无法从 PHP 中的 HTML 表单获取 POST 值
Posted
技术标签:
【中文标题】无法从 PHP 中的 HTML 表单获取 POST 值【英文标题】:Failing to get POST values from HTML form in PHP 【发布时间】:2021-08-31 04:10:17 【问题描述】:我正在努力使用 POST 将 html 表单中的值转换为 php 变量。它曾经可以工作,但现在无论我做什么,它都不起作用。这是php文件:
<?php
include "DBConn.php";
session_start();
?>
<html>
<head>
<title>Register</title>
<link rel="stylesheet" href="Register.css" type = "text/css">
</head>
<body>
<div id="container">
<form action="register.php" method = "post">
<label for="name">Name:</label>
<input type="text" id="name" name="txtName" value = <?php if(isset($_POST['txtName'])) echo $_POST['txtName'];?>>
<label for="surname">Surname:</label>
<input type="text" id="surname" name="txtSurname" value = <?php if(isset($_POST['txtSurname'])) echo $_POST['txtSurname'];?>>
<label for="address">Address:</label>
<input type="text" id="address" name="txtAddress" value = <?php if(isset($_POST['txtAddress'])) echo $_POST['txtAddress'];?>>
<label for="email">Email:</label>
<input type="email" id="email" name="txtEmail" value = <?php if(isset($_POST['txtEmail'])) echo $_POST['txtEmail'];?>>
<label for="password">Password:</label>
<input type="password" id="password" name="txtPassword" value = <?php if(isset($_POST['txtPassword'])) echo $_POST['txtPassword'];?>>
<label for="password2">Re-enter Password:</label>
<input type="password" id="password2" name="txtPassword2" value = <?php if(isset($_POST['txtPassword2'])) echo $_POST['txtPassword2'];?>>
<div id="lower">
<input type="submit" value="Register" name = "btnRegister">
</div><!--/ lower-->
</form>
</div>
</body>
</html>
<?php
//Runs if btnRegister is clicked. Registers a user.
if (isset($_POST['btnRegister']))
//Assigns form data to variables
$_SESSION["Name"] = $_POST['txtName'];
$_SESSION["Surname"] = $_POST['txtSurname'];
$_SESSION["Email"] = $_POST['txtEmail'];
$_SESSION["Password"] = $_POST['txtPassword'];
$_SESSION["Password2"] = $_POST['txtPassword2'];
$_SESSION["Address"] = $_POST['txtAddress'];
$sqlSelect =
"SELECT *
FROM tbl_Customer
WHERE Email = '$_SESSION["Email"]'";
//Runs select query
$result = $conn->query($sqlSelect);
$md5pass = md5($_SESSION["Password"]);
//Checks to see if user exists based on query
if ($result->num_rows == 0)
//Checks to see if passwords match
if ($_SESSION["Password"] == $_SESSION["Password2"])
//Passwords match
echo '<script>alert("Passwords match")</script>';
//Insert statement to insert user into table
$sqlInsert = "INSERT INTO tbl_Customer (Name, Surname, Email, Password, Address)
VALUES ('$_SESSION["Name"]','$_SESSION["Surname"]','$_SESSION["Email"]','$md5pass','$_SESSION["Address"]');";
if ($conn->query($sqlInsert) === TRUE)
echo '<script>alert("Registered successfully")</script>';
else
echo '<script>alert("Registration error: " . $sql . "<br>" . $conn->error)</script>';
else
echo '<script>alert("Passwords do not match")</script>';
else
//User exists
echo '<script>alert("User already exists, choose a different email.")</script>';
header('Location: login.php');
exit();
?>
所有警报都不起作用,表明它们回显不起作用。此外,第二次单击注册按钮时,我将进入登录页面,这意味着注册按钮必须正常工作。它不会给我任何错误或消息。
【问题讨论】:
危险:此代码是vulnerable to XSS 用户输入需要转义才能插入到 HTML 文档中!。 危险:您正在使用an unsuitable hashing algorithm,需要take better care 的用户密码。 危险:你很容易受到SQL injection attacks的影响,你需要自己从defend那里得到。 这是一个 PHP 文件吗?还是两个不同的? 您应该提供minimal reproducible example(强调最小) 【参考方案1】:如果您的 PHP 代码与 HTML 代码位于同一页面上,请从 <form> 标记中删除 action="register.php"。 action 属性指定提交表单时将表单数据发送到何处,因为您的 PHP 代码在同一页面上,您应该删除 action 并且表单数据将在同一页面上提交。
或者
创建一个register.php 并将 PHP 代码放在那里。
【讨论】:
以上是关于无法从 PHP 中的 HTML 表单获取 POST 值的主要内容,如果未能解决你的问题,请参考以下文章