我不断收到错误未定义的索引在尝试从我的Android应用程序登录或注册时在PHP中。我试图更改PHP版本,但它没有解决问题。以下是错误我得到的error_log:在插入或从数据库中选择数据时在PHP中的错误
[28-Aug-2017 15:15:33 America/Denver] PHP Notice: Undefined index: full_name in /home2/heratarm/public_html/socialnetwork-api/Classes/user.php on line 33
[28-Aug-2017 15:15:33 America/Denver] PHP Notice: Undefined index: username in /home2/heratarm/public_html/socialnetwork-api/Classes/user.php on line 34
[28-Aug-2017 15:15:33 America/Denver] PHP Notice: Undefined index: email in /home2/heratarm/public_html/socialnetwork-api/Classes/user.php on line 35
[28-Aug-2017 15:15:33 America/Denver] PHP Notice: Undefined index: password in /home2/heratarm/public_html/socialnetwork-api/Classes/user.php on line 36
[28-Aug-2017 15:15:57 America/Denver] PHP Notice: Undefined index: username in /home2/heratarm/public_html/socialnetwork-api/Classes/user.php on line 12
[28-Aug-2017 15:15:57 America/Denver] PHP Notice: Undefined index: password in /home2/heratarm/public_html/socialnetwork-api/Classes/user.php on line 13
,这里是我的PHP代码:
class user
{
public function login()
{
$data = [];
require $_SERVER['DOCUMENT_ROOT'].'/socialnetwork-api/Config/db.php';
$DB = new DB();$db=$DB->connection;
$username =htmlentities($_POST['username'],ENT_QUOTES,"UTF-8");
$password =htmlentities($_POST['password'],ENT_QUOTES,"UTF-8");
$sql = "SELECT * FROM `tbl_users` WHERE `username`='$username' AND `password`='$password'";
$result = $db->query($sql);
$result = $result->fetch();
if($result != null)
{
$data["result"]=$result['id'];
}
else
{
$data["result"]="0";
}
echo json_encode($data);
}
public function signup()
{
$data = [];
require $_SERVER['DOCUMENT_ROOT'].'/socialnetwork-api/Config/db.php';
$DB = new DB();$db=$DB->connection;
$fullname = htmlentities($_POST['full_name'],ENT_QUOTES,"UTF-8");
$username = htmlentities($_POST['username'],ENT_QUOTES,"UTF-8");
$email = $_POST['email'];
$password = htmlentities($_POST['password'],ENT_QUOTES,"UTF-8");
$sql = "SELECT * FROM `tbl_users` WHERE `username`='$username'";
$result = $db->query($sql);
$result = $result->fetch();
if($result != null)
{
$data["result"] = "username";
}
else
{
$sql = "SELECT * FROM `tbl_users` WHERE `email`='$email'";
$result = $db->query($sql);
$result = $result->fetch();
if($result != null)
{
$data["result"] = "email";
}
else
{
$sql = "INSERT INTO `tbl_users` (`full_name`,`username`,`email`,`password`) VALUES ('$fullname','$username','$email','$password')";
$result = $db->prepare($sql);
$result = $result->execute();
if($result)
{
$data["result"]="1";
}
else
{
$data["result"]="0";
}
}
}
echo json_encode($data);
}
我希望有人可以帮助我,因为我不熟悉PHP这么多,我需要为我的在大学的项目。
您可以[SQL注入](http://php.net/manual/en/security.database.sql-injection.php)开放,并且确实应该使用[Prepared Statements](http:// php。 net/manual/en/mysqli.quickstart.prepared-statements.php)而不是串联你的查询。 'htmlentities()'不是一种转义数据库值的充分方法。在将它们存储在数据库中之前,您不应该使用htmlentities()来转义这些值。您应该在输出数据之前使用htmlentities()。 –
**切勿以明文形式存储密码!**。只存储密码哈希!使用PHP的['password_hash()'](http://php.net/manual/en/function.password-hash.php)和['password_verify()'](http://php.net/manual/en /function.password-verify.php)。如果您运行的PHP版本低于5.5(我希望不是),那么可以使用[password_compat库](https://github.com/ircmaxell/password_compat)来获得相同的功能。 –
@MagnusEriksson我正在运行php版本5.6,我会尽你所说,但我没有得到我的问题的答案。 你能特别告诉我为什么我得到这个错误? –