PHP无法以数据库形式保存数据而无需验证

时间:2015-12-29 16:07:44

标签: php html mysql

我尝试将数据发送到数据库,但它没有得到保存。我的数据库看起来像这样:

数据库名称:logreg

数据库表:用户

用户列:

user_id = int, auto_increment, primary
username = varchar 255
email = varchar 255
password = varchar 255
salt = text

数据库连接:

<?php

 $host = 'localhost';
 $username = 'root';
 $password = 'root';
 $dbName = 'logreg';

 $db = @new mysqli($host, $username, $password, $dbName);

  if(is_string($db->connect_error)){

    die("Keine Verbindung");
  }

我还有一张表格,它是这样构建的:

 <form action="submit.php" method="post" class="login" onsubmit="return registerForm(this);">
    <h1>Create Account
        <span>Please fill out all fields.</span>
    </h1>
    <label>
        <span>Username :</span>
        <input id="name" type="text" name="name" value="" placeholder="Your Username" />
        <p class="alertMessage"></p>
    </label>

    <label>
        <span>Your Email :</span>
        <input id="email" type="email" name="email" placeholder="Your Email Adresse" />
        <p class="alertMessage1"></p>
    </label>

    <label>
        <span>Password :</span>
        <input id="password" type="password" name="password3"  placeholder="Your Passwort">
        <p class="alertMessage2"></p>
    </label>
    <label>
        <span>Repeat Password :</span>
        <input id="password1" type="password" name="password4" placeholder="repeat Password">
        <p class="alertMessage2"></p>
    </label>
    <label>
        <span>Countrys :</span><select name="selection">
        <option value="Deutschland">Deutschland</option>
        <option value="Frankreich">Frankreich</option>
        <option value="Spanien">Spanien</option>
        <option value="Portugal">Portugal</option>
        <option value="Italien">Italien</option>
    </select>
    </label>
    <label>
        <span>&nbsp;</span>
        <input type="submit" name="submit" class="button" value="Create" />
    </label>

    <a href="anmelden.php">Already Registerd? Click here!</a>
</form>

我已经使用JavaScript验证它并且它工作正常,但PHP验证不起作用。

<?php
include_once 'init.inc.php';

 if($_POST['Create']){

if($_POST['name'] && $_POST['password3'] && $_POST['email']){

    $username = mysqli_real_escape_string($_POST['name']);
    $password = mysqli_real_escape_string(hash("sha512", $_POST['password3']));
    $email = "";

    if($_POST['email']){
        $email = mysqli_real_escape_string($_POST['email']);

    }

    $check = mysqli_fetch_array(mysqli_query("SELECT * FROM 'users' WHERE 'username' = $username"));

    if($check != '0'){
        die("That username already exists!");
    }

    if(!ctype_alnum($username)){
        die("Username contains special characters");
    }

    if(strlen($username) > 20){

        die("Username is to long ");
    }

    $salt = hash("sha512", rand() . rand(). rand());
    mysqli_query("INSERT INTO 'users' ('username', 'password', 'email', 'salt') VALUES ('$username', '$password', '$email', '$salt')");
    setcookie("c_user", hash("sha512", $username), time() +24 * 60 * 60, "/");
    setcookie("c_salt", $salt, time() +24 * 60 * 60, "/");
    die("Your Account has been created");
}
 }
 ?>

注册部分的内容。这是登录部分。

<form action="submit.php" method="post" class="login" onsubmit=" return loginForm(this);">
        <h1>Please login with your Credentials
        </h1>
        <label>
            <span>Your Username :</span>
            <input id="email" type="text" name="user1" placeholder="Your Username" />
            <p class="Message"></p>
        </label>

        <label>
            <span>Password :</span>
            <input id="password" type="password" name="password5" placeholder="Your Password">
            <p class="Message1"></p>
        </label>
        <label>
            <span>&nbsp;</span>
            <input type="Submit" class="button" value="Login"/>
        </label>
    <a href="registrieren.php">Not a Member? Click here!</a>
    </form>

登录的PHP部分:

<?php

include_once 'init.inc.php';

 if($_POST['Login']){

if($_POST['user1'] && $_POST['password5']){

    $username = mysqli_real_escape_string($_POST['user1']);
    $password = mysqli_real_escape_string(hash("sha512", $_POST['password5']));
    $user = mysqli_fetch_array(mysqli_query("SELECT * FROM 'users' WHERE 'username'='$username'"));

    if($user == '0'){
        die("That username doesn't exist!");
    }

    if($user['password5'] != $password){
        die("Incorrect password");
    }

    $salt = hash("sha512", rand() . rand() . rand());
    setcookie("c_user", hash("sha512", $username), time() + 24 * 60 * 60, "/");
setcookie("c_salt", $salt, time() + 24 * 60 * 60, "/");
    $userID = $user['user_id'];
    mysqli_query("UPDATE 'users' SET 'salt' = '$salt' WHERE 'user_id' = '$userID' ");
    die("You are now logged in as $username");

}
}
 ?>

1 个答案:

答案 0 :(得分:0)

if($_POST['Create']){

从我的表单中可以看出这是错误的。 它应该是:

if($_POST['submit']){

原因如下:

<input type="submit" name="submit" class="button" value="Create" />

POST使用名称值,在这种情况下提交。

登录部分也是如此。

<input type="Submit" class="button" value="Login"/>

这没有名称价值。 将其更改为:

<input type="Submit" name="Login" class="button" value="Login"/>

然后,您可以开始努力让您的某些功能正常工作。但这应该更容易理解。如果没有,我会很高兴知道并帮助:)。