好的,对于所有PHP / MYSQL专家来说,这可能非常简单,但我只是在学习,而且我遇到了障碍。我在HTML中创建了一个注册表单,我希望用PHP在MSQL数据库中插入用户输入信息。
这是我的表格:
<form action="" method="post">
<p>First Name: <br><input type="text" name="user_firstname" size="25 maxlength="25"/</p>
<p>Last Name: <br><input type="text" name="user_lastname" size="25" maxlength="25" /></p>
<p>Email Address: <br><input type="email" id="email" name="user_email" size="25" maxlength="40"/><p>
<p>Create a Password: <br><input type="password" name="user_password" size="25" maxlength="40"/></p>
<p><br><input type="submit" value="register"/></p>
</form>
这是我的PHP代码:
$host = "localhost";
$user = "root";
$password = "";
$database = "listings_db";
$tbl_name = "users"
$link = mysqli_connect($host, $user, $password, $database) or die("Error " . mysqli_error($link));
if (isset($_POST['user_firstname'],
$_POST['user_lastname'],
$_POST['user_email'],
$_POST['user_password'],
$_POST['user_type']))
{
$firstname = $_POST['user_firstname'];
$lastname = $_POST['user_lastname'];
$email = $_POST['user_email'];
$password = $_POST['user_password'];
$type = $_POST['user_type'];
$errors = array();
if(empty($firstname)
|| empty($lastname)
|| empty($email)
|| empty($email)
|| empty($password)
|| empty($type))
{$errors [] = '*All fields are required!';}
else {
if(filter_var($email, FILTER_VALIDATE_EMAIL) === false)
{$errors[] = '*The email address you entered is not valid!' ;}
if(strlen($firstname) > 25) {$errors[] = '*The email address you entered contains too many characters!';}
if(strlen($lastname) > 25) {$errors[] = '*The first name you entered contains too many characters!';}
if(strlen($email) > 40) {$errors[] = '*The last name you entered contains too many characters!';}
if(strlen($password) > 40) {$errors[] = '*The password you entered contains too many characters!';}
if(strlen($type) != true){$errors[] = '*Please select an account type!';}
}
$firstname1 = mysqli_real_escape_string($firstname);
$lastname1 = mysqli_real_escape_string($lastname);
$email1 = mysqli_real_escape_string($email);
$password1 = mysqli_real_escape_string($password);
$query = mysqli_query($link, "INSERT INTO users (user_id, user_firstname, user_lastname, user_email, user_password) VALUES ('', '$firstname', '$lastname', '$email', '$password')");
}
我的代码出了什么问题?在此先感谢您的帮助!
答案 0 :(得分:5)
如果你是PHP / MySQL的新手,你真的不应该开始使用程序风格,因为它很笨,真的不推荐。如果您现在掌握OOP(面向对象编程),从长远来看它将为您省去麻烦!
示例:
mysqli_connect($host, $user, $password, $database) or die("Error " . mysqli_error($link));
应该成为
$conn = new mysqli($host, $user, $password, $database);
// check connection
if ($conn->connect_error) {
trigger_error('Database connection failed: ' . $conn->connect_error, E_USER_ERROR);
}
和
$firstname1 = mysqli_real_escape_string($firstname);
到
$firstname1 = $conn->real_escape_string($firstname);
当你使用OOP编写高级PHP(即类等)时,已经在那个面条中了!
无论如何,你有这个问题:
1。您错过了结束&gt;来自您的第一个表单元素
<p>First Name: <br><input type="text" name="user_firstname" size="25 maxlength="25"/></p>
2. 您还请求了尚未设置为表单元素的帖子数据“user_type”
3 你已经为变量添加了1,这不是必需的(而且你没有将1添加到查询中,理想情况下你应该重命名它们以使它们合乎逻辑)
$firstname1 = mysqli_real_escape_string($firstname);
$lastname1 = mysqli_real_escape_string($lastname);
$email1 = mysqli_real_escape_string($email);
$password1 = mysqli_real_escape_string($password);
应改为
$firstname_escaped = mysqli_real_escape_string($firstname);
$lastname_escaped = mysqli_real_escape_string($lastname);
$email_escaped = mysqli_real_escape_string($email);
$password_escaped = mysqli_real_escape_string($password);
4 您不需要INSERT列(应设置为自动增量),因为它会自动执行
$query = mysqli_query($link, "INSERT INTO users (user_id, user_firstname, user_lastname, user_email, user_password) VALUES ('', '$firstname', '$lastname', '$email', '$password')");
应该是
$query = mysqli_query($link, "INSERT INTO users (user_firstname, user_lastname, user_email, user_password) VALUES ('$firstname', '$lastname', '$email', '$password')");
<强> 5 !!!!您没有加密输入数据库的密码!!!!! 至少应该用
来打击那个傻瓜 $password = md5($_POST['user_password']); //added md5 encryption
虽然强烈建议使用PHPass library,因为它使用PHP的crypt()功能,而不必解决所有问题!
答案 1 :(得分:0)
<p>First Name: <br><input type="text" name="user_firstname" size="25 maxlength="25"/</p>
更改为,因为缺少>
<p>First Name: <br><input type="text" name="user_firstname" size="25 maxlength="25"/></p>
和
$_POST['user_type']不存在于HTML中或在PHP中声明。
和
您的变量是
('', '$firstname1', '$lastname1', '$email1', '$password1')
答案 2 :(得分:0)
我建议您使用HTML5&#39; required&#39;和&#39;模式&#39;属性,你的PHP代码会短得多。
<form action="" method="post">
<p>First Name: <br><input type="text" name="user_firstname" size="25" maxlength="25" pattern="[A-Za-z]{1,25}" required /></p>
<p>Last Name: <br><input type="text" name="user_lastname" size="25" maxlength="25" pattern="[A-Za-z]{1,25}" required /></p>
<p>Email Address: <br><input type="email" id="email" name="user_email" size="25" maxlength="40" pattern="[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,4}$" required /><p>
<p>Create a Password: <br><input type="password" name="user_password" size="25" maxlength="40" pattern="[A-Za-z0-9]{8,40}" required /></p>
<p><br><input type="submit" value="register"/></p>
</form>
PHP脚本:
$host = "localhost";
$user = "root";
$password = "";
$database = "listings_db";
$tbl_name = "users";
$link = mysqli_connect($host, $user, $password, $database) or die("Error " . mysqli_error($link));
$firstname = mysqli_real_escape_string($_POST['user_firstname']);
$lastname = mysqli_real_escape_string($_POST['user_lastname']);
$email = mysqli_real_escape_string($_POST['user_email']);
$password = mysqli_real_escape_string($_POST['user_password']);
$query = mysqli_query($link, "INSERT INTO $tbl_name (user_firstname, user_lastname, user_email, user_password) VALUES ('$firstname', '$lastname', '$email', '$password')");