-1
我有一个从用户获取数据的表单,在键入数据后,他们不会被获得。我不确定问题在哪里。保持接收空字符串
//Signup page
<h2>SignUp</h2>
<form class="signup-form" action="Cons/signup.conn.php" method="POST">
<input type="text" name="firstName" placeholder="Name">
<input type="password" name="userPassword" placeholder="Password">
<button type ="submit" name = "submit" >Sign Up</button>
</form>
数据i键后,我被卡住第一个验证,其所说的“标题(”位置:../signup.php?signup=Empty“);”
//belongs to signup.conn.php (where the process is done)
<?php
if (isset($_POST['submit'])) {
include_once 'dbh-conn.php';
$first = mysqli_real_escape_string($conn, $_POST['firstName']);
$pw = mysqli_real_escape_string($conn, $_POST['userPassword']);
// ERROR handlers
// Check for EMPTY Fields;
if (empty($first) || empty($pwd)) {
header("Location: ../signup.php?signup=Empty");
exit();
} else {
//does other validations
if
//Once everything is confirmed
} else {
// Hashing the password
$hashedPwd = password_hash($pw, PASSWORD_DEFAULT);
// insert Users into DB
$sql = "INSERT INTO users (user_firstName,user_userPassword)
VALUES ('$first','$hashedPwd');";
// ////////////////////////
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
header("Location: ../signup.php");
exit();
}
?>
'$ pw'! ='$ pwd',你检查一个没有设置的变量。 – Qirel
您还应该使用准备的语句,而不是将变量直接注入查询。 'mysqli_ *'提供'prepare()'和'bind_param()'方法,你应该看看。 – Qirel
注意:你不需要'mysqli_real_escape_string()'作为密码,你也不需要。 –