我目前正在为我的网站注册页面。我只是需要一些帮助,因为我不确定为什么当我输入注册详细信息(只有2个字段)时,它会转到感谢页面,但是当我检查我的数据库时,USERS下没有新的记录。以下是我的代码:
<?php
$host="*********"; // Host name
$username="**********"; // Mysql username
$password="**********"; // Mysql password
$db_name="arihealthinfo"; // Database name
$tbl_name="USERS"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$ParticipantID=$_POST["ParticipantID"];
$password=$_POST["UserPass"];
$sql = "SELECT ID FROM USERS WHERE ID = '$participantID'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
if($count==0)
{
$sql = "INSERT INTO USERS (ID, PASSWORD) VALUES ('$participantID', '$password')";
echo "Thank you for registering, you can now login:";
?>
<a href= http://www.arihealth.info/index.php>Login Page.</a>
<?php
} else {
echo "Your ID has already been registered:";
?>
<a href= http://www.arihealth.info/registerphp.php>Register Here.</a>
<?php
}
?>
答案 0 :(得分:5)
因为您只是编写查询而不执行它。使用mysql_query()
$sql = "INSERT INTO USERS (ID, PASSWORD) VALUES ('$participantID', '$password')";
mysql_query($sql);
另外
$participantID!=$ParticipantID
将您的选择查询更改为
$sql = "SELECT ID FROM USERS WHERE ID = '$ParticipantID'";
您的查询已打开以进行sql注入检查How can I prevent SQL injection in PHP?
不要将普通密码存入数据库检查
http://php.net/manual/en/function.password-hash.php
http://php.net/manual/en/faq.passwords.php
注意: - 不推荐使用mysql而是使用mysqli或PDO