所以我是一个新手,对于php / mysql,我想在你问之前看到一些代码
这是我在数据库中的两个表
网站用户(我的注册页面)
CREATE TABLE WebsiteUsers
(
userID int(9) NOT NULL auto_increment,
fullname VARCHAR(50) NOT NULL,
userName VARCHAR(40) NOT NULL,
email VARCHAR(40) NOT NULL,
pass VARCHAR(40) NOT NULL,
PRIMARY KEY(userID)
);
和用户名(登录页面的mysql)
CREATE TABLE UserName
(
UserNameID int(9) NOT NULL auto_increment,
userName VARCHAR(40) NOT NULL,
pass VARCHAR(40) NOT NULL,
PRIMARY KEY(UserNameID)
);
这是我的两个php脚本
connectivity.php(登录页面)
<?php
define('DB_HOST', 'localhost');
define('DB_NAME', 'hhh');
define('DB_USER','root');
define('DB_PASSWORD','');
$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
/*
$ID = $_POST['user'];
$Password = $_POST['pass'];
*/
function SignIn()
{
session_start(); //starting the session for user profile page
if(!empty($_POST['user'])) //checking the 'user' name which is from Sign-In.html, is it empty or have some text
{
$query = mysql_query("SELECT * FROM UserName where userName = '$_POST[user]' AND pass = '$_POST[pass]'") or die(mysql_error());
$row = mysql_fetch_array($query) or die(mysql_error());
if(!empty($row['userName']) AND !empty($row['pass']))
{
$_SESSION['userName'] = $row['pass'];
echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
}
else
{
echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY...";
}
}
}
if(isset($_POST['submit']))
{
SignIn();
}
?>
和connectivity-sign-up.php(用于注册页面)
<?php
define('DB_HOST', 'localhost');
define('DB_NAME', 'hhh');
define('DB_USER','root');
define('DB_PASSWORD','');
$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
function NewUser()
{
$fullname = $_POST['name'];
$userName = $_POST['user'];
$email = $_POST['email'];
$password = $_POST['pass'];
$query = "INSERT INTO websiteusers (fullname,userName,email,pass) VALUES ('$fullname','$userName','$email','$password')";
$data = mysql_query ($query)or die(mysql_error());
if($data)
{
echo "YOUR REGISTRATION IS COMPLETED...";
}
}
function SignUp()
{
if(!empty($_POST['user'])) //checking the 'user' name which is from Sign-Up.html, is it empty or have some text
{
$query = mysql_query("SELECT * FROM websiteusers WHERE userName = '$_POST[user]' AND pass = '$_POST[pass]'") or die(mysql_error());
if(!$row = mysql_fetch_array($query) or die(mysql_error()))
{
newuser();
}
else
{
echo "SORRY...YOU ARE ALREADY REGISTERED USER...";
}
}
}
if(isset($_POST['submit']))
{
SignUp();
}
?>
所以我的问题是如何在用户注册时将其自动插入我的用户名数据库?
EDIT 不,我已将它连接到一个表,并已将其更改为mysqli但仍然收到此错误..
注意:未定义的变量:第12行的C:\ xampp \ htdocs \ test2 \ Sign-in \ connectivity.php中的con
警告:mysqli_query()要求参数1为mysqli,在第12行的C:\ xampp \ htdocs \ test2 \ Sign-in \ connectivity.php中给出null
注意:未定义的变量:第12行的C:\ xampp \ htdocs \ test2 \ Sign-in \ connectivity.php中的con
警告:mysqli_error()要求参数1为mysqli,在第12行的C:\ xampp \ htdocs \ test2 \ Sign-in \ connectivity.php中给出null
答案 0 :(得分:0)
你只需要一张桌子。当他们注册时将它们插入数据库然后调用登录函数并在登录过程中使用$ _SESSION cookie将它们标记为已登录。另外,对于上帝的爱,你要求注入攻击。不推荐使用mysql_query使用PDO或MySQLi并使用参数。
答案 1 :(得分:0)
编辑使用mysqli _:
<?php
$DB_HOST= "localhost";
$DB_NAME = "hhh";
$DB_USER = "root";
$DB_PASSWORD= "";
$con= mysqli_connect($DB_HOST,$DB_USER,$DB_PASSWORD,$DB_NAME) or die("Failed to connect to MySQL");
function SignIn($con)
{
session_start();
if(!empty($_POST['user'])){
$query = mysqli_query($con,"SELECT * FROM websiteusers WHERE userName = '$_POST[user]' AND pass = '$_POST[pass]'") or die(mysqli_error($con)); //changed
$row = mysqli_fetch_array($query) or die(mysqli_error($con));
if(!empty($row['userName']) && !empty($row['pass'])) //changed to a more modern operator
{
$_SESSION['userName'] = $row['pass'];
echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
}
else
{
echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY...";
}
}
}
if(isset($_POST['submit']))
{
SignIn($con);
}
?>