MySQL / PHP不会插入数据库

时间:2014-02-04 01:26:38

标签: php mysql

当人们注册并创建帐户时,我一直在尝试向我的网站添加电子邮件确认系统,但它不会在数据库中添加密钥和用户ID。我遇到的另一个问题是我正在尝试发送确认电子邮件,但电子邮件不会发送。它回显了“消息已成功发送”但当我查看我输入的电子邮件时,却没有收到。在此先感谢您的帮助!是的,我知道mysql很容易被sql注入,但我想用mysql来解决这个问题。

这是我的代码:

编辑:我用$ hin替换了$ insert_confirm,我将表格确认为email_confirmation可能会删除保留字但我仍然收到错误

<?php

require_once '../scripts2/app_config.php';
require_once '../scripts2/database_connection.php';


$upload_dir = HOST_WWW_ROOT . "/uploads/profile_pics/";
$image_fieldname = "user_pic";


$first_name = trim($_REQUEST['first_name']);
$last_name = trim($_REQUEST['last_name']);
$name = $first_name . " " . $last_name;
$username = trim($_REQUEST['username']);
$password = trim($_REQUEST['password']);
$email = trim($_REQUEST['email']);
$bio = trim($_REQUEST['bio']);

if(isset($_POST['submit1'])) {

   if($_POST['picture'] == 'picture1') {
      $radio_value = "/home/users/web/b2620/ipg.knecktcom/testphp/uploads/profile_pics/1387503042-autopicture2.png";
    } else if($_POST['picture'] == 'picture2') {
      $radio_value = "/home/users/web/b2620/ipg.knecktcom/testphp/uploads/profile_pics/1387547040-auto_pic_grey2.png";
    } else if($_POST['picture'] == 'picture3') {
      $radio_value = "/home/users/web/b2620/ipg.knecktcom/testphp/uploads/profile_pics/1387503042-autopicture2.png";
    } else {
      $radio_value = "/home/users/web/b2620/ipg.knecktcom/testphp/uploads/profile_pics/1387503042-autopicture2.png";
   }
}

$bgcolor = "#FF0000";


$check_email = "SELECT `email`" .
                          " FROM users" .
                          " WHERE `email` = '$email'";

$query_email = mysql_query($check_email);

$check_username = "SELECT `username`" .
                                 " FROM users" .
                                 " WHERE `username` = '$username'";
$query_username = mysql_query($check_username);

if(mysql_num_rows($query_email)>0 || mysql_num_rows($query_username)>0 ) {
     if(mysql_num_rows($query_email)>0) {
     $email_msg = "This email is already taken:  {$email}";
     header("Location:signup2.php?error_message={$email_msg}");
     } else if(mysql_num_rows($query_username)>0) {
     $username_msg = "This username is already taken:  {$username}";
     header("Location:signup2.php?error_message={$username_msg}");
     } else {
     $msg = "This email and username is already taken:  {$email} ,  {$username}";
     header("Location:signup2.php?error_message={$msg}");
     }
} else {

$insert_sql = sprintf("INSERT INTO users " .
                              "(first_name, last_name, name, username, " .
                              "password, email, " . 
                              "bio, " .
                              "user_pic_path, bgcolor) " .
    "VALUES ('%s', '%s', '%s', '%s', '%s', '%s',
                         '%s', '%s', '%s');",
         mysql_real_escape_string($first_name),
         mysql_real_escape_string($last_name),
         mysql_real_escape_string($name),
         mysql_real_escape_string($username),
         mysql_real_escape_string(crypt($password, $username)),
         mysql_real_escape_string($email),
         mysql_real_escape_string($bio),
         mysql_real_escape_string($radio_value),
         mysql_real_escape_string($bgcolor));

//insert the user into the database
$insert_user = mysql_query($insert_sql);
$private_user_id = mysql_insert_id();

function generateRandomString($length = 20) {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, strlen($characters) - 1)];
    }
    return $randomString;
}
$private_user_key = generateRandomString();

$hin = sprintf("INSERT INTO email_confirmation " .
                              "(user_id, key) " .
    "VALUES (%d, '%s');",
         mysql_real_escape_string($private_user_id),
         mysql_real_escape_string($private_user_key));

//insert the user into the database
mysql_query($hin);
echo mysql_error();

$name = mysql_real_escape_string($_POST['name']);
$create_user_table = mysql_query("CREATE TABLE `".$email."` ( friend_id INT, friend_status INT)");

if($insert_user && $create_user_table) {

// Email the new user the confirmation key
$to      = $email;
$subject = 'Welcome!';
$message = "
<html>
<head>
  <title>Welcome!</title>
</head>
<body>
  <p>Please click the following link to confirm your email:</p>
  <p><a href=\"confirmation_email.php?user_id=$private_user_id&key=$private_user_key\">Confirm Email</a></p>
</body>
</html>
";
// To send HTML mail, the Content-type header must be set
$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

// Additional headers
$headers .= 'From: Admin <email@email.com>' . "\r\n";

// Mail it
$retval = mail($to, $subject, $message, $headers);
if( $retval == true )
   {
      echo "Message sent successfully...";
      echo "\n" . $to . "\n" . $message . "\n" . "\n" . $subject;
   }
   else
   {
      echo "Message could not be sent...";
   }
}



//Redirect this user to the page that displays user information
// $msg = "Please check your email to confirm your email address";
// header("Location: newuser_signinA.php?error_message={$msg}");
// exit();


}

?>

0 个答案:

没有答案
相关问题
最新问题