所以我有一个使用注册/登录系统供用户创建帐户的网站。我让该网站与 MAMP 在我的本地主机上完美运行。但是,我将我的站点和数据库上传到实时服务器,但出现错误。下面是注册页面。当用户注册时,它应该将他们带到他们的帐户页面,但是注册页面刷新,他们会收到以下错误:
警告:session_start():无法发送会话cookie - 已发送的标头(输出始于/srv/disk4/2113278/www/lucasclarke.co.nf/webTechFinal/connections.php:16) 在/srv/disk4/2113278/www/lucasclarke.co.nf/webTechFinal/Register.php 第 7 行
警告:session_start():无法发送会话缓存限制器 - 标头已发送(输出从/srv/disk4/2113278/www/lucasclarke.co.nf/webTechFinal/connections.php:16 开始),位于第 7 行的/srv/disk4/2113278/www/lucasclarke.co.nf/webTechFinal/Register.php
警告:无法修改标头信息 - 标头已由/srv/disk4/2113278/www/lucasclarke.co.nf/webTechFinal/connections.php:16) 在第 16 行的/srv/disk4/2113278/www/lucasclarke.co.nf/webTechFinal/Register.php 中发送
请注意,用户注册的信息确实会正确进入我的数据库,但该网站不像在我的本地主机上那样运行。有什么想法吗?提前谢谢。
<?php require 'connections.php'; ?>
<?php
if(isset($_POST['register'])) {
session_start();
$fname = $_POST['first_name'];
$lname = $_POST['last_name'];
$email = $_POST['email'];
$pw = $_POST['password'];
$sql = $con->query("INSERT INTO user (Fname, Lname, Email, Password)Values('{$fname}', '{$lname}', '{$email}', '{$pw}')");
header('Location: Login.php');
}
?>
<!------------------------------------------------------------------>
<!DOCTYPE HTML>
<html lang="en">
<head>
<title>Notekeep</title>
<link rel="stylesheet" type="text/css" href="stylesheet.css">
</head>
<body>
<div class="container">
<h1 class="title">Register<img src="logo.png" id="logo"></h1>
<form action="" method="post" name="registerform" id="registerform">
<div>
<input name="first_name" type="text" required="required" id="first_name" placeholder="First Name">
</div>
<div>
<input name="last_name" type="text" required="required" id="last_name" placeholder="Last Name">
</div>
<div>
<input name="email" type="email" required="required" id="email" placeholder="Email">
</div>
<div>
<input name="password" type="password" required="required" id="password" placeholder="Password">
</div>
<div>
<!-- <input name="password2" type="password" required="required" id="password2" placeholder="Re-Enter Password"> -->
</div>
<div>
<input name="register" type="submit" class="button" id="register" value="Register">
</div>
</form>
<a class="link" href="Login.php">Login</a>
</div>
</body>
</html>
正如我在评论中提到的,您的标题应如下所示:
<?php
require('connections.php');
// Remove space, should be continuous
// I would personally start session here
session_start();
if(isset($_POST['register'])) {
$fname = $_POST['first_name'];
$lname = $_POST['last_name'];
$email = $_POST['email'];
$pw = $_POST['password'];
// !! This is injection-prone !!
// You need to use bind parameters, this is unsafe
$sql = $con->query("INSERT INTO user (Fname, Lname, Email, Password)Values('{$fname}', '{$lname}', '{$email}', '{$pw}')");
header('Location: Login.php');
// Add here so the script stops execution
exit;
}
?>
另外,请注意您容易受到 SQL 注入的攻击。应使用参数绑定:
function insertNewUser($array,$con)
{
foreach($array as $key => $value) {
$key = trim($key,':');
$new[":{$key}"] = $value;
}
// I am assuming the use of PDO
$query = $con->prepare("INSERT INTO `user` (`Fname`,`Lname`,`Email`,`Password`) VALUES (:0,:1,:2,:3)");
$query->execute($new);
}
用:
$data = array(
$_POST['first_name'],
$_POST['last_name'],
$_POST['email'],
$_POST['password']
);
// Use the function
insertNewUser($data,$con);
header('Location: Login.php');
exit;
最后,您不应该将明文密码插入数据库。您应该使用password_hash()和password_verify()(或兼容的库)。