【问题标题】:PHP file not detecting form dataPHP文件未检测到表单数据
【发布时间】:2021-06-28 05:33:42
【问题描述】:

我正在尝试将 HTML 表单中的数据解析为 PHP 文件,以查看它是否与我的数据库中的数据匹配。这是我网站的登录系统。但是,即使我在 HTML 页面上输入了正确的凭据,数据也无法以某种方式正确解析,因为我在输入 PHP 代码时不断收到“else”部分。

HTML 代码

<!DOCTYPE html>
<html>
  <head>
    <link rel="stylesheet" type="text/css" href="index.css">
        <link rel="preconnect" href="https://fonts.gstatic.com">
        <link href="https://fonts.googleapis.com/css2?family=PT+Serif:wght@700&display=swap" rel="stylesheet">
        <link rel="preconnect" href="https://fonts.gstatic.com">
        <link href="https://fonts.googleapis.com/css2?family=Raleway&display=swap" rel="stylesheet">
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <meta http-equiv="X-UA-Compatible" content="ie=edge" />
    <title>Title</title>
    <link rel="stylesheet" href="login.css">
  </head>

  <body>

    <header>
      <h1 style="color: #333; font-family: PT Serif; font-size: 30px">Title</h1>
    </header>

    <section class="container">
      <form method="post" action="index.php" id="login">

        <h1 id="h1" style="font-family: Raleway; color: #333">Login</h1>
        <div class="msg">
        </div>

        <div>
          <label for="name" style="font-family: Raleway;">Name:</label>
          <input class='input' type="text" id="name" name="userName">
        </div>

        <div>
          <label for="password" style="font-family: Raleway;">Password:</label>
          <input class='input' type="password" id="password" name="password">
        </div>

        <div>
          <label for="register" style="font-family: Raleway;"><a href="(random link)">No account yet?</a></label>
        </div>

        <input class="btn" type="submit" value="Submit">
      </form>

    </section>
  </body>
</html>

index.php

<?php
session_start();

$link = mysqli_connect('localhost','dbuser','dbpass','dbname');

if(isset($_POST['username']) && isset($_POST['password'])) {
    $userName = $_POST['userName'];
    $password = $_POST['password'];

    $sql_u = "SELECT Username FROM users WHERE Username='$userName'";
    $sql_p = "SELECT Password FROM users WHERE Password='$password'";

    $res_u = mysqli_query($link, $sql_u);
    $res_p = mysqli_query($link, $sql_p);

    if($userName == $res_u && $password == $res_p) {
        $_SESSION['userName'] = $userName;
        $_SESSION['password'] = $password;
        $_SESSION['loggedin'] = 1;
    }
    
    if($_SESSION['loggedin'] == 1) {
        header('Location: (random html file)');
    }
}

else {
    ?>
    <!DOCTYPE html>
<html>
  <head>
    <link rel="stylesheet" type="text/css" href="index.css">
        <link rel="preconnect" href="https://fonts.gstatic.com">
        <link href="https://fonts.googleapis.com/css2?family=PT+Serif:wght@700&display=swap" rel="stylesheet">
        <link rel="preconnect" href="https://fonts.gstatic.com">
        <link href="https://fonts.googleapis.com/css2?family=Raleway&display=swap" rel="stylesheet">
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <meta http-equiv="X-UA-Compatible" content="ie=edge" />
    <title>Title</title>
    <link rel="stylesheet" href="login.css">
  </head>

  <body>

    <header>
      <h1 style="color: #333; font-family: PT Serif; font-size: 30px">Title</h1>
    </header>

    <section class="container">
      <form method="post" id="login">

        <h1 id="h1" style="font-family: Raleway; color: #333">Login</h1>
        <div class="msg">
        </div>

        <div>
          <label for="name" style="font-family: Raleway;">Name:</label>
          <input class='input' type="text" id="name" name="userName">
        </div>

        <div>
          <label for="password" style="font-family: Raleway;">Password:</label>
          <input class='input' type="password" id="password" name="password">
        </div>

        <div>
          <label for="register" style="font-family: Raleway;"><a href="(random link)">No account yet?</a></label>
        </div>

        <input class="btn" type="submit" value="Submit">
      </form>

    </section>
  </body>
</html>
    <?php
}

【问题讨论】:

  • var_dump($_POST) 在第一个 if 条件之前的输出是什么?您会认识到,username 有一个错字。您将看到userNameusername 不同。这就是你一直处于 else 状态的原因。
  • 你可以试试 $_POST[userName] 代替用户名

标签: php html session


【解决方案1】:

我唯一能看到的是一个可能的错字:

if(isset($_POST['username']) && isset($_POST['password'])) {

看起来应该是:

if(isset($_POST['userName']) && isset($_POST['password'])) {

另外,您不需要单独查询用户名和密码,如果用户名是唯一的,则在一次查询中获取该用户的行,但是您是否以纯文本形式存储密码?这可能有点冒险,而且您也面临 SQL 注入攻击的风险。

【讨论】:

    猜你喜欢
    • 2020-01-04
    • 2021-01-19
    • 2018-07-31
    • 2022-06-10
    • 2013-02-02
    • 1970-01-01
    • 2021-07-09
    • 1970-01-01
    • 2021-07-20
    相关资源
    最近更新 更多