PHP注册问题

时间:2013-04-20 11:50:00

标签: php post methods

我想知道这段编码中是否有任何错误/漏洞,也有人可以帮助我,因为我注册但是没有将数据插入数据库。如果有任何错误,请你纠正。我想要它,如果用户名存在,将它们重定向到错误?= 1,依此类推,密码不匹配。任何帮助表示赞赏。

Register.php 

 <form action="register_acc.php" method="post">
                            <input type="text" name="username" class="input" value="" autocomplete="off" placeholder="Username" maxlength="25" /><br />
                                <br />
                            <input type="password" name="password" class="input" value="" autocomplete="off" placeholder="Password" maxlength="20" /><br />
                                <br />
                            <input type="password" name="password2" class="input" value="" autocomplete="off" placeholder="Password again" maxlength="20" /><br />
                                <br />
                            <input type="text" name="email" class="input" value="" autocomplete="off" placeholder="Email" maxlength="255" /><br />
                                <br />
                                <input type="submit" name="submit "class="submit" value="Sign up">
                        </form>

register_acc.php 

<?php
    error_reporting(1);
     include 'site/inc/config.php';

      if (isset($_POST['submit'])) {
session_start();

$username = $_POST['username'];
$password = md5($_POST['password']);
$pass_conf = md5($_POST['password2']);
$email = $_POST['email'];
$ip = $_SERVER['REMOTE_ADDR'];
$date= date("d-m-Y");


$q = "SELECT * FROM `users` WHERE username = '$username'";
$r = mysql_query($q);

if (empty($username)) {
    header("Location: register.php?error=1");
        exit;
}

if ($password != $pass_conf) {
    header("Location: /site/register.php?error=2"); 
        exit;
}

if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    header("Location: /site/register.php?error=3"); 
        exit;
} 

if  (mysql_num_rows($r) == 0) {
    // Continue w/ registration, username is available!
    $query = "INSERT INTO `users` (id, username, password, email, ip, rank, reg_date)
    VALUES (0, '$username', '$password', '$email', '$ip', 1, '$date'())";
    $run = mysql_query($query);
    header("Location: /site/register.php?succsess=1"); 

}
          }
         else {
    header("Location: register.php?error=4");
           }
      ?>

1 个答案:

答案 0 :(得分:0)

您不会将$ username变量连接到查询中。 试试这个:

"SELECT * FROM `users` WHERE username = '".$username."'"

使用date()函数,你的INSERT查询看起来有点奇怪。试试这个:

$date = date("Y-m-d");
"INSERT INTO `users` (id, username, password, email, ip, rank, reg_date)
    VALUES (0, '$username', '$password', '$email', '$ip', 1, '".$date."')"

编辑:脚本示例

<?php
if(!isset($_POST['username'])||!isset($_POST['email'])||!isset($_POST['password']))//enter more values if necessary
{
header("Location: error_page.php?error=1");
}
else
{
//do whatever, eg execute query
}
?>
相关问题
最新问题