【发布时间】:2014-03-16 14:20:44
【问题描述】:
我有以下从视频教程系列中获得的代码。 (我听说下面代码的某些部分被认为是不好的做法......)。我一直试图让它保存我的注册信息,但它不起作用。它检测到填写表格的错误就好了,它还显示“请登录开始”!当我正确提交所有内容,但它不会将任何数据保存到数据库中:
PHP
<?php include ("./inc/connect.inc.php"); ?>
<?php
$reg = @$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; //Password 2
$d = ""; //Sign up date
$u_check = ""; //Check if username exists
//registration form
$fn = strip_tags(@$_POST['fname']);
$ln = strip_tags(@$_POST['lname']);
$un = strip_tags(@$_POST['username']);
$em = strip_tags(@$_POST['email']);
$em2 = strip_tags(@$_POST['email2']);
$pswd = strip_tags(@$_POST['password']);
$pswd2 = strip_tags(@$_POST['password2']);
$d = date("Y-m-d"); //Year - Month - Day
if ($reg) {
if ($em==$em2) {
// check if user already exists
$u_check = mysqli_query($link,"SELECT username FROM users WHERE username='$un'");
// count the amount of rows where username = $un
$check = mysqli_num_rows($u_check);
if ($check == 0) {
// check all of the fields have been filled
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username, first, and last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username, first, and last name is 25 characters!";
}
else
{
// check the length of password does not exceed 30 characters and is no less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 charcters long!";
}
else
{
// encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysqli_query($link,"INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0')");
die("<h2>Welcome to findFriends</h2> Please login to get started!");
}
}
}
else {
echo "Your passwords do not match!!";
}
}
else {
echo "Please Fill in all required fields.";
}
}
else {
echo "Sorry, that username is not available.";
}
}
else {
echo "Your email does not match!";
}
}
?>
HTML
<div style="width: 200px; margin-left: 550px; margin-top: 20px;">
<table>
<tr>
<td width="90%" valign="top">
<h2>Join findfriends Today!</h2>
</td>
<td width="40%" valign="top"></td>
<h2>Sign Up Below!</h2>
<form action="index.php" method="POST">
<input type="text" name="fname" size="25" placeholder="First Name"><br /><br />
<input type="text" name="lname" size="25" placeholder="Last Name"><br /><br />
<input type="text" name="username" size="25" placeholder="Username"><br /><br />
<input type="text" name="email" size="25" placeholder="Email"><br /><br />
<input type="text" name="email2" size="25" placeholder="Email"><br /><br />
<input type="text" name="password" size="25" placeholder="Password"><br /><br />
<input type="text" name="password2" size="25" placeholder="Password (again)"><br /><br />
<input type="submit" name="reg" value="Sign Up!">
</form>
</tr>
</table>
</div>
</body>
</html>
MYSQL(添加到 phpmyadmin)
CREATE TABLE IF NOT EXISTS `users` (
`id` int(11) NOT NULL AUTO_INCREMENT, /* AUTO_INCREMENT = 1st user, id 1, 2nd user, id 2....*/
`username` varchar(255) NOT NULL,
`first_name` varchar(255) NOT NULL,
`last_name` varchar(255) NOT NULL,
`email` varchar(255) NOT NULL,
`password` varchar(32) NOT NULL,
`sign_up_date` date NOT NULL,
`activated` enum('0','1') NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1;
还有connect.inc.php:
<?php
$link = mysqli_connect('localhost', 'user', 'pswd', 'socialnetwork') or die ("Couldn't connect to SQL server");
?>
【问题讨论】:
-
如果您使用的是 MySQLi,那么请学习使用带有绑定变量的预处理语句;不要简单地将数据直接注入到您的 SQL 语句中
-
在进行查询后检查 mysqli_error 以确保您没有收到错误
-
@MarkBaker 视频中的原始代码使用的是 MySQL。所以我只是将所有内容都更改为 MySQLi,并在查询中添加了一个 $link。你能举例说明我应该怎么做吗?
-
@PatrickEvans 我刚刚做了,它没有报告任何错误。
-
在您将所有内容更改为 mysqli 之前它是否有效?
connect.php“链接到index.php”在哪里?