Question

有人可以向我解释为什么我在这里没有注释的代码仍然插入到我的数据库中，即使我将注册表单输入值留空了？

谢谢！

PHP

<?php

        require_once("connection.php");

    if ($_POST['submit'] == "Sign Up") {

        if (!$_POST['email']) { $error.="<br />Please enter your email"; 

        } else if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $error.="<br />Please enter a valid email address";

        } if (!$_POST['password']) { $error.="<br />Please enter your password";

        } else if (strlen($_POST['password']) <8) { $error.="<br />Please enter a password of at least 8 characters in length";

        } if (!preg_match('`[A-Z]`', $_POST['password'])) { $error.="<br />Please enter at least one Uppder Case charater";

        }

        if ($error) { echo "There were error(s) in your signup details:".$error;

        } else {

                $query = "SELECT * FROM `users` WHERE `email`='".mysqli_real_escape_string($link, $_POST['email'])."'";

                $result = mysqli_query($link, $query);

                $results = mysqli_num_rows($result);

        } if ($results) { echo "That email address is already in registered. Do you want to log in?"; 

        } else {

                $query = "INSERT INTO `users` (`email`, `password`) VALUES ('".mysqli_real_escape_string($link, $_POST['email'])."', '".md5(md5($_POST['email']).$_POST['password'])."')";

                mysqli_query($link, $query);

                echo "You&apos;ve been signed up!";

        }

    }

        //if ($_POST['submit'] == "Log In") {

                //$query = "SELECT * FROM `users` WHERE `email` = '".mysqli_real_escape_string($link, $_POST['loginemail'])."' AND `password` = '".md5(md5($_POST['loginemail']).$_POST['loginpassword'])."' LIMIT 1";

                //$result = mysqli_query($link, $query);

                //$row = mysqli_fetch_array($result);

        //} if ($row) {

                //$_SESSION['id']=$row['id'];

                //print_r($_SESSION);

        //} else {

                //echo "We could not find a user with that email and password. Please try again.";

    //}
?>

HTML

<form method="post">

    <input type="email" name="email" id="email" placeholder="Your Email" value="<?php echo addslashes($_POST['email']);?>" />

    <input type="password" name="password" id="password" placeholder="Your Password" value="<?php echo addslashes($_POST['email']);?>" />

    <input type="submit" name="submit" value="Sign Up" />

</form>


<form method="post">

    <input type="email" name="loginemail" id="loginemail" placeholder="Your Email" value="<?php echo addslashes($_POST['loginemail']);?>" />

    <input type="password" name="loginpassword" id="loginpassword" placeholder="Your Password" value="<?php echo addslashes($_POST['loginemail']);?>" />

    <input type="submit" name="submit" value="Log In" />

</form>

Answer 1

你的逻辑错了：

if ($error) {
   echo "There were error(s) in your signup details:".$error;
} else {
   ...
   // here `$results` is set
}

// What happens if `$results` is not set?
if ($results) {
   echo "That email address is already in registered. Do you want to log in?"; 
} else {
   // Yep, we go here...
   // insert!

请注意，如果出现错误，则不会设置$results，因此您将输入第二个else语句的if部分，插入有错误的行。

您应该将所有内容放在无错误的块中，或者在要插入时再次检查：

if ($results && !$error) {

或者在错误块等中将$results设置为false。可能有多种解决方案。

Answer 2

可能你的数据库表有一个自动增量字段，所以即使你插入空值，它也会添加一行。

Answer 3

始终使用if(!isset($_POST['name']))进行验证，否则“空”也是发布的值。尝试一下，希望这会对你有帮助。

PHP代码插入数据库而没有输入字段中的值

3 个答案: