我正在网站上工作,但我有点不确定如何继续。我已经阅读了一些文档,但我认为我错过了一些东西或者找错了东西。基本上,我有一个网页,有一堆页面和几页有表格。我正在尝试解决我的第一个表单,注册表,其中包含一个注册表单。以下是用户填写注册表格:
<form action = "register.php" method = "post">
<br><br>First Name:<br>
<input type="text" name="firstname">
<br>
Last Name:<br>
<input type="text" name="lastname">
<br>
Street Address:<br>
<input type="text" name="streetaddress"> <br>
City:<br>
<input type="text" name="city"> <br>
State:<br>
<input type="text" name="state"> <br>
Zip Code:<br>
<input type="text" name="zipcode"> <br>
Phone Number:<br>
<input type="text" name="phonenumber"> <br>
Email Address:<br>
<input type="text" name="emailaddress"> <br>
User Name:<br>
<input type="text" name="username"> <br>
Password:<br>
<input type="text" name="password"> <br>
<br>Would you like to receive emails about CSIT World Conference?<br>
<input type="radio" name="email" value="yes">Yes
<input type="radio" name="email" value="no">No
<br><br>Would you be interested in volunteering at CSIT World Conference??<br>
<input type="radio" name="help" value="yes">Yes
<input type="radio" name="help" value="no">No
<br><br>
<input type="submit" value="Submit">
</form>
我认为它应该将数据发送到register.php,看起来像这样。
define('DB_NAME', 'register');
define('DB_USER', 'root');
define('DB_PASSWORD', 'password');
define('DB_HOST', 'localhost');
$link = mysql_connect(DB_NAME, DB_HOST, DB_USER, DB_PASSWORD);
if (!$link) {
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db(DB_NAME, $link);
if (!$db_selected) {
die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$streetaddress = $_POST['streetaddress'];
$city = $_POST['city'];
$state = $_POST['state'];
$zipcode = $_POST['zipcode'];
$phonenumber = $_POST['phonenumber'];
$emailaddress = $_POST['emailaddress'];
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "INSERT INTO register (firstname, lastname, streetaddress, city, state, zipcode, phonenumber, emailaddress, username, password) VALUES ('$firstname', '$lastname', '$streetaddress', '$city', '$state', '$zipcode', '$phonenumber', '$emailaddress', '$username', '$password')";
$result = mysql_query($sql);
mysql_close();
</script>
</html>
我还在XAMPP上通过phpmyadmin创建了一个空的MYSQL数据库。基本上我想弄清楚我是否走在正确的轨道上。我的理解是,一旦我点击提交,它应该填充我创建的register.mysql表。然而,似乎没有任何事情发生。
另外,这是我的connect.php文件
<html>
<head>
</head>
<body>
<?php
$con = mysql_connect("localhost","root","password");
if(!$con){
die("Cannot connect:".mysql_error());
}
mysql_close($con);
?>
</body>
</html>
非常感谢任何帮助或指示。
答案 0 :(得分:1)
您不应该使用mysql_ *函数,因为它们已被弃用。尝试学习PDO会更好,但是对于这个例子,你可以使用mysqli_ *。另外,请检查散列密码。我希望您发现以下代码有用。
<?php
define('DB_NAME', 'register');
define('DB_USER', 'root');
define('DB_PASSWORD', 'password');
define('DB_HOST', 'localhost');
$link = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
mysqli_set_charset($link, 'utf8');
if (!$link) {
die("Database connection failed: " . mysqli_error($link));
}
//Use array to not repeat code
$post_vars = array('firstname', 'lastname', 'streetaddress', 'city', 'state', 'zipcode', 'phonenumber', 'emailaddress', 'username', 'password');
foreach($post_vars as $key) {
$$key = mysqli_real_escape_string($link, $_POST[$key]);
//For example now there is a variable $firstname that you can use
}
$sql = "INSERT INTO user (firstname, lastname, streetaddress, city, state, zipcode, phonenumber, emailaddress, username, password) VALUES ('$firstname', '$lastname', '$streetaddress', '$city', '$state', '$zipcode', '$phonenumber', '$emailaddress', '$username', '$password');";
$result = mysqli_query($link, $sql);
mysqli_close($link);
?>
编辑:
您可以选择这样的数据(另请考虑尝试其他答案所具有的PDO代码)。
$query = "SELECT username, firstname, lastname FROM user;";
$result = mysqli_query($link, $query);
while ($row = mysqli_fetch_array($result)) {
echo $row['username'].'<br />';
}
编辑2
用户用户表的SQL如下。相应地编辑它。
CREATE TABLE IF NOT EXISTS user (
id int unsigned not null auto_increment,
firstname varchar(40),
lastname varchar(40),
username varchar(40),
password varchar(40),
state varchar(40),
city varchar(40),
streetaddress varchar(40),
zipcode varchar(40),
phonenumber varchar(40),
emailaddress varchar(255),
email tinyint unsigned default 1,
help tinyint unsigned default 1,
time_created timestamp default CURRENT_TIMESTAMP,
primary key(id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
答案 1 :(得分:-1)
我会建议同样的!使用PDO并确保你&#34; PREPARE&#34;您的陈述,我已使用PDO重写您的数据。通过准备我们的数据,我们可以防止SQL注入,这可能会对您的数据完整性产生负面影响,并使不受欢迎的用户能够访问您的表。
<?php
// config
$dbtype = "mysql";
$dbhost = "localhost";
$dbname = "register";
$dbuser = "root";
$dbpass = "password";
// Connection Info
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
// Write Query
$sql = "INSERT INTO books (firstname,lastname,streetaddress,city,state,zipcode,phonenumber,emailaddress,username,password) VALUES (firstname,:lastname,:streetaddress,:city,:state,:zipcode,:phonenumber,:emailaddress,:username,:password)";
// Prepare Statement
$q = $conn->prepare($sql);
$q->execute(array(':firstname'=>$firstname
':lastname'=>$lastname
':streetaddress'=>$streetaddress
':city'=>$city
':state'=>$state
':zipcode'=>$zipcode
':phonenumber'=>$phonenumber
':emailaddress'=>$emailaddress
':username'=>$username
':password'=>$password));
?>