我创建了一个模态表单来捕获完整的联系信息并上传到数据库。工作得很完美。使用完全相同的代码创建用于登录的第二个模态窗口。消除了多余的代码。继续得到完全相同的错误消息:
错误:INSERT INTO team_members(id,username,password)VALUES(NULL,'hfuller','davidson')
我创建了一个测试文件,然后连接。我根本无法更新到数据库。我甚至尝试过复制和粘贴教师的示例文件。该文件也无法更新数据库。
这是我的代码(我更改了数据库引用;其他所有内容都与我的数据库匹配):
<?php
include('connection.php');
if( isset( $_POST["add"] ) ) {
// build a function that validates data
function validateFormData( $formData ) {
$formData = trim( stripslashes( htmlspecialchars( $formData ) ) );
return $formData;
}
// set all variables to empty by default
$username = $password = "";
// check to see if inputs are empty
// create variables with form data
// wrap the data with our function
if( !$_POST["username"] ) {
$nameError = "Please enter a username <br>";
} else {
$username = validateFormData( $_POST["username"] );
}
if( !$_POST["password"] ) {
$passwordError = "Please enter a password <br>";
} else {
$password = validateFormData( $_POST["password"] );
}
// check to see if each variable has data
if( $username && $password ) {
$query = "INSERT INTO team_members (id, username, password)
VALUES (NULL, '$username', '$password')";
if( mysqli_query( $conn, $query ) ) {
echo "<div class='alert alert-success alert-dismissible'><button type='button' class='close' data-dismiss='alert'><span>×</span></button><strong>Credentials are authenticated!</strong> You can now proceed to do the great work that you do!</div>";
} else {
echo "Error: ". $query . "<br>" . mysqli_error($conn);
}
}
}
mysqli_close($conn);
?>
<!-- Modal for Request Information Packet -->
<form class="modal fade form-horizontal" id="team_login" action="<?php echo htmlspecialchars( $_SERVER['PHP_SELF'] ); ?>" method="post">
<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal"><span>×</span></button>
<h3 class="modal-title"><span class="glyphicon glyphicon-lock"></span> Login to the ICTUS Team Portal</h3>
<p>You must enter the correct username and password in order to open the ICTUS Team Member Portal.</p>
</div>
<div class="modal-body">
<div class="center-block text-center">
<img class="img-thumbnail img-circle" src="https://lh5.googleusercontent.com/-b0-k99FZlyE/AAAAAAAAAAI/AAAAAAAAAAA/eu7opA4byxI/photo.jpg?sz=120" alt="Warning Sign"><br><br>
<p><strong>Just a reminder that the information included in the team portal is subject to our Confidentiality Agreement and cannot be shared without prior written permission. Thank you for your cooperation.</strong></p><br><br>
<div class="form-group">
<label class="col-sm-3 control-label"><small class="text-danger">* <?php echo $nameError; ?>* <?php echo $passwordError; ?></small>Login Credentials: </label>
<div class="col-sm-4">
<input type="text" placeholder="Enter Username" name="username" class="form-control">
</div>
<div class="col-sm-4">
<input type="password" placeholder="Enter Password" name="password" class="form-control">
</div>
</div>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-lg btn-default" id="information" data-dismiss="modal">Cancel</button>
<button type="submit" name="add" class="btn btn-lg btn-default" id="information">Log In</button>
</div>
</div>
</div>
</form>
我知道这不安全等等。这是创建我正在处理的安全登录页面的第一步。我只是真的卡在第一页,无法找到问题。就像我说的那样,模态窗口中更复杂的完整联系信息收集表格非常完美。
答案 0 :(得分:1)
查看此查询:
INSERT INTO team_members (id, username, password)
VALUES (NULL, '$username', '$password')
如果id意图识别记录,则NULL不会做得很好。如果所有标识符都是NULL,如何识别任何给定记录?此外,如果它是主键,那么它可能是NOT NULL ,而对于任何给定的行都需要一个唯一值。
我的 guess 是id是一个自动递增列,或者以某种其他方式在数据库本身自动生成其值。如果是这种情况,请完全从查询中省略它:
INSERT INTO team_members (username, password)
VALUES ('$username', '$password')
基本上,如果数据库本身就是要创建一个值,请不要尝试提供值。数据库将优先考虑您提供的那个,而不是任何创建它的尝试。
作为旁注,您可能希望研究使用预准备语句和查询参数。消毒输入是一件好事,但它仍然只是掩盖了潜在的问题。这是您创建用户输入作为代码而不是作为值。使用查询参数将输入视为值,而不是尝试执行。