<?php
$utype = $_POST['type'];
$username=$_POST['username'];
$pre = $_POST['pre'];
$fname = $_POST['fname'];
$fname = ucwords($fname);
$lname = $_POST['lname'];
$lname = ucwords($lname);
$address = $_POST['address'];
$city = $_POST['city'];
$city = ucwords($city);
$province=$_POST['province'];
$pcode = $_POST['pcode'];
$pcode = mb_strtoupper($pcode);
$area_code = $_POST['area_code'];
$number1= $_POST['number1'];
$number2= $_POST['number2'];
$phnum = "(".$area_code.")".$number1."-".$number2;
$email = $_POST['nemail'];
$opass=$_POST['pass1'];
$pass = md5($_POST['pass1']);
$time=date("F j, Y");
$status="Not Activated";
if($email=="" || $username=="" || $fname=="" || $lname=="" || $address=="" or $pass==""){ die("<script language='JavaScript'>
window.alert('Not Enough Data Provided!')</script>
<meta http-equiv='REFRESH' content='0; r egister.php'>");;
}
include 'db_connect.php';
$sql = "select * from estatedeal_login where username = '".strtolower($username)."' OR email = '".strtolower($email)."'";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
if($row){
die("<script language='JavaScript'>
window.alert('Username/E-mail address already Exists!')</script>
<meta http-equiv='REFRESH' content='0; register.php'>");;
}
$sql="INSERT INTO estatedeal_login (username, email, password, utype, opass, time, status)
VALUES ('$username', '$email', '$pass', '$utype', '$opass', '$time', '$status')";
$result=mysql_query($sql);
if($result){
$sql2="Select uid from estatedeal_login where email='$email' AND password='$pass'";
$result2=mysql_query($sql2);
$row=mysql_fetch_array($result2);
$uid=$row["uid"];
$sql3="INSERT INTO estate_userinfo(uid, pre, fname, lname, address, city, province, pcode, phnum, email) VALUES ('$uid', '$pre', '$fname', '$lname', '$address', '$city', '$province', '$pcode', '$phnum', '$email')";
$result3=mysql_query($sql3) or die("<script language='JavaScript'>
window.alert('Sorry, Database Error!')</script>
<meta http-equiv='REFRESH' content='0; register.php'>");;
if ($result3){
$hour = time() + 3600*2;
setcookie('USERNAME_COOKIE', $email, $hour);
setcookie('PASSWORD_COOKIE', $pass, $hour);
if($utype=="Realtor"){ die("<meta http-equiv='REFRESH' content='0; regRealtor.php'>");; }
echo "<script language='JavaScript'>
window.location ='main.php';</script>";
}
}
else{
die(mysql_error());
}
?>
以上是我的代码。它在mysql中正确插入数据字段,但不在客户端设置cookie。如果我尝试使用我在数据库中插入的信息登录,则用于设置cookie的相同代码在登录页面上正常工作。是否还有其他选项来设置cookie。?
$hour = time() + 3600*2;
setcookie('USERNAME_COOKIE', $email, $hour);
setcookie('PASSWORD_COOKIE', $pass, $hour);
答案 0 :(得分:0)
我强烈建议您在向数据库中插入任何内容之前,先了解$_SESSION以及如何清除从$_POST或$_GET读取的变量;
http://php.net/manual/en/function.mysql-real-escape-string.php还要考虑您在我发送给您的页面上看到的警告。
答案 1 :(得分:0)
不是您问题的直接答案,但可能有用:
代替Cookie,您可以使用SESSION,看一下这个问题:Cookie VS Session。
您可能还想看一下使用SESSION实现用户管理的UserCake。以下是来自UserCake(login.php)的snipet:
//Passwords match! we're good to go'
//Construct a new logged in user object
//Transfer some db data to the session object
$loggedInUser = new loggedInUser();
$loggedInUser->email = $userdetails["email"];
$loggedInUser->user_id = $userdetails["id"];
$loggedInUser->hash_pw = $userdetails["password"];
$loggedInUser->title = $userdetails["title"];
$loggedInUser->displayname = $userdetails["display_name"];
$loggedInUser->username = $userdetails["user_name"];
//Update last sign in
$loggedInUser->updateLastSignIn();
$_SESSION["userCakeUser"] = $loggedInUser;
至少对我来说,这比打电话给setcookie('USERNAME_COOKIE', $email, $hour);感觉更清洁。
答案 2 :(得分:0)
<?php
ob_start()
setcookie('USERNAME_COOKIE', $email, $hour,'/');
setcookie('PASSWORD_COOKIE', $pass, $hour,'/');
答案 3 :(得分:0)
使用session而不是cookie。会话比cookie更安全。存储在服务器上。
使用session_start();在PHP文件的开头&amp;然后在会话中存储任何内容,如此
$ _ SESSION ['email'] = $ email;
&安培;在文件开头
中通过session_start()函数获取存储在会话中的值$ email = $ _SESSION ['email'];
会话更安全,因为它们存储在服务器而不是浏览器上。