我一直试图搞乱注册系统。但是当我尝试将信息插入数据库时。没有生成新行。我没有收到任何错误,我的代码似乎合法。有什么东西我不知道INSERT INTO吗?
$username = $_POST['regusername'];
$email = $_POST['regemail'];
$password = $_POST['regpassword'];
$cpassword = $_POST['regpasswordcon'];
$firstname = $_POST['regfirstname'];
$lastname = $_POST['reglastname'];
//check username for weird symbols
if (preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', $username)){
// one or more of the 'special characters' found in string
//header("Location: /register.php");
echo "Your username should only contain letters and numbers";
exit;
}
//check if username is taken
$check = $con->prepare("SELECT * FROM accounts WHERE username=:user");
$check->bindParam(':user',$username);
$check->execute();
$result = $check->fetch(PDO::FETCH_ASSOC);
if(!empty($result)){
//header("Location: /register-page.php"); //direct browser back to sign in
echo "User is already taken";
exit;
}else{ //otherwise proceed to register new user
//Hashing of password
$hpassword = password_hash($password, PASSWORD_DEFAULT);
//Prepared statements for SQL injection prevention
$query = $con->prepare("INSERT INTO accounts (username, password, email, firstname, lastname) VALUES (:name,:hpassword,:email,:fname,:lname) ");
//bind parameters
$query->bindParam(':name',$username);
$query->bindParam(':hpassword',$hpassword);
$query->bindParam(':email',$email);
$query->bindParam(':fname',$firstname);
$query->bindParam(':lname',$lastname);
$query->execute();
}