`我正在尝试从注册表单向数据库输入数据,但它似乎无法正常工作,我认为我做了正确的编码我不知道我在哪里做错了我按代码读取代码并且我创建的所有数据库都做了跟随 。
<form method='post' action='login.php'>
<table width='400' border='5' align='CENTER'>
<tr>
<td><h1>Registration</h1></td>
</tr>
<tr>
<td>User Name:</td>
<td><input type='text' name='name'/></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass'/></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email'/></td>
</tr>
<tr>
<td><input type='submit' name='register' value='register'/></td>
</tr>
</table>
</form>
<?php
$connect=mysql_connect("localhost","root","");
$db_selected = mysql_select_db("users_db", $connect);
if(isset($_POST['submit'])){
$users_name = $_POST['name'];
$users_pass = $_POST['pass'];
$users_email = $_POST['email'];
if($users_name==''){
echo "<script>alert('Please enter your Username')</script>";
exit();
}
if($users_pass==''){
echo "<script>alert('Please enter your password')</script>";
exit();
}
if($users_email==''){
echo "<script>alert('Please enter your email')</script>";
exit();
}
$check_email="select*from
users where
users_email='$users_email'";
$run =
mysql_query($check_email) or
die(mysql_error());
if(mysql_num_rows($run)>0){
echo"<script>alert('Email $users_email
is already exist in our databse, please try another
one')</script>"; exit();
}
$query = "insert into users
(users_name,users_pass,users_email) values('
$users_name','$users_pass','$users_email')";
{
$result = mysql_query($query)
or die(mysql_error());
}
echo"<script>alert
window.open('','_self')</script>";
}
?>
答案 0 :(得分:1)
将初始分配更改为:
$users_name = mysql_real_escape_string($_POST['name']);
$users_pass = mysql_real_escape_string($_POST['pass']);
$users_email = mysql_real_escape_string($_POST['email']);
以避免字段中的特殊字符出现问题,以及防止SQL注入。
将插入查询更改为:
$query = "insert into users (users_name,users_pass,users_email)
values('$users_name','$users_pass','$users_email')";
您在$users_name
之前有一个无关的换行符和空格,因此这些换行符和空格被插入到数据库中。