我写了下面这段代码&如果pswd = retype pswd,它必须回显“注册成功” &安培;稍后将以下值插入TABLE(WHICH IS NOT)。它只是echo的注册成功,但值没有插入TABLE。我非常确定我在PHP代码中连接到DB失败了,请更正我的代码! 我的守则如下:
<?php
session_start();
include('header.php');
$mysql_host = 'localhost';
$mysql_user = 'root';
$mysql_pass = '1234';
$mysql_db = "my_db";
if (!mysql_connect($mysql_host, $mysql_user, $mysql_pass) || !mysql_select_db($mysql_db))
{
die(mysql_error());
}
if( isset( $_REQUEST['namevar'] ) ){
$nmvar = $_REQUEST['namevar'];
$email = $_REQUEST['name1'];
$psvar = $_REQUEST['p1'];
$cpsvar = $_REQUEST['p2'];
$gender = $_REQUEST['r1'];
$clvar = $_REQUEST['t2'];
$plvar = $_REQUEST['t1'];
if($psvar == $cpsvar)
{
$sql = "INSERT INTO `users` (name,email,password,confirm password,gender,college,place)
VALUES ('$nmvar','$email','$psvar','$cpsvar','$gender','$clvar','$plvar')";
mysql_query($sql);
echo "Signup successful";
}
else
{
echo "Password Mismatch";
}
}
?>
<form action="" method="post">
Name:
<input type="text" name="namevar" /><br/>
E-mail:
<input type="text" name="name1" /><br/>
Password:
<input type="password" name="p1" /><br/>
Confirm Password:
<input type="password" name="p2" /><br/>
Gender:
<input type="radio" name="r1" />
Male
<input type="radio" name="r1" />
Female
<br/>
Location:
<input type="text" name="t1" /><br/>
College:
<input type="text" name="t2" /><br/>
<input type="submit" value="submit" /><br/>
<input type="reset" value="reset" />
</form>
答案 0 :(得分:1)
在将数据提交到数据库之前,您应该对数据使用mysql_real_escape_string()函数。否则,您的代码存在SQL注入的风险。