简单的PHP + MySQL表单不起作用

时间:2012-06-26 02:45:42

标签: php mysql

好吧,最近我看了一个教程并在Notepad ++中编写了它。我正在尝试一个简单的MYSQL登录/注册表单,但是当我登录时,它给了我写的“错误的U / P”错误。它将数据库中的所有内容保存为md5和东西。这是我的代码。

register.php

<?php
require('config.php');

if(isset($_POST['submit'])){

//Preform the verification of the nation
$email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];

if($email1 == $email2) {
if($pass1 == $pass2) {
//All good.  Carry on.


$name = mysql_escape_string($_POST['name']);
$lname = mysql_escape_string($_POST['lname']);
$uname = mysql_escape_string($_POST['uname']);
$email1 = mysql_escape_string($_POST['email1']);
$email2 = mysql_escape_string($_POST['email2']);
$pass1 = mysql_escape_string($_POST['pass1']);
$pass2 = mysql_escape_string($_POST['pass2']);

$pass1 = md5($pass1);


$sql = mysql_query("SELECT * FROM `users` WHERE `uname` = '$uname'");
if(mysql_num_rows($sql) > 0) {
echo "Sorry, that user already exists!";
exit();
}

mysql_query("INSERT INTO `users` (`id`, `name`, `lname`, `uname`, `email`, `pass`) VALUES (NULL, '$name',  '$lname',  '$uname',  '$email1',  '$pass1')");




}else{
echo "Sorry, your passwords do not match<br><br>";
exit();

}
}else{
echo "Sorry, your emails do not match.<br><br>";

}






}else{

$form = <<<EOT
<form action="register.php" method="POST">
First Name: <input type="text" name="name" /><br />
Last Name: <input type="text" name="lname" /><br />
Username: <input type="text" name="uname" /><br />
Email: <input type="text" name="email1" /><br />
Confirm Email: <input type="text" name="email2" /><br />
Password: <input type="password" name="pass1" /><br />
Confirm Password: <input type="password" name="pass2" /><br />
<input type="submit" value="Register" name="submit" />
</form>
EOT;

echo $form;

}

?>

的login.php

<?php
require('config.php');

if(isset($_POST['submit'])){
$uname = mysql_real_escape_string($_POST['uname']);
$pass = mysql_real_escape_string($_POST['pass']);
$pass = md5($pass);

$sql = mysql_query("SELECET * FROM `users` where `uname` = '$uname' and `pass` = '$pass'");
if(mysql_num_rows($sql) > 0){
echo "You are now logged in.";


exit();
}else{
echo "Wrong U/P combination";
}


}else{
$form = <<<EOT
<form action="login.php" method="POST">
Username: <input tye="text" name="uname" /><br>
Password: <input type="password" name="pass" /><br>
<input type="submit" name="submit" value="Login" />
</form>
EOT;

echo "$form";
}

?>

和config.php

<?php
mysql_connect("localhost", "X", "X");
mysql_select_db("X");

?>

config.php代码是正确的,但我不是放弃X.

如您所见,如果不正确,此代码会回显login.php的错误。即使它是正确的,它也会给我错误。我使用了MD5哈希传递,所以请帮忙!

3 个答案:

答案 0 :(得分:1)

首先,你在那里使用`标签 - 这应该是'。

您需要插入或连接变量;即;而不是

mysql_query("INSERT INTO `users` (`id`, `name`, `lname`, `uname`, `email`, `pass`) VALUES (NULL, '$name',  '$lname',  '$uname',  '$email1',  '$pass1')");

使用;

mysql_query("INSERT INTO 'users' ('id', 'name', 'lname', 'uname', 'email', 'pass') VALUES (NULL, '{$name}',  '{$lname}',  '{$uname}',  '{$email1}',  '{$pass1}')");

无论如何,除了一些好的做法,看看这一行;

$sql = mysql_query("SELECET * FROM `users` where `uname` = '$uname' and `pass` = '$pass'");

只是一个小错字毁了你的一切。将SELECET改为SELECT,你应该好好去。

祝你好运!

  • 锐衡

答案 1 :(得分:0)

  1. 您不需要以下几行:

    $email2 = mysql_escape_string($_POST['email2']);

  2. `$pass2 = mysql_escape_string($_POST['pass2']);`
    

    2。运行SELECET * FROM users以查看用户/密码真正使其成为数据库 3.将echo "$uname $pass <br>";添加到登录表单以确保它正确传递

答案 2 :(得分:0)

另外两个答案是正确的,但是你有一个更基本的问题:你使用旧的,不推荐使用的mysql_ *函数。这些函数是MySQL的旧程序接口,不支持该RDBMS的现代功能。我建议使用mysqli或PDO进行数据库访问的OOP方法。

如果你要坚持这个古老的代码,你至少应该使用mysql_real_escape_string()代替mysql_escape_string()