【发布时间】:2021-08-31 04:10:17
【问题描述】:
我正在努力使用 POST 将 HTML 表单中的值转换为 PHP 变量。它曾经可以工作,但现在无论我做什么,它都不起作用。这是php文件:
<?php
include "DBConn.php";
session_start();
?>
<html>
<head>
<title>Register</title>
<link rel="stylesheet" href="Register.css" type = "text/css">
</head>
<body>
<div id="container">
<form action="register.php" method = "post">
<label for="name">Name:</label>
<input type="text" id="name" name="txtName" value = <?php if(isset($_POST['txtName'])) echo $_POST['txtName'];?>>
<label for="surname">Surname:</label>
<input type="text" id="surname" name="txtSurname" value = <?php if(isset($_POST['txtSurname'])) echo $_POST['txtSurname'];?>>
<label for="address">Address:</label>
<input type="text" id="address" name="txtAddress" value = <?php if(isset($_POST['txtAddress'])) echo $_POST['txtAddress'];?>>
<label for="email">Email:</label>
<input type="email" id="email" name="txtEmail" value = <?php if(isset($_POST['txtEmail'])) echo $_POST['txtEmail'];?>>
<label for="password">Password:</label>
<input type="password" id="password" name="txtPassword" value = <?php if(isset($_POST['txtPassword'])) echo $_POST['txtPassword'];?>>
<label for="password2">Re-enter Password:</label>
<input type="password" id="password2" name="txtPassword2" value = <?php if(isset($_POST['txtPassword2'])) echo $_POST['txtPassword2'];?>>
<div id="lower">
<input type="submit" value="Register" name = "btnRegister">
</div><!--/ lower-->
</form>
</div>
</body>
</html>
<?php
//Runs if btnRegister is clicked. Registers a user.
if (isset($_POST['btnRegister'])) {
//Assigns form data to variables
$_SESSION["Name"] = $_POST['txtName'];
$_SESSION["Surname"] = $_POST['txtSurname'];
$_SESSION["Email"] = $_POST['txtEmail'];
$_SESSION["Password"] = $_POST['txtPassword'];
$_SESSION["Password2"] = $_POST['txtPassword2'];
$_SESSION["Address"] = $_POST['txtAddress'];
$sqlSelect =
"SELECT *
FROM tbl_Customer
WHERE Email = '{$_SESSION["Email"]}'";
//Runs select query
$result = $conn->query($sqlSelect);
$md5pass = md5($_SESSION["Password"]);
//Checks to see if user exists based on query
if ($result->num_rows == 0) {
//Checks to see if passwords match
if ($_SESSION["Password"] == $_SESSION["Password2"]) {
//Passwords match
echo '<script>alert("Passwords match")</script>';
//Insert statement to insert user into table
$sqlInsert = "INSERT INTO tbl_Customer (Name, Surname, Email, Password, Address)
VALUES ('{$_SESSION["Name"]}','{$_SESSION["Surname"]}','{$_SESSION["Email"]}','$md5pass','{$_SESSION["Address"]}');";
if ($conn->query($sqlInsert) === TRUE) {
echo '<script>alert("Registered successfully")</script>';
}
else {
echo '<script>alert("Registration error: " . $sql . "<br>" . $conn->error)</script>';
}
}
else {
echo '<script>alert("Passwords do not match")</script>';
}
}
else {
//User exists
echo '<script>alert("User already exists, choose a different email.")</script>';
}
header('Location: login.php');
exit();
}
?>
所有警报都不起作用,表明它们回显不起作用。此外,第二次单击注册按钮时,我将进入登录页面,这意味着注册按钮必须正常工作。它不会给我任何错误或消息。
【问题讨论】:
-
危险:此代码是vulnerable to XSS 用户输入需要转义才能插入到 HTML 文档中!。
-
危险:您正在使用an unsuitable hashing algorithm,需要take better care 的用户密码。
-
危险:你很容易受到SQL injection attacks的影响,你需要自己从defend那里得到。
-
这是一个 PHP 文件吗?还是两个不同的?
-
您应该提供minimal reproducible example(强调最小)
标签: php html post phpmyadmin xampp