信息未提交给MySQL

时间:2014-01-27 22:26:36

标签: php mysql insert

我正在使用PHP和MySQL创建一个简单的登录脚本,不会出现任何错误但由于某种原因提交的信息没有被插入到数据库中。 数据库名为'test'(不带引号)和表'users'(也没有引号)。 表中的列是first_name,last_name,email,pass和registration_date。 这是html表单:

<form action="script4.php" method="post">
    <p>First Name:<input type="text" name="first_name" value="first_name" /></p>
    <p>Last Name:<input type="text" name="last_name" value="last_name" /></p>
    <p>Email: <input type="text" name="email" value="email" /></p>
    <p>Password: <input type="password" name="pass1" value="pass1" /></p>
    <p>Confirm Password: <input type="password" name="pass2" value="pass2"/></p>
    <input type="submit" name="submit" value="register" />
</form>

这是script4.php 

<?php
$first_name = $_POST['first_name'];
$last_name =  $_POST['last_name'];
$email =      $_POST['email'];
$pass1 =      $_POST['pass1'];
$pass2 =      $_POST['pass2'];

require ('mysql_connect.php');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$errors = array();}
if (!empty($_POST['first_name'])) {
$errors[] = "You forgot to enter your first name!";
} else {
$fn = trim($_POST['first_name']);
}
if (!empty($_POST['last_name'])) {
$errors[] = "You forgot to enter your first name!";
} else {
$ln = trim($_POST['last_name']);
}
if (!empty($_POST['email'])) {
$errors[] = "You forgot to enter your first name!";
} else {
$e = trim($_POST['email']);
}
if (!empty($_POST['pass1'])) {
if ($_POST['pass1'] != $_POST['pass2']) {
$errors[] = "Your passwords do not match.";
} else {
$p = trim($_POST['pass1']);}
}else {
$errors[] = "You forgot to enter your password."; 
}
if (empty($errors)) {
require ('mysql_connect.php');
$q = "INSERT INTO users ('first_name', 'last_name', 'email', 'pass',      'registration_date') VALUES ('$first_name', '$last_name', '$email', SHA1('$pass'), NOW()) or   trigger_error('Query Error: ' . mysql_error());";
$r = @mysqli_query ($dbc, $q);
if ($r) {
echo("Thanks");
} else {
echo("We are sorry, you could not be entered at this time.");
echo mysqli_error($dbc);
} }
mysqli_close($dbc);
?>

我知道这个脚本很容易被sql注入,它只是一个测试:) 数据将无法提交。

3 个答案:

答案 0 :(得分:1)

  1. 从列名中删除单引号。
  2. 您正在拨打require ('mysql_connect.php')两次。
  3. 您有多种语法错误。
  4. 您正在分配变量但未调用它们。
  5. 您尝试将$ pass添加到数据库而不是$ pass1。

  6. 我清理了你的代码。

    if($ _SERVER ['REQUEST_METHOD'] =='POST'){     $ errors = array(); 

    $first_name = empty($_POST['first_name']) ? '' : trim($_POST['first_name']);;
$last_name  = empty($_POST['last_name']) ? '' : trim($_POST['last_name']);;
$email      = empty($_POST['email']) ? '' : trim($_POST['email']);;
$pass1 =      empty($_POST['pass1']) ? '' : trim($_POST['pass1']);
$pass2 =      $_POST['pass2'];

if (!$first_name) {
    $errors[] = "You forgot to enter your first name!";
} 

if (!$last_name) {
    $errors[] = "You forgot to enter your first name!";
} 

if (!$email) {
    $errors[] = "You forgot to enter your first name!";
} 

if ($pass1) {
    if ($pass1 != $pass2) {
        $errors[] = "Your passwords do not match.";
    } 
} else {
    $errors[] = "You forgot to enter your password."; 
}

if (empty($errors)) {
    require ('mysql_connect.php');
    $q = "INSERT INTO users (first_name, last_name, email, pass,registration_date) VALUES ('$first_name', '$last_name', '$email', SHA1('$pass1'), NOW()) or   trigger_error('Query Error: ' . mysql_error());";
    $r = @mysqli_query ($dbc, $q);
    if ($r) {
        echo("Thanks");
    } else {
        echo("We are sorry, you could not be entered at this time.");
        echo mysqli_error($dbc);
    } 
    mysqli_close($dbc);
} else { 
  foreach ($errors as $error) echo $error . '<br>';
}

    }

    &GT;

    7. 此外,转义$ _POST数据甚至更好 - 明智地使用预备语句,您可以接受SQL注入。

    希望这有帮助!

答案 1 :(得分:0)

删除所有条件语句中的!

if (!empty($_POST['last_name']))

表示“如果last_name不为空”,因为!。这意味着如果字段不为空,则您的脚本当前显示“错误”。如果脚本显示“错误”,那么最后它不会在数据库中插入值。

它也没有说“我们很抱歉”,因为此声明在您的条件if(empty($errors))内。因此,如果$errors不为空,则直接转到脚本的末尾而不显示任何内容,但无法插入您的值。

所以你应该做的是,例如:

if (empty($_POST['first_name'])) {
    $errors[] = "You forgot to enter your first name!";
} else {
    $fn = trim($_POST['first_name']);
}

最后:

if (empty($errors)) {
    require ('mysql_connect.php');
    $q = "INSERT INTO users (first_name, last_name, email, pass, registration_date) VALUES ($first_name, $last_name, $email, SHA1($pass), NOW());";
    if (@mysqli_query ($dbc, $q)) {
        echo("Thanks");
    } else {
        echo mysqli_error($dbc);
        echo("We are sorry, there is a problem with the database connection.");
    }
} else {
    echo("We are sorry, there are errors in the values you entered.");
}
mysqli_close($dbc);

正如其他人所说,要小心,因为你必须删除require('mysql_connect.php')

之一

答案 2 :(得分:0)

删除第一个require ('mysql_connect.php');

并将以下行更改为类似的内容,因为您的查询和trigger_error

的语法错误 
$q = "INSERT INTO users (first_name, last_name, email, pass, registration_date) VALUES ('$first_name', '$last_name', '$email', SHA1('$pass'), NOW())";
$r = mysqli_query($dbc, $q) or trigger_error('Query Error: ' . mysqli_error($dbc));

删除@并使用链接将mysql_error更改为mysqli_error,否则您将不会收到错误。

if(empty($errors)) {
    require ('mysql_connect.php');
    $q = "INSERT INTO `users` (`first_name`, `last_name`, `email`, `pass`, `registration_date`) VALUES ('$first_name', '$last_name', '$email', SHA1('$pass'), NOW())";
    $r = mysqli_query ($dbc, $q);
    if($r){
        echo "Thanks";
    }else{
        echo "We are sorry, you could not be entered at this time.";
        trigger_error('Query Error: ' .  mysqli_error($dbc));
    }
    mysqli_close($dbc);
}

此外,您应该查看绑定参数,以消除sql注入。

相关问题
最新问题