我目前正在使用PHP开发一个注册页面 这一切似乎运行正常,但信息没有输入数据库。我一直在找几个小时,但似乎无法找到问题。 任何帮助表示赞赏。
<!DOCTYPE>
<html>
<head>
<title>Web App</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="style.css">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4 /jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7 /js/bootstrap.min.js"></script>
</head>
<body style="background:lightblue;">
<div class="container">
<h1>Register</h1>
<form action="#" method="POST">
<div class="form-group">
<label for="email">Email address:*</label>
<input type="email" class="form-control" name="email" placeholder="Example@hotmail.co.uk" value="<?php if(isset($_POST['email'])) echo $_POST['email'];?>">
</div>
<div class="form-group">
<label for="fname">First Name:*</label>
<input type="text" class="form-control" name="fname" placeholder="John" value="<?php if(isset($_POST['fname'])) echo $_POST['fname'];?>">
</div>
<div class="form-group">
<label for="lname">Last Name:*</label>
<input type="text" class="form-control" name="lname" placeholder="Smith" value="<?php if(isset($_POST['lname'])) echo $_POST['lname'];?>">
</div>
<div class="form-group">
<label for="pwd">Password:*</label>
<input type="password" class="form-control" name="pwd1" placeholder="*********" value="<?php if(isset($_POST['pwd1'])) echo $_POST['pwd1'];?>">
</div>
<div class="form-group">
<label for="pwd">Re-Enter Password:*</label>
<input type="password" class="form-control" name="pwd2" placeholder="*********" value="<?php if(isset($_POST['pwd2'])) echo $_POST['pwd2'];?>">
</div>
<button type="submit" class="btn btn-default">Submit</button>
</form>
</div>
<?php
if($_SERVER['REQUEST_METHOD'] =='POST'){
require('connect.php');
$error = false;
//email
if(isset($_POST['email'])){
$email = mysql_real_escape_string(trim($_POST['email']));
}
else{
echo'please enter your email address';
$error = true;
}
//first name
if(!isset($_POST['fname'])){
$fname = mysql_real_escape_string(trim($_POST['fname']));
}
else{
echo'please enter your first name';
}
//last name
if(isset($_POST['fname'])){
$lname = mysql_real_escape_string(trim($_POST['lname']));
}
else{
echo'please enter your last name';
$error = true;
}
//password
if(isset($_POST['pwd2'])){
if(!empty($_POST['pwd2'])){
if ($_POST['pwd1'] != $_POST['pwd2']){
echo'Passwords do not match';
$error = true;
}
else{
$pwd = mysql_real_escape_string(trim($_POST['pwd1']));
}
}
else{
echo'Please enter your password';
$error = true;
}
}
else{
echo'please enter your password';
$error = true;
}
if (!$error){
$query = "INSERT INTO Login (Email, Firstname, Lastname, Password) VALUES ('$email', '$fname', '$lname', SHA512('$pwd')";
$results = mysql_query($query);
if (results){
header('Location: login.php');
}
else{
echo'Oops!';
}
mysql_close($db_connected);
exit();
}
}
?>
</body>
</html>
答案 0 :(得分:2)
这是失败的原因是因为您从未连接到数据库以开始($db_connection)。另外,MySQL没有SHA512()函数会导致查询失败。
Little Bobby说 your script is at risk for SQL Injection Attacks. 。即使escaping the string也不安全! SQL注入! 这不仅仅是早餐了!
请在PHP 7中删除stop using mysql_* functions。 These extensions。了解prepared PDO语句和MySQLi并考虑使用PDO,it's really pretty easy。
永远不要存储纯文本密码!请使用PHP的built-in functions来处理密码安全性。如果您使用的PHP版本低于5.5,则可以使用password_hash() compatibility pack。在散列之前,请确保 don't escape passwords 或在其上使用任何其他清理机制。这样做更改密码并导致不必要的额外编码。