-1
我有一個從用戶獲取數據的表單,在鍵入數據後,他們不會被獲得。我不確定問題在哪裏。保持接收空字符串
//Signup page
<h2>SignUp</h2>
<form class="signup-form" action="Cons/signup.conn.php" method="POST">
<input type="text" name="firstName" placeholder="Name">
<input type="password" name="userPassword" placeholder="Password">
<button type ="submit" name = "submit" >Sign Up</button>
</form>
數據i鍵後,我被卡住第一個驗證,其所說的「標題(」位置:../signup.php?signup=Empty「);」
//belongs to signup.conn.php (where the process is done)
<?php
if (isset($_POST['submit'])) {
include_once 'dbh-conn.php';
$first = mysqli_real_escape_string($conn, $_POST['firstName']);
$pw = mysqli_real_escape_string($conn, $_POST['userPassword']);
// ERROR handlers
// Check for EMPTY Fields;
if (empty($first) || empty($pwd)) {
header("Location: ../signup.php?signup=Empty");
exit();
} else {
//does other validations
if
//Once everything is confirmed
} else {
// Hashing the password
$hashedPwd = password_hash($pw, PASSWORD_DEFAULT);
// insert Users into DB
$sql = "INSERT INTO users (user_firstName,user_userPassword)
VALUES ('$first','$hashedPwd');";
// ////////////////////////
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
header("Location: ../signup.php");
exit();
}
?>
'$ pw'! ='$ pwd',你檢查一個沒有設置的變量。 – Qirel
您還應該使用準備的語句,而不是將變量直接注入查詢。 'mysqli_ *'提供'prepare()'和'bind_param()'方法,你應該看看。 – Qirel
注意:你不需要'mysqli_real_escape_string()'作爲密碼,你也不需要。 –