我可以连接到mysql db,我在其中创建了一个名为attorney_users的表。我想知道我错过了什么或做错了什么?我在下面发布了我的功能代码。当我注册用户时,它确认成功,但表格没有更新。
<?php
require_once('appvars.php');
require_once('connectvars.php');
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if (isset($_POST['submit'])) {
// Grab the profile data from the POST
$username = mysqli_real_escape_string($dbc, trim($_POST['username']));
$firstname = mysqli_real_escape_string($dbc, trim($_POST['firstname']));
$lastname = mysqli_real_escape_string($dbc, trim($_POST['lastname']));
$firmname = mysqli_real_escape_string($dbc, trim($_POST['firmname']));
$email = mysqli_real_escape_string($dbc, trim($_POST['email']));
$password = mysqli_real_escape_string($dbc, trim($_POST['password']));
$password2 = mysqli_real_escape_string($dbc, trim($_POST['password2']));
if (!empty($username) && !empty($password) && !empty($password2) && ($password == $password2)) {
// Make sure someone isn't already registered using this username
$query = "SELECT * FROM attorney_users WHERE username = '$username'";
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 0) {
// The username is unique, so insert the data into the database
$query = "INSERT INTO attorney_users (username, firstname, lastname, firmname, email, password, date) VALUES ('$username', '$firstname', '$lastname', $firmname, $email, SHA('$password'), NOW())";
mysqli_query($dbc, $query);
// Confirm success with the user
echo '<p>Your new account has been successfully created. You\'re now ready to <a href="index.php">log in</a>.</p>';
mysqli_close($dbc);
exit();
}
else {
// An account already exists for this username, so display an error message
echo '<p class="error">An account already exists for this username. Please use a different username.</p>';
$username = "";
}
}
else {
echo '<p class="error">You must enter all of the sign-up data, including the desired password twice.</p>';
}
}
mysqli_close($dbc);
?>
<div id="main-wrapper">
<div id="register-wrapper">
<form method="post" action = "<?php echo $_SERVER['PHP_SELF'];?>">
<fieldset>
<ul>
<label for="username">Username : </label>
<input type="text" id="username" name = "username" value = "<?php if (!empty($username)) echo $username; ?>" />
<label for="firstname">First Name : </label>
<input type="text" id="firstname" name = "firstname" />
<label for="lastname">Last Name : </label>
<input type="text" id="lastname" name = "lastname" />
<label for="firmn">Firm Name : </label>
<input type="text" id="firmname" name = "firmname" />
<label for="email">Email : </label>
<input type="text" id="email" name = "email" />
<label for="password">Password : </label>
<input type="password" id="password" name="password" />
<label for="password2">Verify Password : </label>
<input type="password" id="password2" name="password2" />
</li>
<li class="buttons">
<input type="submit" value="Register" name="submit" />
<input type="button" name="cancel" value="Cancel" onclick="location.href='index.php'" />
</li>
</ul>
</fieldset>
</form>
</div>
</div>
</body>
</html>
答案 0 :(得分:0)
date
保留在mysql
中,使用`围绕列名
$query = "INSERT INTO attorney_users (`username`, `firstname`,
`lastname`, `firmname`, `email`, `password`, `date`)
VALUES ('$username', '$firstname', '$lastname', $firmname,
$email, SHA('$password'), NOW())";
为什么使用mysqli_real_escape_string
进行转义,你可以在这里使用预备语句。
修改强>
用于检查查询中的错误
$data = mysqli_query($dbc, $query) or die(mysqli_error());
答案 1 :(得分:0)
从
更改您的$查询$query = "INSERT INTO attorney_users (username, firstname, lastname, firmname, email, password, date) VALUES ('$username', '$firstname', '$lastname', $firmname, $email, SHA('$password'), NOW())";
到
$password = SHA1($password);
$query = "INSERT INTO attorney_users (`username`, `firstname`, `lastname`, `firmname`, `email`, `password`, `date`) VALUES ('{$username}', '{$firstname}', '{$lastname}', '{$firmname}', '{$email}', '{$password}', NOW())";