我不斷收到錯誤未定義的索引在嘗試從我的Android應用程序登錄或註冊時在PHP中。我試圖更改PHP版本,但它沒有解決問題。以下是錯誤我得到的error_log:在插入或從數據庫中選擇數據時在PHP中的錯誤
[28-Aug-2017 15:15:33 America/Denver] PHP Notice: Undefined index: full_name in /home2/heratarm/public_html/socialnetwork-api/Classes/user.php on line 33
[28-Aug-2017 15:15:33 America/Denver] PHP Notice: Undefined index: username in /home2/heratarm/public_html/socialnetwork-api/Classes/user.php on line 34
[28-Aug-2017 15:15:33 America/Denver] PHP Notice: Undefined index: email in /home2/heratarm/public_html/socialnetwork-api/Classes/user.php on line 35
[28-Aug-2017 15:15:33 America/Denver] PHP Notice: Undefined index: password in /home2/heratarm/public_html/socialnetwork-api/Classes/user.php on line 36
[28-Aug-2017 15:15:57 America/Denver] PHP Notice: Undefined index: username in /home2/heratarm/public_html/socialnetwork-api/Classes/user.php on line 12
[28-Aug-2017 15:15:57 America/Denver] PHP Notice: Undefined index: password in /home2/heratarm/public_html/socialnetwork-api/Classes/user.php on line 13
,這裏是我的PHP代碼:
class user
{
public function login()
{
$data = [];
require $_SERVER['DOCUMENT_ROOT'].'/socialnetwork-api/Config/db.php';
$DB = new DB();$db=$DB->connection;
$username =htmlentities($_POST['username'],ENT_QUOTES,"UTF-8");
$password =htmlentities($_POST['password'],ENT_QUOTES,"UTF-8");
$sql = "SELECT * FROM `tbl_users` WHERE `username`='$username' AND `password`='$password'";
$result = $db->query($sql);
$result = $result->fetch();
if($result != null)
{
$data["result"]=$result['id'];
}
else
{
$data["result"]="0";
}
echo json_encode($data);
}
public function signup()
{
$data = [];
require $_SERVER['DOCUMENT_ROOT'].'/socialnetwork-api/Config/db.php';
$DB = new DB();$db=$DB->connection;
$fullname = htmlentities($_POST['full_name'],ENT_QUOTES,"UTF-8");
$username = htmlentities($_POST['username'],ENT_QUOTES,"UTF-8");
$email = $_POST['email'];
$password = htmlentities($_POST['password'],ENT_QUOTES,"UTF-8");
$sql = "SELECT * FROM `tbl_users` WHERE `username`='$username'";
$result = $db->query($sql);
$result = $result->fetch();
if($result != null)
{
$data["result"] = "username";
}
else
{
$sql = "SELECT * FROM `tbl_users` WHERE `email`='$email'";
$result = $db->query($sql);
$result = $result->fetch();
if($result != null)
{
$data["result"] = "email";
}
else
{
$sql = "INSERT INTO `tbl_users` (`full_name`,`username`,`email`,`password`) VALUES ('$fullname','$username','$email','$password')";
$result = $db->prepare($sql);
$result = $result->execute();
if($result)
{
$data["result"]="1";
}
else
{
$data["result"]="0";
}
}
}
echo json_encode($data);
}
我希望有人可以幫助我,因爲我不熟悉PHP這麼多,我需要爲我的在大學的項目。
您可以[SQL注入](http://php.net/manual/en/security.database.sql-injection.php)開放,並且確實應該使用[Prepared Statements](http:// php。 net/manual/en/mysqli.quickstart.prepared-statements.php)而不是串聯你的查詢。 'htmlentities()'不是一種轉義數據庫值的充分方法。在將它們存儲在數據庫中之前,您不應該使用htmlentities()來轉義這些值。您應該在輸出數據之前使用htmlentities()。 –
**切勿以明文形式存儲密碼!**。只存儲密碼哈希!使用PHP的['password_hash()'](http://php.net/manual/en/function.password-hash.php)和['password_verify()'](http://php.net/manual/en /function.password-verify.php)。如果您運行的PHP版本低於5.5(我希望不是),那麼可以使用[password_compat庫](https://github.com/ircmaxell/password_compat)來獲得相同的功能。 –
@MagnusEriksson我正在運行php版本5.6,我會盡你所說,但我沒有得到我的問題的答案。 你能特別告訴我爲什麼我得到這個錯誤? –