mysqli_query($cxn,$login_query) or die("Couldn't execute query.");
$numrows = mysqli_num_rows($result);
if($numrows!=0){
while ($row = mysqli_fetch_assoc($result))
{
$firstandlast = $row['firstName'] . " " . $row['lastName'];
$dbpassword = $row['password'];
$userID = $row['userid'];
if ($username==$firstandlast&&$password==$dbpassword){
echo "You are now logged in! <a href='profile.php?userID=" . $userID . "'>Click Here</a> to continue.";
$_SESSION['username'] = $dbusername;
$_SESSION['id'] = $userID;
}
else {
echo "<p>$username does not match $firstandlast</p>";
echo "<p>$password does not match $dbpassword</p>";
echo "Password does not exist.";
}
}
} else {
echo "This user doesn't exist.";
}
} else {
die("You Must Enter both a username and password");
}
} else {
echo "
<div id='login'>
<form action='login.php' method='post' id='loginform'>
<table>
<tr>
<td width='90'>Name:</td>
<td width='825'><input type='text' name='name' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pw' /></td>
</tr>
<tr>
<td> </td>
<td><button type='submit' name='submit'>Sumbit</button></td>
</tr>
</table></form></div>";
}
?>
但你无法从POST输入取'$ dbpassword',是吗? – 2010-08-15 10:24:49
你能否填写表格,发送并显示'print_r($ _ POST)'? – barroco 2010-08-15 11:00:18
EHWWWWEWEWEWEWEWEW SQL注入! http://bit.ly/everythingyouaredoingisbad – mattbasta 2010-08-15 11:04:38