-1

这是我的代码。我无法通过 php 获取表单数据。即使我回应了表单数据,但它只显示没有重新加载登录页面登录表单

<form id="loginform" action="sql.php" method="post">
    <label style="text-align:center" for="Email">Email &nbsp; &nbsp;:</label>
    <input type="text" name="email" id="email" value="<?php               echo         $user_profile['email'];?>">
    <label for="pass" style="text-align:center;">Password &nbsp;:</label>
    <input type="password" name="password" id="password">
    <div id="space" style="height:15px; width:500px; margin:auto;"></div>
    <div id="button" style="height:30px; width:50px; margin:auto;">
    <input type="submit"onclick="return verify(this);"name="submit" value="LoG In"        style="border:outset; border-color:#000080; margin:auto;">
    </div>
</form>

和 sql.php 文件

 <?php
   $a = $_POST['email'];
   $b = $_POST['password'];
   $c = mysql_real_escape_string($a);
   $d = mysql_real_escape_string($b);
   $e = htmlentities($c);
    $f = htmlentities($d);
    $user = strip_tags($e);
    $pass = strip_tags($f);
    session_start();
    $dbhost = '';
    $dbuser = '';
    $dbpass = '';
    $dbname = '';
    $table  = '';
    $conn = mysql_connect($dbhost,$dbuser,$dbpass) or die ("I cannot connect to          the        database because: " . mysql_error());
    mysql_select_db($dbname) or die ("I cannot select the database because: "           .mysql_error());
    $sql = "INSERT INTO data (email, password) VALUES('$user','$pass')";
    $result = mysql_query($conn,$sql);
    if($result){
echo $user;
echo  "";
echo $pass;};
     mysql_close($conn);?>
4

1 回答 1

0

您的逻辑完全错误,您正在执行数据库插入而不是将发布的值与表中的现有值进行比较。

但是,您当前的问题是由您使用mysql_real_escape_string. 当您在打开数据库连接之前使用该函数时,它将返回FALSE,在您尝试使用它们之前有效地清空您的变量。

您应该切换到 PDO(或 mysqli)和准备好的语句,因为这些mysql_*函数已被弃用。然后,您需要SELECT根据发布的信息从数据库中提取一行,而不是插入一个。

如果您不能/不想切换到 PDO 或 mysqli,则应在使用之前打开数据库连接mysql_real_escape_string,以便将代码更改为:

<?php
$conn = mysql_connect($dbhost,$dbuser,$dbpass) or die ("I cannot connect to the        database because: " . mysql_error());
$a = $_POST['email'];
$b = $_POST['password'];
$c = mysql_real_escape_string($a);
$d = mysql_real_escape_string($b);
// etc.
于 2013-05-29T01:45:49.573 回答