好的,所以我正在创建一个在线多人游戏,我已经创建了注册表单。我真的没有注意到代码的任何问题,并且想知道我是否能得到一些帮助。我写了用户名,密码,电子邮件然后点击“注册”,它会在“字段列表”中出现“未知栏名称”,谢谢:
<?PHP
//Database Information
$dbhost = "databasehost";
$dbname = "databasename";
$dbuser = "databaseusername";
$dbpass = "datebasepassword";
//Connect to database
mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());
$name = $_POST['name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = ($_POST['password']);
// lets check to see if the username already exists
$checkuser = mysql_query("SELECT username FROM users WHERE username='$username'");
$username_exist = mysql_num_rows($checkuser);
if($username_exist > 0){
echo "That name already exists.Try another";
unset($username);
include 'registration.html';
exit();
}
// lf no errors present with the username
// use a query to insert the data into the database.
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
mysql_query($query) or die(mysql_error());
mysql_close();
echo "You are now registered!!!";
// mail user their information
$yoursite = 'www.foodworldvw.tk';
$webmaster = 'Jordan';
$youremail = 'simplyentertainingji@gmail.com';
$subject = "Thanks for registering at our website :)";
$message = "$username, you are now registered on Food World
To login, simply go to http://foodworldplay.tk and enter in the following details in the login form:
Username: $username
Password: $password
$webmaster";
mail($email, $subject, $message, "From: $yoursite <$youremail>\nX-Mailer:PHP/" . phpversion());
echo "Thank you for registering with Food World.More information has been sent to your E-mail";
答案 0 :(得分:0)
INSERT INTO users (name =&gt; INSERT INTO users (username
你应该感到羞耻我比你更了解你的数据库
Also you have SQL Injection vulnerability in you code, and it's serious security issue.
你需要尽快修复它。