虽然提交页面电子邮件字段没有任何价值,但密码字段却有所价值? HTML 这是上述PHP代码的HTML HTML
[HTML字段] [1]
[1]:https://i.stack.imgur.com/1OqmH.png if($_SERVER['REQUEST_METHOD'] == "POST"){
if(isset($_POST['login'])){
$email =$con->real_escape_string($_POST['email']);
$sanitized_email = filter_var($email, FILTER_SANITIZE_EMAIL);
if(filter_var($sanitized_email, FILTER_VALIDATE_EMAIL)){
$valid_e = 'Valid Email';
}else{
$invalid_e = "Invalid Email";
}
//////////////////////////Password Sanitization///////////////////
if(!empty($_POST['password'])){
$pass = md5($con->real_escape_string(filter_var($_POST['password'], FILTER_SANITIZE_STRING)));
}
$stmt = $con->prepare("SELECT * FROM tb_hospital WHERE email= ? AND password = ?");
$stmt->bind_param("ss",$sanitized_email,$pass);
echo "SELECT * FROM tb_hospital WHERE email= ? AND password = ?'ss',$email,$pass";
die();
exit();
$stmt->execute();
$res = $stmt->get_result();
if($res->num_rows > 0){
//$_SESSION['mail'] = $email;
header('Location:db.php');
}else{
$error="Not Authorized To Login!!";
}
}
}
<form class="form-login" action="login.php" method="POST">
<h2 class="form-login-heading">sign in now</h2>
<div class="login-wrap" style="padding-bottom: 0px;">
<br>
<input type="text" class="form-control" name="email" placeholder="User Email">
<br>
<input type="password" class="form-control" name="password" placeholder="Password">
<label class="checkbox">
<span class="pull-right">
<a data-toggle="modal" href="forget.php"> Forgot Password?</a>
</span>
</label>
<button class="btn btn-theme btn-block" name="login" type="submit"><i class="fa fa-lock"></i> SIGN IN</button>
</div>
</form>
0 个答案:
没有答案
