自昨晚以来我一直坚持这件事,所以最后我决定问你们这个。
我该怎么做才能解决这个问题?有什么错误吗?请帮忙;我是PHP的新手。
<?php
$connection = mysql_connect($HOST,$USER,$PASS) Or Die ("Could not connect to the server");
mysql_select_db($DBNAME, $connection )Or Die ("Could not connect to the server");
error_reporting(0);
if ($_POST['Register']);{
if($_POST['Username'] && $_POST['Password']);
$username = mysql_real_escape_string($_POST['Username']);
$password = mysql_real_escape_string(hash("sha512",$_POST['Password']));
$name ='';
if($_POST['Name']){
$name = mysql_real_escape_string(strip_tags($_POST[name]));
}
$check = mysql_fetch_array(mysql_query("SELECT * FROM 'users' WHERE 'Username'='$username'"));
if ($check != '0'){
die("Uh Oh! That Username has already taken! Try <i>$username" . rand (1,50) . "</i> instead! <a href='register.php'>← Back </a>" );
}
if (!ctype_alnum($username)){
die("Uh hum ! Your username conatins special characters unfortunately they are not permitted ! Only letters and numbers are allowed! <a href='register.php'>← Back </a>");
}
if (strlen($username) >20){
die("Username Cannot contain more than 20 characters <a href='register.php'>← Back </a>");
}
$salt = hash("sha512", rand() .rand(). rand());
mysql_query("INSERT INTO 'users' ('Username','Password','Name','Salt') VALUES('$username','$password','$name','$salt')");
set_cookie("c_user", hash("sha512",$username),time() + 24 * 60 * 60, "/" );
set_cookie("c_salt", $salt, $time () + 24 * 60 * 60, "/");
die ("Congrts ! you are now ready to use Hack With Nick! You are now logged in !");
}
?>
<body style='font-family: sans-serif,verdana;'>
<div style='width: 80%; padding: 5px 15px 5px ; border: 1px solid #e3e3e3; background-color: #fff; color:000 ; margin-left:auto; margin-right:auto;'>
<h1>Register</h1>
<br />
<form action='' method='post' >
<table>
<tr>
<td>
<b>Username:</b>
</td>
<td>
<input type='text' name='username' style='padding: 4px;' />
</td>
</tr>
<tr>
<td>
<b>Password:</b>
</td>
<td>
<input type='password' name='password' style='padding:4px;' />
</td>
</tr>
<tr>
<td>
<b>Name:</b>
</td>
<td>
<input type='text' name='name' style='padding:4px;' />
</td>
</tr>
<tr>
<td>
<input type='submit' name='register' value='Register' />
<td>
</tr>
</table>
</form>
</div>
</body>
答案 0 :(得分:2)
首先,如果启用错误报告会更好。
error_reporting(E_ALL);
ini_set('display_errors','1');
其次,您的输入名称都是较低的,并且您在名称字段中缺少引号,因此您的if语句没有任何支撑使它们无用。同样如上面提到的Iserni:您的SQL代码包含错误,例如用户,而不是&#39;用户&#39; ,如果您不是$time正在尝试使用php的自己的功能,它是time()。
if (isset($_POST['register'])){
if(!empty($_POST['username']) && !empty($_POST['password'])){
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(hash("sha512",$_POST['password']));
$name ='';
if(isset($_POST['name'])){
$name = mysql_real_escape_string(strip_tags($_POST['name']));
}
$check = mysql_query("SELECT * FROM users WHERE 'Username'='$username'");
if (mysql_num_rows($check) != 0){
die("Uh Oh! That Username has already taken! Try <i>$username" . rand (1,50) . "</i> instead! <a href='register.php'>← Back </a>" );
}
if (!ctype_alnum($username)){
die("Uh hum ! Your username conatins special characters unfortunately they are not permitted ! Only letters and numbers are allowed! <a href='register.php'>← Back </a>");
}
if (strlen($username) >20){
die("Username Cannot contain more than 20 characters <a href='register.php'>← Back </a>");
}
$salt = hash("sha512", rand() .rand(). rand());
mysql_query("INSERT INTO users ('Username','Password','Name','Salt') VALUES('$username','$password','$name','$salt')");
set_cookie("c_user", hash("sha512",$username),time() + 24 * 60 * 60, "/" );
set_cookie("c_salt", $salt, time() + 24 * 60 * 60, "/");
die ("Congrts ! you are now ready to use Hack With Nick! You are now logged in !");
}
}