注册表没有提交 - 没有错误

时间:2013-11-14 05:03:44

标签: php mysql

我不确定此代码有什么问题。我没有收到任何提交错误,但没有发送电子邮件,也没有任何东西被添加到我的服务器。我希望它在提交时重定向。我该怎么做?

<?php
session_start();
include('config-db.php');
if(isset($_POST['submit']))
{
if(isset($_SESSION['error']))
{
header("Location: index.php");
exit;
}
else

{
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$workID = $_POST['workID'];
$phoneNumber = $_POST['PhoneNumber'];
$userLevel = $_POST['userLevel'];
$com_code = md5(uniqid(rand()));

$sql2 = "INSERT INTO members (username, Email, password, com_code, workID,     PhoneNumber, userLevel) VALUES ('$username', '$email', '$password', '$com_code', '$workID',      '$phoneNumber', '$userLevel')";
$result2 = mysqli_query($mysqli,$sql2) or die(mysqli_error());

if($result2)
{
$to = $email;
$subject = "Confirmation from TutsforWeb to $username";
$header = "TutsforWeb: Confirmation from TutsforWeb";
$message = "Please click the link below to verify and activate your account. rn";
$message .= "http://www.yourname.com/confirm.php?passkey=$com_code";

$sentmail = mail($to,$subject,$message,$header);

}
}
}
?>

1 个答案:

答案 0 :(得分:0)

尝试并使用它来调试。这不是一个真正的解决方案,但它可以帮助您更轻松地找到问题的根源。我知道我们都对你“应该”做了什么做了很多不同的评论。这包装了一切。您应该能够直接复制并粘贴代码并使其正常工作。我确实为你测试过。

我向您展示了如何正确使用mysqli来防止SQL注入......既然您已经在mysql中使用该类(好工作,顺便说一句),您应该充分利用其功能。

对于生产代码,您需要删除所有 debug 语句,以便不向用户打印应保密的信息。

此外 - 密码不应以明文保存 。你应该剃掉它的哈希版本。哈希基本上只是单向加密。这实际上取决于您希望如何散列密码的PHP版本... 

<?php 

// remember to remove/comment out the debug statements after use 

session_start();

$included_db = include('config-db.php');

// debug statement to see if file was included 
echo 'config-db.php was ' . (($included_db) ? '' : 'not ') . 'successfully included  <br/>';

// debug statement to see what exactly is in post
echo "<pre>\$_POST['submit'] contains:    \n".print_r($_POST,true)."</pre>"; 

if (isset($_POST['submit']))
{
   if (isset($_SESSION['error']))
   {
      header("Location: index.php");
      exit;
   }
   else 
   {   
      $username  = $_POST['username'];
      $email     = $_POST['email'];
      $password  = $_POST['password'];
      $workID    = $_POST['workID'];
      $phoneNumber = $_POST['PhoneNumber'];
      $userLevel   = $_POST['userLevel'];
      $com_code    = md5(uniqid(rand()));

      $query = "INSERT INTO members (username, email, password, com_code, workID, PhoneNumber, userLevel) 
                              VALUES (?,        ?,     ?,        ?,        ?,        ?,           ?)"; 

      // preparing and binding a query with mysqli_ 
      // protects against sql injection                
      if ($stmt = $mysqli->prepare($query)) 
      { 
          $com_code = md5(uniqid(rand()));

          // bind parameters for markers in correct order
          $stmt->bind_param("sssssss", $username, $email, $password, 
                                       $com_code, $workID, $phoneNumber, 
                                       $userLevel);

          // run the statement 
          $success = $stmt->execute(); 

          if ($success)
          {
             $to = $username;
             $subject  = "Confirmation from TutsforWeb to $username";
             $header   = "TutsforWeb: Confirmation from TutsforWeb";
             $message  = "Please click the link below to verify and activate your account. rn";
             $message .= "http://www.yourname.com/confirm.php?passkey=$com_code";

             // debug statement to make sure the to field is not empty
             if (empty($username)) print "Warning: The username is empty <br/>."; 

             $sentmail = mail($to, $subject, $message, $header); 

             // debug statements to see if the mail was sent or not
             if ($sentmail) { print "The mail was sent successfully.<br/>"; }
                       else { print "The mail did NOT send successfully.<br/>";  }
          }
          else 
          {
             // debug for the insert query failure.. 
             echo "The query failed to run. <br/>";  
             echo "<pre>\$mysqli->error_list contains:    \n".print_r($mysqli->error_list,true)."</pre>"; 
          } 
      }
      else 
      {  
         // debug statement 
         echo "the query could not be prepared correctly. <br/>"; 
      } 

   }  // end of (isset($_SESSION['error']))

}  // end of (isset($_POST['submit']))
else 
{
   // debug statement to say $_POST['submit'] was not set
   echo "\$_POST['submit'] was not set.  <br/>";
}
?>

请随时留下有关此代码的任何评论或问题,我会尽快给您回复...... 就像我说的那样,我测试了这段代码。我创建了所有字段varchar,因此我不确定您是否会遇到任何数据类型或长度问题。

由于您的查询失败但我们不知道为什么......尝试将其重新添加(仅仅这两行,在语句$stmt-execute()附近):

$sql2 = "INSERT INTO members (username, Email, password, com_code, workID, PhoneNumber, userLevel) VALUES ('$username', '$email', '$password', '$com_code', '$workID', '$phoneNumber', '$userLevel')";
print $sql . "<br/>";

然后运行代码并直接在MYSQL中运行输出以查看是否存在任何错误。在这里测试正常值,没有奇怪的标点符号或类似的东西。

这段代码对我而言。我没有使用表单来发布数据,而是使用了以下内容......而将表格更改为MyISAM没有任何区别。我不确定为什么你没有看到任何实际的错误,但它可能是一个简单的事情,如列名拼写错误或某些东西被截断。就像我说的那样,我的表只是每个字段的varchar(255),它不包含你在代码中显示的其他字段。 

$mysqli = new mysqli('localhost', 'root', '', 'test');

$_POST['submit']   = 'submit';

$_POST['username'] = 'username';
$_POST['email']    = 'email';
$_POST['password'] = 'password';
$_POST['workID']   = 'workID';
$_POST['PhoneNumber'] = 'phone number';
$_POST['userLevel']   = 'userlevel';

我不确定为什么这很重要,但你可以尝试在执行语句之后添加它,看看它是否打印出不同的内容:

print "MYSQL error:   " . $stmt->error . "<br/>";
相关问题
最新问题