我不知道这里有什么问题。 preventDefault应该停止提交表单,但仍然继续。我有一个ajax调用,它验证用户是否有效。如果不是,请阻止提交。否则,继续登录和主页。表格仍然提交甚至与preventDefault
表
<form id="signIn" method="post" action="processForms.php">
<table cellspacing="10">
<tr id="errorSignIn" hidden="hidden">
<td class="centerItem errorMessage" colspan="3">
Incorrect Username and/or Password
</td>
</tr>
<tr>
<td><input type="text" id="username" name="username" autocomplete="off" autofocus required placeholder="Username..."></td>
<td><input type="password" id="password" name="password" autocomplete="off" required placeholder="Password..."></td>
<td><input type="submit" name="processButton" class="signIn" value="Sign-in" ></td>
</tr>
</table>
</form>
的Javascript
$('#signIn').submit (function (e) {
var username = $('#username').val();
var password = $('#password').val();
var dataString = "username=" + username + "&password=" + password;
$.ajax({
type: "POST",
url: "ajaxCheck.php",
data: dataString,
cache: false,
success: function (result) {
if (!result) {
$('#errorSignIn').removeAttr('hidden');
e.preventDefault();
return false;
}
}
});
});
ajaxCheck.php
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$password = md5($password);
$dbConnection = mysqli_connect('localhost','root','','onboard');
$query = "SELECT * FROM account WHERE username='$username' AND password='$password'";
$result = mysqli_query($dbConnection,$query);
$count = mysqli_num_rows($result);
if ($count == 1) { echo true; }
else { echo false; }
您只是在内部函数返回false,但外部函数没有返回值,所以提交将被解雇。 – Tyr 2014-09-24 01:43:38
@Tyr我试着添加“return false;”到另一个函数并向内部函数添加else子句以返回true,但现在当用户存在时它不会提交表单。 – 2014-09-24 02:02:23
您现在的代码已打开[** SQL注入**](http://stackoverflow.com/q/60174/)。使用[** CRYPT_BLOWFISH **](http://security.stackexchange.com/q/36471)或PHP 5.5的['password_hash()'](http://www.php.net/manual/en/) function.password-hash.php)函数。对于PHP <5.5,使用['password_hash()兼容包]](https://github.com/ircmaxell/password_compat)。另外,[**使用准备好的语句**](http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php)或[**使用准备好的语句**的PDO](http ://php.net/pdo.prepared-statements)。 – 2014-09-24 02:13:34