有人可以向我解释我的注册页面有什么问题吗?数据库连接很好但是当我检查表时没有任何新用户。
我的HTML
<form action="register.php" method="post">
<input type="text" name="username" placeholder="username"><br/>
<input type="password" name="password" placeholder="password"><br/>
<input type="text" name="email" placeholder="E-mail"><br/>
<input type="submit" value="Submit">
</form>
我的PHP
<?php
$user_name = "mah user name";
$password = "mah password";
$database = "Peoples";
$server = "mysql6.000webhost.com";
$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);
$username = test_input($_POST["username"]);
$email = test_input($_POST["email"]);
$password = $_POST["password"];
$registered=0;
if ($db_found) {
$SQL = "INSERT INTO users (username,password,email,registered) VALUES ($username, $password, $email,$registered)";
$result = mysql_query($SQL);
mysql_close($db_handle);
print "Records added to the database";
}
else {
print "Database NOT Found ";
mysql_close($db_handle);
}
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
Sorrry如果代码太多了。 ?&GT;
答案 0 :(得分:0)
尝试将函数test_data放在值之前。
<?php
$user_name = "mah user name";
$password = "mah password";
$database = "Peoples";
$server = "mysql6.000webhost.com";
$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);
function test_input($data){
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$username = test_input($_POST["username"]);
$email = test_input($_POST["email"]);
$password = $_POST["password"];
$registered=0;
/* or you could use PHP built in filters
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
*/
$SQL = "INSERT INTO users (username,password,email,registered) VALUES ('$username','$password','$email','$registered')";
$result = mysql_query($SQL) or die(mysql_error());
if($result) {
echo 'Registration was successfull.';
}
else {
echo 'Registration was not successfull';
}
mysql_close($db_handle);
?>
有关内置过滤器的更多信息PHP Filters
答案 1 :(得分:0)
之前我遇到过这些问题,因为MySQL错误没有显示为PHP错误,所以通常需要一点点 - 因此不会打印到页面上。我个人会利用MySQL和PHP,因为它有更多支持几个东西,如果你想要特定的话,只需要谷歌搜索,有时SQL只需要在带有`字符(左边1键)的查询中包装表和数据库名称在Windows键盘上)
请尝试使用以下代码:
<?php
// Init databse connection
$db_handle = new mysqli("mysql6.000webhost.com","username","password","Peoples") or die("Database connection error");
// check connection
if ($db_handle->connect_errno) {
printf("Connect failed: %s\n", $mysqli->connect_error);
exit();
}
// Strip function for query string
function test_input($data){
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$username = test_input($_POST["username"]);
$email = test_input($_POST["email"]);
$password = $_POST["password"];
$registered=0;
// Try insert query, sometimes wrapping the table name in ` characters solves the issue - only use on database and table names not values
if($result = $db_handle->query("INSERT INTO `users` (username,password,email,registered) VALUES ('$username','$password','$email','$registered');")) {
echo 'Records added to the database';
// free result set
$result->close();
}
else {
echo 'Database NOT Found';
}
$db_handle->close();
?>
这也是取消设置($ var)的好习惯;但是说实话,如果你期待很少的流量,那就不用担心了。
如果您在数据库中持有用户数据,持有原始密码会让人感到不安,如果数据被盗,您真的不应该这样做,然后您必须向所有用户解释为什么有人在运行他们喜欢用于登录的所有内容的用户名和密码。
您应该使用:
$password = hash('sha256',$_POST['password']);
并存储该字符串或您喜欢的任何其他哈希变体 - sha256恰好是我喜欢使用的那个。当用户尝试登录时,您应该再次散列他们提供的密码,并根据存储在数据库中的哈希进行检查。
最后,如果用户在线输入密码,某些用户可能更愿意为您的域使用SSL加密,如果您不熟悉,请再次进行谷歌搜索,我会尽可能多地回答问题:)