我不确定此代码有什么问题。我没有收到任何提交错误,但没有发送电子邮件,也没有任何东西被添加到我的服务器。我希望它在提交时重定向。我该怎么做?
<?php
session_start();
include('config-db.php');
if(isset($_POST['submit']))
{
if(isset($_SESSION['error']))
{
header("Location: index.php");
exit;
}
else
{
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$workID = $_POST['workID'];
$phoneNumber = $_POST['PhoneNumber'];
$userLevel = $_POST['userLevel'];
$com_code = md5(uniqid(rand()));
$sql2 = "INSERT INTO members (username, Email, password, com_code, workID, PhoneNumber, userLevel) VALUES ('$username', '$email', '$password', '$com_code', '$workID', '$phoneNumber', '$userLevel')";
$result2 = mysqli_query($mysqli,$sql2) or die(mysqli_error());
if($result2)
{
$to = $email;
$subject = "Confirmation from TutsforWeb to $username";
$header = "TutsforWeb: Confirmation from TutsforWeb";
$message = "Please click the link below to verify and activate your account. rn";
$message .= "http://www.yourname.com/confirm.php?passkey=$com_code";
$sentmail = mail($to,$subject,$message,$header);
}
}
}
?>
答案 0 :(得分:0)
尝试并使用它来调试。这不是一个真正的解决方案,但它可以帮助您更轻松地找到问题的根源。我知道我们都对你“应该”做了什么做了很多不同的评论。这包装了一切。您应该能够直接复制并粘贴代码并使其正常工作。我确实为你测试过。
我向您展示了如何正确使用mysqli
来防止SQL注入......既然您已经在mysql中使用该类(好工作,顺便说一句),您应该充分利用其功能。
对于生产代码,您需要删除所有 debug 语句,以便不向用户打印应保密的信息。
此外 - 密码不应以明文保存 。你应该剃掉它的哈希版本。哈希基本上只是单向加密。这实际上取决于您希望如何散列密码的PHP版本...
<?php
// remember to remove/comment out the debug statements after use
session_start();
$included_db = include('config-db.php');
// debug statement to see if file was included
echo 'config-db.php was ' . (($included_db) ? '' : 'not ') . 'successfully included <br/>';
// debug statement to see what exactly is in post
echo "<pre>\$_POST['submit'] contains: \n".print_r($_POST,true)."</pre>";
if (isset($_POST['submit']))
{
if (isset($_SESSION['error']))
{
header("Location: index.php");
exit;
}
else
{
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$workID = $_POST['workID'];
$phoneNumber = $_POST['PhoneNumber'];
$userLevel = $_POST['userLevel'];
$com_code = md5(uniqid(rand()));
$query = "INSERT INTO members (username, email, password, com_code, workID, PhoneNumber, userLevel)
VALUES (?, ?, ?, ?, ?, ?, ?)";
// preparing and binding a query with mysqli_
// protects against sql injection
if ($stmt = $mysqli->prepare($query))
{
$com_code = md5(uniqid(rand()));
// bind parameters for markers in correct order
$stmt->bind_param("sssssss", $username, $email, $password,
$com_code, $workID, $phoneNumber,
$userLevel);
// run the statement
$success = $stmt->execute();
if ($success)
{
$to = $username;
$subject = "Confirmation from TutsforWeb to $username";
$header = "TutsforWeb: Confirmation from TutsforWeb";
$message = "Please click the link below to verify and activate your account. rn";
$message .= "http://www.yourname.com/confirm.php?passkey=$com_code";
// debug statement to make sure the to field is not empty
if (empty($username)) print "Warning: The username is empty <br/>.";
$sentmail = mail($to, $subject, $message, $header);
// debug statements to see if the mail was sent or not
if ($sentmail) { print "The mail was sent successfully.<br/>"; }
else { print "The mail did NOT send successfully.<br/>"; }
}
else
{
// debug for the insert query failure..
echo "The query failed to run. <br/>";
echo "<pre>\$mysqli->error_list contains: \n".print_r($mysqli->error_list,true)."</pre>";
}
}
else
{
// debug statement
echo "the query could not be prepared correctly. <br/>";
}
} // end of (isset($_SESSION['error']))
} // end of (isset($_POST['submit']))
else
{
// debug statement to say $_POST['submit'] was not set
echo "\$_POST['submit'] was not set. <br/>";
}
?>
请随时留下有关此代码的任何评论或问题,我会尽快给您回复...... 就像我说的那样,我测试了这段代码。我创建了所有字段varchar,因此我不确定您是否会遇到任何数据类型或长度问题。
由于您的查询失败但我们不知道为什么......尝试将其重新添加(仅仅这两行,在语句$stmt-execute()
附近):
$sql2 = "INSERT INTO members (username, Email, password, com_code, workID, PhoneNumber, userLevel) VALUES ('$username', '$email', '$password', '$com_code', '$workID', '$phoneNumber', '$userLevel')";
print $sql . "<br/>";
然后运行代码并直接在MYSQL中运行输出以查看是否存在任何错误。在这里测试正常值,没有奇怪的标点符号或类似的东西。
这段代码对我而言。我没有使用表单来发布数据,而是使用了以下内容......而将表格更改为MyISAM没有任何区别。我不确定为什么你没有看到任何实际的错误,但它可能是一个简单的事情,如列名拼写错误或某些东西被截断。就像我说的那样,我的表只是每个字段的varchar(255),它不包含你在代码中显示的其他字段。
$mysqli = new mysqli('localhost', 'root', '', 'test');
$_POST['submit'] = 'submit';
$_POST['username'] = 'username';
$_POST['email'] = 'email';
$_POST['password'] = 'password';
$_POST['workID'] = 'workID';
$_POST['PhoneNumber'] = 'phone number';
$_POST['userLevel'] = 'userlevel';
我不确定为什么这很重要,但你可以尝试在执行语句之后添加它,看看它是否打印出不同的内容:
print "MYSQL error: " . $stmt->error . "<br/>";