您好我的测试网站不会在数据库中保存任何类型的数据,因此当我注册它不会将其保存到数据库,所以我无法登录。有人可以解释代码有什么问题,并告诉我如何解决它谢谢! 继承人代码
注册码:
$reg = @$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; // Password 2
$d = ""; // Sign up Date
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(@$_POST['fname']);
$ln = strip_tags(@$_POST['lname']);
$un = strip_tags(@$_POST['username']);
$em = strip_tags(@$_POST['email']);
$em2 = strip_tags(@$_POST['email2']);
$pswd = strip_tags(@$_POST['password']);
$pswd2 = strip_tags(@$_POST['password2']);
$d = date("Y-m-d"); // Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
// Count the amount of rows where username = $un
$check = mysql_num_rows($u_check);
//Check whether Email already exists in the database
$e_check = mysql_query("SELECT email FROM users WHERE email='$em'");
//Count the number of rows returned
$email_check = mysql_num_rows($e_check);
if ($check == 0) {
if ($email_check == 0) {
//check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>30||strlen($fn)>30||strlen($ln)>30) {
echo "The maximum limit for username/first name/last name is 30 characters!";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0','Write something about yourself.','','','no')");
die("<h2>Welcome to test</h2>Login to your account to get started");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
echo "Sorry, but it looks like someone has already used that email!";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}
连接代码
<?php
mysql_connect("localhost","root","") or die ("Cant Connect To DataBase!");
mysql_select_db("test") or die ("Cant Select DataBase");
?>
and the tabel
CREATE TABLE IF NOT EXISTS `users` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(255) NOT NULL,
`first_name` varchar(255) NOT NULL,
`last_name` varchar(255) NOT NULL,
`email` varchar(255) NOT NULL,
`password` varchar(32) NOT NULL,
`sign_up_date` date NOT NULL,
`activated` enum('0','1') NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
答案 0 :(得分:0)
<?php
// CHECK IF THE FORM HAS BEEN SUBMITTED
if (isset($_POST['REG'])) {
/* these are the columns to be filled
username
first_name
last_name
email
password
sign_up_date
activated
*/
// GATHER VARIABLES, as we are sure the form has been requested via $_POST there is no need to 'declare' variables
$first_name = trim($_POST['first_name']);
$last_name = trim($_POST['last_name']);
$username = trim($_POST['username']);
// JUST USING ONE EMAIL VARIABLE, BOTH EMAILS BEING THE SAME SHOULD BE CLIENT-VALIDATED
$email = trim($_POST['email']);
// THE SAME AS ABOVE WITH PASS
$password = trim($_POST['password']);
$date = trim($_POST['date']);
$acive = trim($_POST['acive']);
// THIS FUNCTION TESTS FOR EMPTY STRINGS, SELECTS SET TO 0 AND EMPTY ARRAYS
function test_valid() {
$args = func_get_args();
foreach ($args as $value) {
if ($value === 0 || $value == '' || empty($value)) {
return false;
} else {
$foo = true;
}
}
return $foo;
}
// MAKE THE TEST
if (test_valid($first_name, $last_name, $username, $email)) {
// CONTINUE TO THE DATABASE
// CONNECT TO THE DATABASE USING PDO
$conn = new PDO('mysql:host=YOURHOST;dbname=YOURDBNAME', 'YOURUSER', 'YOURPASS');
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// PREPARE THE STATEMENT TO CHECK THE VALUES IN THE DATABASE
$stmt = $conn->prepare("SELECT id, username, email FROM users WHERE username = :username OR email = :email ORDER BY id DESC LIMIT 1");
// BIND THE PARAMETERS TO THE :thingy's
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
//get an array containing arrays<- these ones being the rows of the query
$result = $stmt->fetchAll();
if (empty($result)) {
$password = crypt($password, $username);
$stmt = $conn->prepare("INSERT INTO users VALUES ('', :username , :first_name , :last_name , :email , :password , NOW(), 0)");
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->bindParam(':first_name', $first_name, PDO::PARAM_STR);
$stmt->bindParam(':last_name', $last_name, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->bindParam(':password', $password, PDO::PARAM_STR);
$stmt->execute();
} else {
//there were matching rows, therefore the username or the e-mail were already registered
}
} else {
//there were invalid parameters in the form
}
} else {
// form was not submitted
}
?>
您应该更详细地描述您要实现的目标,这可能不是完美的答案/解决方案/代码,但它更清晰,并且使用PDO的bindParam来避免SQL注入和PHP的crypt(),优于mdf5 See the post in thecodinglove
另外,开始学习的好地方(我用过它)是Tutsplus和Jeffrey Way,我见过的最好的初学者PHP-MySQL教程。
使用E_ALL
希望这可以帮助您进行测试。