我正在使用php创建简单的注册表单。 我已经使用php完成了验证检查它工作正常..选择语句工作正常,以检查用户名是否退出.. 但在这里我有插入数据的问题..提交时没有任何反应。这里是完整的代码..所有代码都很好的问题是插入部分..请看看...
<h3>* Required Fields<br/> </h3>
<?php
if(isset($_POST['username'])){
# connect to the database here
# search the database to see if the user name has been taken or not
include 'config.php';
$username=$_POST['username'];
$query = "SELECT * FROM account WHERE userid='$username' ";
//$sql = mysql_query($query);
//$row = mysql_fetch_array($sql);
$sql=mysql_query($query) or die($sql.">>".mysql_error());
$row=mysql_num_rows($sql);
//if($num>0){ //check if
#check too see what fields have been left empty, and if the passwords match
if($row>0|| empty($_POST['fname'])||empty($_POST['lastname'])|| empty($_POST['username'])||empty($_POST['password1'])|| empty($_POST['password2'])|| empty($_POST['day'])|| empty($_POST['Month'])|| empty($_POST['year'])|| empty($_POST['gender']) || empty($_POST['contact'])||$_POST['password1']!=$_POST['password2']|| $_POST['gender_select']='gender'|| $_POST['month_select']='month'|| $_POST['day_select']='day'|| $_POST['year_select']='year'){
# if a field is empty, or the passwords don't match make a message
$error = '<h4>';
if(empty($_POST['fname'])){
$error .= 'First Name can\'t be empty<br>';
}
if(empty($_POST['lastname'])){
$error .= 'Last Name can\'t be empty<br>';
}
if(empty($_POST['username'])){
$error .= 'Email can\'t be empty<br>';
}
if(empty($_POST['password1'])){
$error .= 'Password can\'t be empty<br>';
}
if(empty($_POST['password2'])){
$error .= 'You must re-type your password<br>';
}
if(empty($_POST['contact'])){
$error .= 'contact is not selected<br>';
}
if($_POST['password1']!=$_POST['password2']){
$error .= 'Passwords don\'t match<br>';
}
if($row>0){
$error .= 'User Name already exists<br>';
}
if($_POST['gender_select'] == 'gender'){
$error.= "Please select a gender<br>";
}
if($_POST['month_select'] == 'month'){
$error.= "Please select a month<br>";
}
if($_POST['day_select'] == 'day'){
$error.= "Please select a day<br>";
}
if($_POST['year_select'] == 'year'){
$error.= "Please select a year<br>";
}
$error .= '</h4>';
}else{
$ftname=$_POST['fname'];
$lastname=$_POST['lastname'];
$gender=$_POST['gender'];
$bday=$_POST['day_select'];
$byear=$_POST['year_select'];
$bmonth=$_POST['month_select'];
$username=$_POST['username'];
$password=$_POST['password1'];
$contact=$_POST['contact'];
$query= mysql_query(" insert into Account (firstname,lastname,gender,bday,byear,bmonth,userid,password,contactno) values
('$ftname','$lastname','$gender','$bday','$byear','$bmonth','$username','$password','$contact')") or die(mysql_error());
if($query){
echo "New record was saved.";
// echo "<script>alert('Congratulation! You Create account successfully! ')</script>";
}
else
{
echo "Sorry no record saved.";
}
}
}
# echo out each variable that was set from above,
# then destroy the variable.
if(isset($error)){
echo $error;
unset($error);
}
?>
</div>
<form id="send" name="form" method="post" action="">
<p>
<label for="name">Name *</label>
<input type="text" name="fname" />
</p>
<p>
<label for="lastnamme">Father Name *</label>
<input type="text" name="lastname" />
</p>
<p>
<label for="username">Email Address *</label>
<input type="text" name="username" />
</p>
<p>
<label for="password">Password *</label>
<input type="password" name="password1" />
</p>
<p>
<label for="cpassword">Confirm Password *</label>
<input type="password" name="password2" />
</p>
<p>
<label for="dob">Date of Birth *</label>
<select name="day_select">
<option value="day" >Day </option>
<?php for($i=0;$i<=31;$i++)
{
?>
<option value="<?php echo $i; ?>"><?php echo $i."<br>"; ?></option>
<?php } ?>
</select>
<select name="month_select" >
<option value="month" >Month*</option>
<option value="January">January</option>
<option value="February">February</option>
<option value="March">March</option>
<option value="April">April</option>
<option value="May">May</option>
<option value="June">June</option>
<option value="July">July</option>
<option value="August">August</option>
<option value="September">September</option>
<option value="October">October</option>
<option value="November">November</option>
<option value="December">December</option>
<option value="unknown" >Unknown</option>
</select>
<select name="year_select" >
<option value="year" >Year </option>
<?php for($i=1920;$i<=2013;$i++)
{
?>
<option value="<?php echo $i; ?>"><?php echo $i."<br>"; ?></option>
<?php } ?>
</select>
</p>
<p>
<label for="genderr">Gender *</label>
<select name="gender_select" >
<option value="gender">Gender </option>
<option value="male">Male </option>
<option value="female">Female</option>
<option value="other">other</option>
</select>
</p>
<p>
<label for="contactno">Contact No *</label>
<input type="text" name="contact" />
</p>
<p>
<input type="submit" id="submit" name="submit" value="Sign Up" />
</p>
</form>
</div>
<!--END #signup-inner -->
</div>
<!--END #signup-form -->
</div>
</div>
</div><!-- end content -->
</div><!-- end main -->
<?php include('footer.php'); ?>
</body>
答案 0 :(得分:1)
你现在应该使用MySQLi而不是MySQL。而且你还需要先检查输入以避免SQL注入!
$ftname=mysqli_real_escape_string($con, $_POST['fname']);
$lastname=mysqli_real_escape_string($con, $_POST['lastname']);
$gender=mysqli_real_escape_string($con, $_POST['gender']);
$bday=mysqli_real_escape_string($con, $_POST['day_select']);
$byear=mysqli_real_escape_string($con, $_POST['year_select']);
$bmonth=mysqli_real_escape_string($con, $_POST['month_select']);
$username=mysqli_real_escape_string($con, $_POST['username']);
$password=mysqli_real_escape_string($con, $_POST['password1']);
$contact=mysqli_real_escape_string($con, $_POST['contact']);
mysqli_query($con, "INSERT INTO Account
(firstname,lastname,gender,bday,byear,bmonth,userid,password,contactno)
VALUES ('".$ftname."','".$lastname."','".$gender."','".$bday."','".$byear."','".$bmonth."','".$username."','".$password."','".$contact."')")
or die(mysqli_error($con));
但是,您需要在脚本开头定义$ con。它是与MySQL数据库的连接 -
$con=mysqli_connect("localhost","username","password","databasename");
希望有所帮助:)
答案 1 :(得分:0)
您没有在insert语句中正确连接您的值。 应该是
mysql_query(“插入帐户(名字,姓氏,性别,bday,byear,bmonth,userid,密码,contactno)值 ( ' “$ ftname。”' ' “$姓氏。”' ' “$的性别。”' ' “$ BDAY。”' ' “$ byear。”''”。$ bmonth。“','”。$ username。“','”。$ password。“','”。$ contact。“')”)或者死(mysql_error());
但是要小心你的方法很容易sql注入。您不应该将源自公共表单的值直接连接到SQL查询。您需要仔细转义值或使用PDO准备好的语句。