我遇到这个问题,注册成功了,但它没有把信息写入数据库..为什么?
注册程序代码:
<?php
include_once 'db_connect.php';
include_once 'psl-config.php';
$error_msg = "";
if (isset($_POST['username'], $_POST['email'], $_POST['p'])) {
// Sanitize and validate the data passed in
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Not a valid email
$error_msg .= '<p class="error">The email address you entered is not valid</p>';
}
$password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
// Username validity and password validity have been checked client side.
// This should should be adequate as nobody gains any advantage from
// breaking these rules.
//
$prep_stmt = "SELECT id FROM members WHERE email = ? LIMIT 1";
$stmt = $mysqli->prepare($prep_stmt);
// check existing email
if ($stmt) {
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
$error_msg .= '<p class="error">A user with this email address already exists.</p>';
}
$stmt->close();
}
// check existing username
$prep_stmt = "SELECT id FROM members WHERE username = ? LIMIT 1";
$stmt = $mysqli->prepare($prep_stmt);
if ($stmt) {
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
$error_msg .= '<p class="error">A user with this username already exists.</p>';
}
$stmt->close();
}
// TODO:
// We'll also have to account for the situation where the user doesn't have
// rights to do registration, by checking what type of user is attempting to
// perform the operation.
if (empty($error_msg)) {
// Create salted password
$passwordHash = password_hash($password, PASSWORD_BCRYPT);
// Insert the new user into the database
if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password) VALUES (?, ?, ?)")) {
$insert_stmt->bind_param('sss', '$username', '$email', '$passwordHash');
// Execute the prepared query.
if (! $insert_stmt->execute()) {
header('Location: ../error.php?err=Registration failure: INSERT');
}
}
header('Location: ./continue.php');
}
}
报名表:
<div class="register-form">
<center><h2>Registration</h2></center>
<form action="<?php echo esc_url($_SERVER['PHP_SELF']); ?>"
method="post"
name="registration_form">
<center><p></p><input type='text'
name='username'
placeholder="Username"
id='username' /><br></center>
<center><p></p><input type="text" name="email" id="email" placeholder="Email" /><br></center>
<center><p></p><input type="password"
name="password"
placeholder="Insert Password"
id="password"/><br></center>
<center><p></p><input type="password"
name="confirmpwd"
placeholder="Repeat Password"
id="confirmpwd" /><br></center>
<center><p></p><input type="submit" class="button"
value="Register"
onclick="return regformhash(this.form,
this.form.username,
this.form.email,
this.form.password,
this.form.confirmpwd);" /> </center>
</form>
</div>
上次确实有效,但现在却没有,因为服务器有内部错误,所以我不得不重新上传所有文件,还要创建一个新的数据库。我重写了数据库名称和传递,以及应该存在的所有内容,因此它连接到正确的数据库,但是在注册时它不会将信息写入该数据库。
答案 0 :(得分:2)
您正在插入文字字符串,即变量名称,而不是值。如果您有唯一约束,这将在第一次失败后失败:
$insert_stmt->bind_param('sss', '$username', '$email', '$passwordHash');
你需要:
$insert_stmt->bind_param('sss', $username, $email, $passwordHash);