我在将数据插入数据库表时遇到问题。我检查了从表字段到表单字段的所有内容。一切都很好,甚至print_r打印结果,但数据没有插入数据库。它返回空结果集。 我的表格代码
<?php include('header.php'); ?>
<div class="page container">
<div class="row col-12 register-page">
<form class="form-horizontal" role="form" action="register-process.php" method="post">
<div class="form-group">
<label for="firstname" class="col-sm-2 control-label">First Name</label>
<div class="col-sm-10">
<input type="text" class="form-control" id="firstname" name="firstname"
placeholder="Enter First Name">
</div>
</div>
<div class="form-group">
<label for="lastname" class="col-sm-2 control-label">Last Name</label>
<div class="col-sm-10">
<input type="text" class="form-control" id="lastname" name="lastname"
placeholder="Enter Last Name">
</div>
</div>
<div class="form-group">
<label for="email" class="col-sm-2 control-label">Email</label>
<div class="col-sm-10">
<input type="text" class="form-control" id="email" name="email"
placeholder="Enter Your Email">
</div>
</div>
<div class="form-group">
<label for="password" class="col-sm-2 control-label">Password</label>
<div class="col-sm-10">
<input type="password" class="form-control" id="password" name="password"
placeholder="Enter your password">
</div>
</div>
<div class="form-group">
<label for="confirm-password" class="col-sm-2 control-label">Confirm Password</label>
<div class="col-sm-10">
<input type="password" class="form-control" id="cpassword" name="cpassword"
placeholder="Confirm password">
</div>
</div>
<div class="form-group">
<label for="birth-year" class="col-sm-2 control-label">Birth Year</label>
<div class="col-sm-10">
<select id="year" class="birth-year" name="birth-year">
<?php
for($i = 1970; $i < date("Y")+1; $i++){
echo '<option value="'.$i.'">'.$i.'</option>';
}
?>
</select>
</div>
</div>
<div class="form-group">
<label for="gender" class="col-sm-2 control-label register-gender">Gender</label>
<div class="col-sm-10">
<select id="registration_gender" class="select-register " required="required" name="gender">
<option selected="selected" value="">Gender</option>
<option value="_UE_M">Male</option>
<option value="_UE_MRS">Female</option>
</select>
</div>
</div>
<div class="form-group form-action">
<div class="form-action">
<input type="submit" name="submit" class="btn btn-large btn-primary" value="Lets Get Started" >
</div>
</div>
</form>
</div>
</div>
和我的注册过程代码
<div class="page container">
<div class="row col-12 register-page">
<?php
$fname = $_POST['firstname'];
$lname = $_POST['lastname'];
$email = $_POST['email'];
$password = md5($_POST['password']);
$cpassword = md5($_POST['cpassword']);
$birthyear = $_POST['birth-year'];
$gender = $_POST['gender'];
if($fname && $lname && $email && $password && $cpassword){
if($password == $cpassword){
include("config.php");
$insert = 'INSERT INTO users(firstname,lastname,email,password,birth-year,gender)
VALUES("'.$fname.'","'.$lname.'","'.$email.'","'.$password.'","'.$birthyear.'","'.$gender.'")';
mysql_query($insert);
echo "registered successfully";
}
else{
header("Location: register.php");
echo "your password do not match.";
}
}
else{
echo "complete the form please.";
header("Location: register.php");
}
?>
</div>
</div>
答案 0 :(得分:0)
该行
if($fname && $lname && $email && $password && $cpassword){
正在检查这些值是否为真,它们不是。围绕此问题的PHP代码将导致SQL注入,因为您没有验证表单中输入的值。查看转义SQL以及删除HTML实体。
在$ _POST变量上使用函数isset(),这样就可以验证表单是否已正确填写。一旦您满意,表单就会正确填写,SQL转义并将html实体删除到您的本地变量中,然后使用这些实体插入SQL。