这是我的代码:
<?php
error_reporting(E_ALL ^ E_NOTICE);
ini_set('display_errors', '1');
DEFINE ('DB_HOST', 'localhost');
DEFINE ('DB_USER', 'root');
DEFINE ('DB_PSWD', '');
DEFINE ('DB_NAME', 'facebooklogin');
$connection = mysql_connect(DB_HOST, DB_USER, DB_PSWD) or die(mysql_error());
$db = mysql_select_db(DB_NAME, $connection) or die(mysql_error());
$register_firstname = $_POST['register_password'];
$register_lastname = $_POST['register_password'];
$register_username = $_POST['register_username'];
$register_password = $_POST['register_password'];
$register_confirm_password = $_POST['register_confirm_password'];
$register_email = $_POST['register_email'];
$register_firstname = mysql_real_escape_string($register_firstname);
$register_lastname = mysql_real_escape_string($register_lastname);
$register_username = mysql_real_escape_string($register_username);
$register_password = mysql_real_escape_string($register_password);
$register_confirm_password = mysql_real_escape_string($register_confirm_password);
$register_email = mysql_real_escape_string($register_email);
$query = "SELECT * FROM users WHERE username='$register_username'";
$result = mysql_query($query);
$count = mysql_num_rows($result);
if($count == 1){
echo "That username is taken. Please try another.";
}else{
$query = "SELECT * FROM users WHERE email='$register_email'";
$result = mysql_query($query);
$count = mysql_num_rows($result);
if($count == 1){
echo "That email is already in use. Please try again.";
}else{
if(strlen($register_firstname) == 0 or strlen($register_lastname) == 0 or strlen($register_username) == 0 or strlen($register_password) == 0 or strlen($register_confirm_password) == 0 or strlen($register_email) == 0){
echo "Please complete all forms.";
}else if(strlen($register_username) < 3 or strlen($register_username) > 12){
echo "Username must be between 3 and 12 characters.";
}else if(strlen($register_password) < 5 or strlen($register_password) > 12){
echo "Password must be between 5 and 12 characters.";
}else if($register_password != $register_confirm_password){
echo "Passwords do not match. Please try again.";
}else{
$dbinsert = "INSERT INTO users (username, password, first_name, last_name, email) VALUES ('$register_username', '$register_password', '$register_firstname', '$register_lastname', '$register_email')";
if(!mysqli_query($dbinsert)){
die("Error registering new user in database.");
}
echo "Registered!";
}
}
}
?>
<html>
<head>
<title>registered</title>
</head>
</html>
当我运行这个时,我得到2个错误:不推荐使用:mysql_connect():不推荐使用mysql扩展,将来会删除它:使用mysqli或PDO代替
和
警告:mysqli_query()需要至少2个参数,1个给定
有人可以知道此代码中的错误是什么,请修复它。
答案 0 :(得分:1)
因为,您在代码中的任何位置都使用mysql_*。问题似乎在你的else声明中。您应该在else语句中使用mysql_query而不是mysqli_query。
else{
$dbinsert = "INSERT INTO users (username, password, first_name, last_name, email) VALUES ('$register_username', '$register_password', '$register_firstname', '$register_lastname', '$register_email')";
if(!mysql_query($connection,$dbinsert)){
die("Error registering new user in database.");
}
答案 1 :(得分:0)
你的错误来自两个地方。
第一个是指mysql_connect 已弃用这一事实。这是您的代码给您的严重警告。是的,您可以更正您的代码以使其正常工作,但 将在未来版本的php中停止工作 。
mysqli_query的语法需要连接数据库作为参数。要正确使用
mysqli_query($conection,$dbinsert)
if(!mysqli_query($conection,$dbinsert)){
die("Error registering new user in database.");
}
请注意,您需要在此处执行相同的操作(以及您使用已弃用的函数的任何其他位置:
$result = mysql_query($query);
应该是:
$result = mysqli_query($connection, $query);
等。还要查看你的mysql_num_rows并使用类似这样的内容:http://www.w3schools.com/php/func_mysqli_num_rows.asp
再修改一次:
查看连接到使用旧mysql_语法的数据库的代码中的任何php连接并更新它。其中包括mysql_connect,mysql_select_db,mysql_real_escape_string,mysql_query,mysql_num_rows以及您倾向于使用这些内容的任何其他地方。
mysqli以外还有其他选项,例如PDO。两者都很好。我也非常认真地考虑准备你的陈述。这将加速大插入,更新,选择等,但也a)增加安全性(他们几乎删除了大多数sql注入攻击;至少是脚本 - 小孩的),以及b)删除任何需要记住逃脱所有你的变量(一个很好的奖金)。