好的,所以我花了5分钟拿出一个不错的标题,让读者很好地理解我的问题。我有一个表单,一个PHP代码添加一个新用户(任何网站的用户注册部分)和一个数据库。我在php代码中有足够的错误检查。但是,当我填写表单并单击注册时,不会显示错误。在正常情况下,这意味着成功,但在这种情况下,表单中的数据不会进入数据库。我错过了什么吗?我对php用户授权/验证相当新,所以它可能意味着我错过了一些东西。代码如下:
形式:
<form class="form-inline" method="post" name="login_form">
<form action="useradd.php" method="post">
<p><input type="text" class="span2" name="firstname" id="firstname" placeholder="First Name"></p>
<p><input type="text" class="span2" name="lastname" id="Last Name" placeholder="Last Name"></p>
<p><input type="text" class="span2" name="username" id="username" placeholder="Username"></p>
<p class="help-block" style="font-size:12px"> Username should be between 4-20 characters long.</p>
<p><input type="Password" class="span2" name="Password" placeholder="Password"></p>
<p class="help-block" style="font-size:12px"> Password must be between 4-20 characters long. Must be alpha-numeric</p>
<p><input type="Password" class="span2" name="Password" placeholder="Re-Enter Password"></p>
<p><input type="text" class="span4" name="emailid" id="emailid" placeholder="Emaid ID - example@example.com"></p>
<p><input type="text" class="span2" name="teamname" id="teamname" placeholder="Team name"></p>
<p class="help-block" style="font-size:12px"> Select your Unique team name.</p>
<p>
<select class="selectpicker">
<option>The name of the city where you were born</option>
<option>The name of your first pet</option>
<option>What is your mother's maiden name</option>
</select>
</p>
<p><input type="text" class="span2" name="secretanswer" id="secretanswer" placeholder="Secret Answer"></p>
<p>
<input type="hidden" name="form_token" value="<?php echo $form_token; ?>" /><br />
<p><button type="submit" class="btn btn-primary">Register</button></p>
</form>
php文件 - 名为useradd.php
<?php
/*** begin our session ***/
session_start();
/*** first check that both the username, password, form token etc have been sent ***/
if(!isset( $_POST['firstname'],$_POST['lastname'],$_POST['username'], $_POST['password'],$_POST['emailid'],$_POST['teamname'],$_POST['secret_question'],$_POST['secret_answer'], $_POST['form_token']))
{
$message = 'Please make sure you have the filled the form correctly';
}
/*** check the form token is valid ***/
elseif( $_POST['form_token'] != $_SESSION['form_token'])
{
$message = 'Invalid form submission';
}
/*** check the username is the correct length ***/
elseif (strlen( $_POST['username']) > 20 || strlen($_POST['username']) < 4)
{
$message = 'Incorrect Length for Username';
}
/*** check the password is the correct length ***/
elseif (strlen( $_POST['password']) > 20 || strlen($_POST['password']) < 4)
{
$message = 'Incorrect Length for Password';
}
/*** check the username has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['username']) != true)
{
/*** if there is no match ***/
$message = "Username must be alpha numeric";
}
/*** check the password has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['password']) != true)
{
/*** if there is no match ***/
$message = "Password must be alpha numeric";
}
else
{
/*** if we are here the data is valid and we can insert it into database ***/
$firstname = filter_var($_POST['firstname'], FILTER_SANITIZE_STRING);
$lastname = filter_var($_POST['lastname'], FILTER_SANITIZE_STRING);
$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
$password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);
$emailid = filter_var($_POST['emailid'], FILTER_SANITIZE_STRING);
$teamname = filter_var($_POST['teamname'], FILTER_SANITIZE_STRING);
$secret_question = filter_var($_POST['secret_question'], FILTER_SANITIZE_STRING);
$secret_answer = filter_var($_POST['secret_answer'], FILTER_SANITIZE_STRING);
/*** now we can encrypt the password ***/
$password = sha1( $password );
/*** connect to database ***/
/*** mysql hostname ***/
$mysql_hostname = 'localhost';
/*** mysql username ***/
$mysql_username = 'root';
/*** mysql password ***/
$mysql_password = 'hassan28';
/*** database name ***/
$mysql_dbname = 'adb project';
try
{
$dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password);
/*** $message = a message saying we have connected ***/
/*** set the error mode to excptions ***/
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
/*** prepare the insert ***/
$stmt = $dbh->prepare("INSERT INTO users (firstname,lastname,username,password,emailid,teamname, secret_question,secret_answer ) VALUES (:firstname,:lastname,:username,:password, :emailid,:teamname,:secret_question,:secret_answer)");
/*** bind the parameters ***/
$stmt->bindParam(':firstname', $firstname, PDO::PARAM_STR);
$stmt->bindParam(':lastname', $lastname, PDO::PARAM_STR);
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->bindParam(':password', $password, PDO::PARAM_STR, 40);
$stmt->bindParam(':emailid', $emailid, PDO::PARAM_STR);
$stmt->bindParam(':teamname', $teamname, PDO::PARAM_STR);
$stmt->bindParam(':secret_question', $secret_question, PDO::PARAM_STR);
$stmt->bindParam(':secret_answer', $secret_answer, PDO::PARAM_STR);
/*** execute the prepared statement ***/
$stmt->execute();
/*** unset the form token session variable ***/
unset( $_SESSION['form_token'] );
/*** if all is done, say thanks ***/
$message = 'New user added';
}
catch(Exception $e)
{
/*** check if the username already exists ***/
if( $e->getCode() == 23000)
{
$message = 'Username already exists';
}
else
{
/*** if we are here, something has gone wrong with the database ***/
$message = 'We are unable to process your request. Please try again later"';
}
}
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<p><?php echo $message; ?>
</body>
</html>
答案 0 :(得分:1)
检查secretanswer(在html中)与secret_answer(在php中)。应该是:
<p><input type="text" class="span2" name="secret_answer" id="secret_answer" placeholder="Secret Answer"></p>
此外,您的PHP需要“secret_question”的值,但您的表单未提交。你想要这样的东西:
<select class="selectpicker" id="secret_question" name="secret_question">
<option value="city_born">The name of the city where you were born</option>
<option value="first_pet">The name of your first pet</option>
<option value="mom_maiden_name">What is your mother's maiden name</option>
</select>
答案 1 :(得分:0)
在MySQL查询中,您使用的字段名称secret answer应为secret_answer。
- 康纳