今天我正在使用this tutorial关于创建一个使用phpmyAdmin注册的论坛。在我到达这行代码之前,它一直很好,我应该在SQL中输入。
1. INSERT INTO
2. users(user_name, user_pass, user_email ,user_date, user_level)
3. VALUES('" . mysql_real_escape_string($_POST['user_name']) . "',
4. '" . sha1($_POST['user_pass']) . "',
5. '" . mysql_real_escape_string($_POST['user_email']) . "',
6. NOW(),
7. 0);
所以我在phpmyAdmin中输入了它,我收到了这个错误:
1064 - 您的SQL语法出错;检查与MariaDB服务器版本对应的手册,以便在'user_name'附近使用正确的语法]。 “','”。 sha1($ _ POST ['user_pass'])。 “','”。 mys'在第3行
这是我用于signup.php的PHP
<?php
//signup.php
include 'connect.php';
include 'header.php';
echo '<h3>Sign up</h3>';
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
/*the form hasn't been posted yet, display it
note that the action="" will cause the form to post to the same page it is on */
echo '<form method="post" action="">
Username: <input type="text" name="user_name" />
Password: <input type="password" name="user_pass">
Password again: <input type="password" name="user_pass_check">
E-mail: <input type="email" name="user_email">
<input type="submit" value="Add category" />
</form>';
}
else
{
/* so, the form has been posted, we'll process the data in three steps:
1. Check the data
2. Let the user refill the wrong fields (if necessary)
3. Save the data
*/
$errors = array(); /* declare the array for later use */
if(isset($_POST['user_name']))
{
//the user name exists
if(!ctype_alnum($_POST['user_name']))
{
$errors[] = 'The username can only contain letters and digits.';
}
if(strlen($_POST['user_name']) > 30)
{
$errors[] = 'The username cannot be longer than 30 characters.';
}
}
else
{
$errors[] = 'The username field must not be empty.';
}
if(isset($_POST['user_pass']))
{
if($_POST['user_pass'] != $_POST['user_pass_check'])
{
$errors[] = 'The two passwords did not match.';
}
}
else
{
$errors[] = 'The password field cannot be empty.';
}
if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
{
echo 'Uh-oh.. a couple of fields are not filled in correctly..';
echo '<ul>';
foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
{
echo '<li>' . $value . '</li>'; /* this generates a nice error list */
}
echo '</ul>';
}
else
{
//the form has been posted without, so save it
//notice the use of mysql_real_escape_string, keep everything safe!
//also notice the sha1 function which hashes the password
$sql = "INSERT INTO
users(user_name, user_pass, user_email ,user_date, user_level)
VALUES('" . mysql_real_escape_string($_POST['user_name']) . "',
'" . sha1($_POST['user_pass']) . "',
'" . mysql_real_escape_string($_POST['user_email']) . "',
NOW(),
0)";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'Something went wrong while registering. Please try again later.';
//echo mysql_error(); //debugging purposes, uncomment when needed
}
else
{
echo 'Successfully registered. You can now <a href="signin.php">sign in</a> and start posting! :-)';
}
}
}
include 'footer.php';
?>
我不知道它在说什么。请给我另一种方法来做到这一点!
答案 0 :(得分:3)
您无法将PHP粘贴到phpMyAdmin中,phpMyAdmin仅适用于SQL。
您可以在phpMyAdmin下使用硬编码数据测试SQL,例如:
INSERT INTO
users(user_name, user_pass, user_email ,user_date, user_level)
VALUES('admin',
sha1('password'),
'admin@example.com',
NOW(),
0);
如果添加echo语句以显示$sql变量的内容,则可以获取该值并将其粘贴到phpMyAdmin中。
另外,不要使用mysql扩展 - 它在PHP 5.x中已弃用并从PHP 7中删除。请改用mysqli或PDO。
答案 1 :(得分:0)
SQL拼写错误,输出已调试
$sql = "INSERT INTO
users(user_name, user_pass, user_email ,user_date, user_level)
VALUES('" . mysql_real_escape_string($_POST['user_name']) . "',
'" . sha1($_POST['user_pass']) . "',
'" . mysql_real_escape_string($_POST['user_email']) . "',
NOW(),
0)";