表单回应成功而无需向数据库提交任何内容。我的流量控制有问题吗?
这是代码。
我真的不知道为什么它没有提交我的信息。
<?php
//Includes mass includes containing all the files needed to execute the full script
//Also shows homepage elements without customs
include ("includes/mass.php");
//Grabbing data form POST array and storing in variables plus the date
$username = ($_POST['username']);
$password = ($_POST['password']);
$conpassword= ($_POST['password2']);
$firstname = ($_POST['firstname']);
$lastname = ($_POST['lastname']);
$email = ($_POST['email']);
$submit = ($_POST['submit']);
$date = date("Y-m-d");
//Reigstration Form
$register = "<div id='registration'>
<h2>Register Here!</h2>
<form action='register.php' method='post'>
<table>
<tr>
<td>
Username
</td>
<td>
<input type='text' name='username' value='$username' >
</td>
</tr>
<tr>
<td>
Password
</td>
<td>
<input type='password' name ='password'>
</td>
</tr>
<tr>
<td>
Confirm Password
</td>
<td>
<input type='password' name ='password2'>
</td>
</tr>
<tr>
<td>
Firstname
</td>
<td>
<input type='text' name='firstname' value='$firstname'>
</td>
</tr>
<tr>
<td>
Lastname
</td>
<td>
<input type='text' name='lastname' value='$lastname' >
</td>
</tr>
<tr>
<td>
Email
</td>
<td>
<input type='text' name='email' value= '$email' >
</td>
</tr>
<tr>
<td>
<input type='submit' class='button' name='submit' value='Sign Up'>
</td>
</tr>
</table>
</form>
</div>";
echo $register;
//Check to make sure user has submitted the correct details
echo "<div id='regform'>";
if (isset($submit))
{
//Querying the database for if the username already exists
$sql = "SELECT * FROM user WHERE username = '$username'";
$query = mysql_query($sql);
$numrows = mysql_num_rows($query);
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if (strlen($username)<2)
{
echo ("<br>You must enter a longer username</br>");
exit;
}
elseif (strlen($username) > 25)
{
echo ("You must enter a shorter username<br>");
exit;
}
if ($username==$dbusername)
{
echo ("That username already exists!");
exit;
}
elseif (strlen($password)<6)
{
echo ("<br>'Password must be be between 6 & 26 characters'<br>");
exit;
}
if ($password != $conpassword)
{
echo ("<br>Your passwords dont match<br>");
exit;
}
elseif (strlen($firstname)<=0)
{
echo ("<br>You must enter your firstname<br>");
exit;
}
if (strlen($lastname)<=0)
{
echo ("<br>You must enter your lastname<br>");
exit;
}
elseif (!preg_match('/@/',$email) || (strlen($email)<=6) )
{
echo ("</br>You must enter a proper email address!");
exit;
}
if (!isset($password))
{
echo "You must enter a password!";
exit;
}
elseif (!isset($conpassword))
{
echo ("You must confirm your password");
exit;
}
else
{
//Encrypt the password
$password = md5($password);
$conpassword = md5($conpassword);
//Start Session
session_start();
//push this information to the database
//Submit data to database plus store exec into variable.
$sqlsubmit ="INSERT INTO user VALUES ('','$firstname','$lastname','$username','$password','$email','$date',)";
mysql_query($sqlsubmit);
//echo success.
echo "successfully submitted to the database"."<br>"."<a href='user.php'>Click Here To Go To Your Accont</a>";
exit;
}
}
elseif(!isset($submit))
{
echo "</br>"."Enter your info here!!!!! :))";
}
echo "</div>";
?>
2 个答案:
答案 0 :(得分:2)
Pekka以及评论都是一个州......但由于非常重要,我将在另一个(社区维基)答案中重复:
此代码容易受到最恶劣的SQL注入攻击。
您的代码绝对不安全。不应该使用它,不能找借口。在继续操作之前,请先阅读SQL-Injection和input sanitisation。
<小时/>
http://xkcd.com/327/
答案 1 :(得分:1)
更新:正如Quassnoi如此巧妙地指出,您迫切需要保护您的输入。请参阅PHP手册中的SQL Injection一章。
查询失败,因为您在行尾有一个额外的逗号:
$sqlsubmit ="INSERT INTO user VALUES
('','$firstname','$lastname','$username','$password','$email','$date',)";
使用echo mysql_error();查找此类错误。
此外,无论查询是否失败,都会输出成功消息。 您想添加条件:
if (mysql_query($sqlsubmit))
echo "successfully submitted ...";
else
echo "error submitting ..... ".mysql_error();
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?