我是php和mysql的新手。我有以下注册表格,要求用户输入姓名,密码和电子邮件。验证工作,我能够连接到数据库,但我无法插入表中,因为我很难将代码从旧MySQL更新到MySQL PDO。这是代码:
表格:
<form name="registration" method="post" action="registration.php">
<table width="400" border="5" align="center">
<tr>
<td colspan="5"><h1>Registration Form</h1></td>
</tr>
<tr>
<td>User Name:</td>
<td><input type="text" name="name" /></td>
</tr>
<tr>
<td>User Password:</td>
<td><input type="password" name="pass" /></td>
</tr>
<tr>
<td>User Email:</td>
<td><input type="text" name="email" /></td>
</tr>
<tr>
<td colspan="5" align="center"><input type="submit" name="submit" value="Sign up" /></td>
</tr>
</table>
</form>
以下是PHP和MySQL部分:
<?php
// PDO connect
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "users_db";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//echo "Connected successfully";
}
catch(PDOException $e)
{
echo "Connection failed: " . $e->getMessage();
}
if(isset($_POST['submit'])){
$user_name = $_POST['name'];
$user_pass = $_POST['pass'];
$user_email = $_POST['email'];
if($user_name==''){
echo "<script>alert('Please enter your name!')</script>";
exit();
}
if($user_name==''){
echo "<script>alert('Please enter a password!')</script>";
exit();
}
if($user_name==''){
echo "<script>alert('Please enter your email!')</script>";
exit();
}
// Validation and field insertion
$check_email = "select * from users where user_name='$user_email'";
$run = mysql_query($check_email);
if(mysql_num_rows($run)>0){
echo <script>alert('Email $user_email already exist!')</script>";
exit();
}
$query = "insert into users(user_name,user_pass,user_email) values ('$user_name','$user_name','$user_name') ";
if(mysql_query($query)){
echo <script>window.open('welcome.php','_self')</script>";
exit();
}
}
?>
请让我知道在&#34; //验证和字段插入&#34;之后如何更新?一部分。
答案 0 :(得分:2)
这个(您的)代码不是很好,但是使用您的示例,而不是警告用户(电子邮件)存在的警告,只需更新该user_email的记录。
if(mysql_num_rows($run)>0){
//echo <script>alert('Email $user_email already exist!')</script>";
//exit();
// 'Update' here if the email exists
$query = "update users set user_name = '$user_name',
user_pass = '$user_pass'
where user_email ='$user_email'";
if(mysql_query($query)){
echo "<script>window.open('welcome.php','_self')</script>";
exit();
}
} else {
$query = "insert into users(user_name,user_pass,user_email)
values ('$user_name','$user_pass','$user_email') ";
if(mysql_query($query)){
echo "<script>window.open('welcome.php','_self')</script>";
exit();
}
}
检查查询中的变量名.. ..并打开带引号的字符串。
此外,此代码对SQL注入攻击持开放态度.. ..并使用已弃用的mysql_ *函数。
考虑修改代码以使用mysqli_ *并阅读有关从表单中清理输入的信息。
答案 1 :(得分:1)
它适合您,但您需要阅读有关PDO的更多信息:
<?php
// PDO connect
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "users_db";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//echo "Connected successfully";
}
catch(PDOException $e)
{
echo "Connection failed: " . $e->getMessage();
}
if(isset($_POST['submit'])){
$user_name = $_POST['name'];
$user_pass = $_POST['pass'];
$user_email = $_POST['email'];
if($user_name==''){
echo "<script>alert('Please enter your name!')</script>";
exit();
}
if($user_name==''){
echo "<script>alert('Please enter a password!')</script>";
exit();
}
if($user_name==''){
echo "<script>alert('Please enter your email!')</script>";
exit();
}
// Validation and field insertion
$check_email = "select * from users where user_email = :email";
$check_email = $conn->prepare($check_email);
$check_email->execute(array(':email'=>$user_email));
if($check_email->rowCount() >0){
echo "<script>alert('Email $user_email already exist!')</script>";
exit();
}
$query = "insert into users(user_name,user_pass,user_email) values (?, ?, ?)";
$query = $conn->prepare($query);
$query->bindParam('1', $user_name);
$query->bindParam('2', $user_pass);
$query->bindParam('3', $user_email);
$query->execute();
if($query->rowCount() > 0) {
echo "<script>window.open('welcome.php','_self')</script>";
exit();
}
}
?>
答案 2 :(得分:0)
//change your database name and table name
<?php
// PDO connect
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//echo "Connected successfully";
}
catch(PDOException $e)
{
echo "Connection failed: " . $e->getMessage();
}
if(isset($_POST['submit'])){
$user_name = $_POST['name'];
$user_pass = $_POST['pass'];
$user_email = $_POST['email'];
if($user_name==''){
echo "<script>alert('Please enter your name!')</script>";
exit();
}
if($user_pass==''){
echo "<script>alert('Please enter a password!')</script>";
exit();
}
if($user_email==''){
echo "<script>alert('Please enter your email!')</script>";
exit();
}
// Validation and field insertion
$stmt = $conn->prepare("SELECT * FROM user WHERE user_email=?");
$stmt->execute(array($user_email));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
if(count($rows)>0){
echo "<script>alert('Email $user_email already exist!')</script>";
exit();
}
$query = "insert into user(`user_name`,`user_pass`,`user_email`) values (?,?,?)";
$sql_query = $conn->prepare($query);
if($sql_query->execute(array($user_name,$user_pass,$user_email))){
echo "<script>window.open('welcome.php','_self')</script>";
exit();
}
}
?>