Question

你好我在屏幕运行时没有任何php问题，但我也没有在数据库中的任何活动，信息没有INSERTED。我将在下一步解决这个问题？谢谢你帮助我们。

请参阅代码：http://businesstrends.co.il/learn/probcode.php

此外，我想获得有关如何使其更安全的更多信息。

if(isset($_POST['submits'])){
    $connect = mysql_connect("localhost","root","","");
    function secure($secure){
        mysql_real_escape_string($secure);
    }
    $username = secure($_POST['username']);
    $password = secure($_POST['password']);
    $repassword = secure($_POST['repassword']);
    $firstname = secure($_POST['firstname']);
    $lastname = secure($_POST['lastname']);
    $fullname = $firstname." ".$lastname;
    $BirthDayDay = secure($_POST['BirthDayDay']);
    $BirthDayMonth = secure($_POST['BirthDayMonth']);
    $BirthDayYear = secure($_POST['BirthDayYear']);
    $birthday = $BirthDayDay."/".$BirthDayMonth."/".$BirthDayYear;
    $email = secure($_POST['email']);
    $acceptterms = secure($_POST['acceptterms']);

    /* echo $username."<br>".$password."<br>".$repassword."<br>".$firstname."<br>".$lastname."<br>".$birthday."<br>".$email."<br>".$acceptterms; */
    if(isset($acceptterms)){
        if(empty($username) && empty($password) && empty($repassword) && empty($firstname) && empty($lastname) && empty($BirthDayDay) && empty($BirthDayMonth) && empty($BirthDayYear) && empty($email) && empty($acceptterms)){
            echo "אחד מן השדות ריקים";
        }else{
            if($password == $repassword){
                if(mysql_query("SELECT username FROM users WHERE $username == username ") == 0){
                    if(mysql_query("SELECT email FROM users WHERE $email == email ") == 0){
                        mysql_query("INSERT INTO users (ID, fullname, username, password, email, birthday, tags, gold, activation) VALUES ('NULL', '$fullname', '$username', '$password', '$email', '$birthday', 'belarge', '0', '0')");
                        echo $fullname."נרשמת בהצלחה לאתר בשם המשתמש:".$username.".";
                        mysql_close($connect);
                    }else{
                        echo "האימייל בשימוש";
                        mysql_close($connect);
                    }
                }else{
                    echo "שם משתמש בשימוש";
                    mysql_close($connect);
                }
            }else{
                echo "הסיסמאות אינן תואמות";
                mysql_close($connect);
            }
        }
    }else{
        echo "לא אישרתם תקנון!";
        mysql_close($connect);
    }
}

Answer 1

变化：

if(mysql_query("SELECT username FROM users WHERE $username == username ") == 0){
                    if(mysql_query("SELECT email FROM users WHERE $email == email ") == 0){
                        mysql_query("INSERT INTO users (ID, fullname, username, password, email, birthday, tags, gold, activation) VALUES ('NULL', '$fullname', '$username', '$password', '$email', '$birthday', 'belarge', '0', '0')");
                        echo $fullname."נרשמת בהצלחה לאתר בשם המשתמש:".$username.".";
                        mysql_close($connect);
                    }else{
                        echo "האימייל בשימוש";
                        mysql_close($connect);
                    }
                }

要：

if(mysql_num_rows(mysql_query("SELECT username FROM users WHERE '$username' = username ")) == 0){
    if(mysql_num_rows(mysql_query("SELECT email FROM users WHERE '$email' = email ")) == 0){
        mysql_query("INSERT INTO users (ID, fullname, username, password, email, birthday, tags, gold, activation) VALUES ('NULL', '$fullname', '$username', '$password', '$email', '$birthday', 'belarge', '0', '0')");
        echo $fullname."נרשמת בהצלחה לאתר בשם המשתמש:".$username.".";
        mysql_close($connect);
    }else{
        echo "האימייל בשימוש";
        mysql_close($connect);
    }
}

记住'NULL'是一个字符串，但NULL为空。 MySql执行 NOT 使用==进行相等性检查（它使用=）。

P.S：从PHP 5.5.0开始，mysql扩展名为deprecated，将来会被删除。相反，应使用MySQLi或PDO_MySQL扩展名。请不要使用mysql_ *来开发新代码。

插入查询不起作用

1 个答案: