不会将数据保存到数据库

时间:2014-02-06 18:32:08

标签: php mysql sql database

您好我的测试网站不会在数据库中保存任何类型的数据,因此当我注册它不会将其保存到数据库,所以我无法登录。有人可以解释代码有什么问题,并告诉我如何解决它谢谢! 继承人代码

注册码:

$reg = @$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; // Password 2
$d = ""; // Sign up Date
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(@$_POST['fname']);
$ln = strip_tags(@$_POST['lname']);
$un = strip_tags(@$_POST['username']);
$em = strip_tags(@$_POST['email']);
$em2 = strip_tags(@$_POST['email2']);
$pswd = strip_tags(@$_POST['password']);
$pswd2 = strip_tags(@$_POST['password2']);
$d = date("Y-m-d"); // Year - Month - Day

if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
// Count the amount of rows where username = $un
$check = mysql_num_rows($u_check);
//Check whether Email already exists in the database
$e_check = mysql_query("SELECT email FROM users WHERE email='$em'");
//Count the number of rows returned
$email_check = mysql_num_rows($e_check);
if ($check == 0) {
  if ($email_check == 0) {
//check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>30||strlen($fn)>30||strlen($ln)>30) {
echo "The maximum limit for username/first name/last name is 30 characters!";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0','Write something about yourself.','','','no')");
die("<h2>Welcome to test</h2>Login to your account to get started");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
 echo "Sorry, but it looks like someone has already used that email!";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}

连接代码

<?php
mysql_connect("localhost","root","") or die ("Cant Connect To DataBase!");
mysql_select_db("test") or die ("Cant Select DataBase");
?>

and the tabel
CREATE TABLE IF NOT EXISTS `users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `username` varchar(255) NOT NULL,
  `first_name` varchar(255) NOT NULL,
  `last_name` varchar(255) NOT NULL,
  `email` varchar(255) NOT NULL,
  `password` varchar(32) NOT NULL,
  `sign_up_date` date NOT NULL,
  `activated` enum('0','1') NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

1 个答案:

答案 0 :(得分:0)

<?php 
    // CHECK IF THE FORM HAS BEEN SUBMITTED
    if (isset($_POST['REG'])) {
        /* these are the columns to be filled
        username
        first_name
        last_name
        email
        password
        sign_up_date
        activated
        */
        // GATHER VARIABLES, as we are sure the form has been requested via $_POST there is no need to 'declare' variables
        $first_name = trim($_POST['first_name']);
        $last_name = trim($_POST['last_name']);
        $username = trim($_POST['username']);
        // JUST USING ONE EMAIL VARIABLE, BOTH EMAILS BEING THE SAME SHOULD BE CLIENT-VALIDATED
        $email = trim($_POST['email']);
        // THE SAME AS ABOVE WITH PASS
        $password = trim($_POST['password']);
        $date = trim($_POST['date']);
        $acive = trim($_POST['acive']);

        // THIS FUNCTION TESTS FOR EMPTY STRINGS, SELECTS SET TO 0 AND EMPTY ARRAYS
        function test_valid() {
            $args = func_get_args();
            foreach ($args as $value) {
                if ($value === 0 || $value == '' || empty($value)) {
                    return false;
                } else {
                    $foo = true;
                }
            }
            return $foo;
        }

        // MAKE THE TEST
        if (test_valid($first_name, $last_name, $username, $email)) {
            // CONTINUE TO THE DATABASE

            // CONNECT TO THE DATABASE USING PDO
            $conn = new PDO('mysql:host=YOURHOST;dbname=YOURDBNAME', 'YOURUSER', 'YOURPASS');
            $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

            // PREPARE THE STATEMENT TO CHECK THE VALUES IN THE DATABASE
            $stmt = $conn->prepare("SELECT id, username, email FROM users WHERE username = :username OR email = :email ORDER BY id DESC LIMIT 1");

            // BIND THE PARAMETERS TO THE :thingy's
            $stmt->bindParam(':username', $username, PDO::PARAM_STR);
            $stmt->bindParam(':email', $email, PDO::PARAM_STR);
            $stmt->execute();

            //get an array containing arrays<- these ones being the rows of the query
            $result = $stmt->fetchAll();

            if (empty($result)) {

                $password = crypt($password, $username);

                $stmt = $conn->prepare("INSERT INTO users VALUES ('', :username , :first_name , :last_name , :email , :password , NOW(), 0)");
                $stmt->bindParam(':username', $username, PDO::PARAM_STR);
                $stmt->bindParam(':first_name', $first_name, PDO::PARAM_STR);
                $stmt->bindParam(':last_name', $last_name, PDO::PARAM_STR);
                $stmt->bindParam(':email', $email, PDO::PARAM_STR);
                $stmt->bindParam(':password', $password, PDO::PARAM_STR);
                $stmt->execute();

            } else {
                //there were matching rows, therefore the username or the e-mail were already registered
            }

        } else {
            //there were invalid parameters in the form
        }


    } else {
        // form was not submitted
    }
?>

您应该更详细地描述您要实现的目标,这可能不是完美的答案/解决方案/代码,但它更清晰,并且使用PDO的bindParam来避免SQL注入和PHP的crypt(),优于mdf5 See the post in thecodinglove

另外,开始学习的好地方(我用过它)是Tutsplus和Jeffrey Way,我见过的最好的初学者PHP-MySQL教程。

使用E_ALL

查看php的错误也会有所帮助

希望这可以帮助您进行测试。