null值提交给mysql数据库

时间:2013-01-26 05:52:20

标签: php mysql variables login submit

我正在尝试为我的网站制作用户系统,但在提交时却遇到了一些麻烦。它始终向数据库提交0以获取所有内容。我已经读过关于全球和地方变量的w3schools,我想这可能是我的问题,但我不确定。 继承我的代码

<?php
$con = mysql_connect(localhost, 262096, 9201999);
if (!$con)
    {
    die('Could not connect: ' . mysql_error());
    }
mysql_select_db("262096", $con);
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$password = $_POST['password'];
$passwordconf = $_POST['passwordconf'];
$email = $_POST['email'];
$securityq = $_POST['securityq'];
$qanswer = $_POST['qanswer'];

if(!isset($firstname) || !isset($lastname) || !isset($username) || !isset($password) || !isset($passwordconf) || !isset($email) || !isset($securityq) || !isset($qanswer))
    {
    echo "You did not fill out the required fields.";
    }

$uname = "SELECT * FROM users WHERE username='{$username}'";
$unamequery = mysql_query($uname) or die(mysql_error());
if(mysql_num_rows($unamequery) > 0) 
    {
    echo "The username you entered is already taken";
    }

$emailfind = "SELECT * FROM users WHERE email='{$email}'";
$emailquery = mysql_query($emailfind) or die(mysql_error());
if(mysql_num_rows($emailquery) > 0)
    {
    echo "The email you entered is already registered";
    }

if($password != $passwordconf)
    {
    echo "The passwords you entered do not match";
    }

$regex = "/^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+.[a-z]{2,}$/i";
if(!preg_match($regex, $email))
    {
    echo "The email you entered is not in name@domain format";
    }

else
    {
    $salt = mcrypt_create_iv(32, MCRYPT_DEV_URANDOM);
    $hpassword = crypt($password,$salt);
    $insert = "INSERT INTO users (firstname, lastname, username, password, email, securityq, qanswer, salt)
    VALUES ('$firstname','$lastname','$username','$hpassword','$email','$securityq','$qanswer','$salt')";
    mysql_query($insert);


    if(!mysql_query($insert))
        {
        die('Could not submit');
        }
    else
        {
        echo "Information was submited.  Please check your email for confirmation";
        }
    }


?>

1 个答案:

答案 0 :(得分:0)

让我试着回答。

首先,我同意移植到PDO的建议。不推荐使用mysql_ *函数。但是如果你想使用它,由于你的sql中的' -symbols,直接在 sql之前转义每个变量:

$hpassword  = mysql_real_escape_string($hpassword );

对于我来说,以下语法更容易查看而不是插入... values():

$insert = "INSERT INTO `users` 
    SET `firstname` = '$firstname',
    SET `hpassword` = '$hpassword'..."

实际上,我试图忘记这种代码。我使用PDO或舒适的uniDB类来处理简单的应用程序。

无论是否匹配密码等错误,它是否正确插入用户?你应该修好条件。

您的条件逻辑是错误的。您在if(!preg_match($regex, $email))之后提交。因此,如果电子邮件是正确的,它会提交。使用ELSEIF

修复如下 
$regex = "/^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+.[a-z]{2,}$/i";

if(mysql_num_rows($emailquery) > 0){
    echo "The email you entered is already registered";
}elseif($password != $passwordconf){
    echo "The passwords you entered do not match";
}elseif(!preg_match($regex, $email))
{
    echo "The email you entered is not in name@domain format";
}else{
    // insertion code HERE
}
相关问题
最新问题