以下是根据用户在表单中输入的内容注册用户的功能。
function register($firstname, $lastname , $email, $password, $password2){
// check if the first password is allowed
if(!checkLogin($email, $password)){
echo "checklogin failed";
return false;
}
// check if two passwords are equal
if(strcmp($password, $password2) != 0){
echo "passwords rent the same";
return false;
}
// explode the email into two pieces
$email = explode('@' , $email);
echo "" . $email[0] . " and " . $email[1] . "";
$insertemail = "$email[0]-" . "$email[1]";
echo "" . $insertemail . "";
// connect to database and insert values
require("db.inc.php");
$query = "INSERT into users set
firstname = ".mysqli_real_escape_string($link, $firstname) ." ,
lastname = ".mysqli_real_escape_string($link, $lastname) ." ,
email = ".mysqli_real_escape_string($link, $insertemail) ." ,
password = ".mysqli_real_escape_string($link, $password) ." ";
$result = mysqli_query($link, $query)
or die("Error: " . mysqli_error($link));
// check the query worked
if(!result){
return false;
}
return true;
}
我不确定这是否有帮助,但'Connor'值是我在表单中输入的值并存储在$ firstname中。
答案 0 :(得分:2)
你需要在SQL查询中用引号括起文本值,更不用说你的INSERT语法有点过了:
$query = "INSERT INTO users (firstname, lastname, email, password) VALUES
(
'" . mysqli_real_escape_string($link, $firstname) . "' ,
'" . mysqli_real_escape_string($link, $lastname) . "' ,
'" . mysqli_real_escape_string($link, $insertemail) . "' ,
'" . mysqli_real_escape_string($link, $password) . "'
) ";