我无法从表单到数据库输入信息

时间:2013-10-17 21:37:25

标签: php

`我正在尝试从注册表单向数据库输入数据,但它似乎无法正常工作,我认为我做了正确的编码我不知道我在哪里做错了我按代码读取代码并且我创建的所有数据库都做了跟随 。

<form method='post' action='login.php'>
<table width='400' border='5' align='CENTER'>

<tr>
<td><h1>Registration</h1></td>

</tr>

<tr>
<td>User Name:</td>
<td><input type='text' name='name'/></td>
</tr>

<tr>
<td>Password:</td>
<td><input type='password' name='pass'/></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email'/></td>
</tr>
<tr>
<td><input type='submit' name='register' value='register'/></td>

</tr>

</table>
</form>

<?php
    $connect=mysql_connect("localhost","root","");
    $db_selected = mysql_select_db("users_db", $connect); 
    if(isset($_POST['submit'])){

    $users_name = $_POST['name'];
    $users_pass = $_POST['pass'];
    $users_email = $_POST['email'];

    if($users_name==''){
    echo "<script>alert('Please enter your Username')</script>";
        exit();
    }

    if($users_pass==''){
    echo "<script>alert('Please enter your password')</script>";
        exit();
    }

    if($users_email==''){
    echo "<script>alert('Please enter your email')</script>";
        exit();
    }

    $check_email="select*from 
    users where 
    users_email='$users_email'";

    $run = 
    mysql_query($check_email) or
    die(mysql_error());


    if(mysql_num_rows($run)>0){

    echo"<script>alert('Email $users_email 
    is already exist in our databse, please try another 
    one')</script>";  exit();
    }


    $query = "insert into users 
    (users_name,users_pass,users_email) values('
    $users_name','$users_pass','$users_email')";


    { 
        $result = mysql_query($query) 
        or die(mysql_error());
    }

    echo"<script>alert
    window.open('','_self')</script>";
    }

?>

1 个答案:

答案 0 :(得分:1)

将初始分配更改为:

$users_name = mysql_real_escape_string($_POST['name']);
$users_pass = mysql_real_escape_string($_POST['pass']);
$users_email = mysql_real_escape_string($_POST['email']);

以避免字段中的特殊字符出现问题,以及防止SQL注入。

将插入查询更改为:

$query = "insert into users (users_name,users_pass,users_email)
          values('$users_name','$users_pass','$users_email')";

您在$users_name之前有一个无关的换行符和空格,因此这些换行符和空格被插入到数据库中。