嘿,谢谢,我正在尝试从表单中获取数据并将其输入数据库。我正在按照如何做到这一点的指南,但指南没有解释任何不起作用的事情........
我刚刚开始使用PHP,所以我的技能非常有限,但是我确实理解了我编写的所有代码,它只是不起作用! php脚本不会移动到下面的if语句,我无法找出原因:
// Check for existing user with the new id
$sql = "SELECT COUNT(*) FROM sessions.users WHERE userid = '$_POST[newid]'";
$result = mysqli_query($cxn, $sql);
if (!$result) {
error('A database error occurred in processing your '.
'submission.\nIf this error persists, please '.
'contact you@example.com. This is from error 1');
整个代码:
signup.php
<?php //signup.php
include 'common.php';
include 'db.php';
if(!isset($_POST['submitok'])):
// display user signup form
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>New User Registration</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<h3>New User Registration Form</h3>
<p><font color="orangered" size="+1"><tt><b>*</b></tt></font> indicates a required field</p>
<form method="post" action="<?=$_SERVER['PHP_SELF']?>">
<table border="0" cellpadding="0" cellspacing="5">
<tr>
<td align="right">
<p>User ID</p>
</td>
<td>
<input name="newid" type="text" maxlength="100" size="25" />
<font color="orangered" size="+1"><tt><b>*</b></tt></font>
</td>
</tr>
<tr>
<td align="right">
<p>Full Name</p>
</td>
<td>
<input name="newname" type="text" maxlength="100" size="25" />
<font color="orangered" size="+1"><tt><b>*</b></tt></font>
</td>
</tr>
<tr>
<td align="right">
<p>E-Mail Address</p>
</td>
<td>
<input name="newemail" type="text" maxlength="100" size="25" />
<font color="orangered" size="+1"><tt><b>*</b></tt></font>
</td>
</tr>
<tr valign="top">
<td align="right">
<p>Other Notes</p>
</td>
<td>
<textarea wrap="soft" name="newnotes" rows="5" cols="30"></textarea>
</td>
</tr>
<tr>
<td align="right" colspan="2">
<hr noshade="noshade" />
<input type="reset" value="Reset Form" />
<input type="submit" name="submitok" value=" OK " />
</td>
</tr>
</table>
</form>
</body>
</html>
<?php
else:
//process sign up submission
dbConnect('sessions');
if ($_POST['newid']=='' or $_POST['newname']==''
or $_POST['newemail']=='') {
error('One or more required fields were left blank.\\n'.
'Please fill them in and try again.');
}
// Check for existing user with the new id
$sql = "SELECT COUNT(*) FROM sessions.users WHERE userid = '$_POST[newid]'";
$result = mysqli_query($cxn, $sql);
if (!$result) {
error('A database error occurred in processing your '.
'submission.\nIf this error persists, please '.
'contact you@example.com. This is from error 1');
}
if (@mysqli_result($result,0,0)>0) {
error('A user already exists with your chosen userid.\n'.
'Please try another.');
}
$newpass = substr(md5(time()),0,6);
$sql = "INSERT INTO sessions.users SET
userid = '$_POST[newid]',
password = PASSWORD('$newpass'),
fullname = '$_POST[newname]',
email = '$_POST[newemail]',
notes = '$_POST[newnotes]'";
if (!mysqli_query($sql))
error('A database error occurred in processing your '.
'submission.\nIf this error persists, please '.
'contact you@example.com. This is from error 2');
// Email the new password to the person.
$message = "G'Day!
Your personal account for the Project Web Site
has been created! To log in, proceed to the
following address:
http://www.example.com/
Your personal login ID and password are as
follows:
userid: $_POST[newid]
password: $newpass
You aren't stuck with this password! Your can
change it at any time after you have logged in.
If you have any problems, feel free to contact me at
<you@example.com>.
-Your Name
Your Site Webmaster
";
mail($_POST['newemail'],"Your Password for the Project Website",
$message, "From:Your Name <you@example.com>");
?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> Registration Complete </title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
</head>
<body>
<p><strong>User registration successful!</strong></p>
<p>Your userid and password have been emailed to
<strong><?=$_POST['newemail']?></strong>, the email address
you just provided in your registration form. To log in,
click <a href="index.php">here</a> to return to the login
page, and enter your new personal userid and password.</p>
</body>
</html>
<?php
endif;
?>
db.php中
<?php // db.php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
function dbConnect($db='') {
global $dbhost, $dbuser, $dbpass;
$cxn = mysqli_connect($dbhost,$dbuser,$dbpass);
mysqli_select_db($cxn,$db)
or die ("Couldn’t select database.");
return $cxn;
}
?>
的common.php
<?php // common.php
function error($msg) {
?>
<html>
<head>
<script language="JavaScript">
<!--
alert("<?=$msg?>");
history.back();
//-->
</script>
</head>
<body>
</body>
</html>
<?php
exit;
}
?>
为什么这个if语句总是产生错误的任何帮助都会很大 - 谢谢。
答案 0 :(得分:0)
您未在可用范围内分配数据库连接。你 从dbConnect()函数返回它,你只是没有对返回的值做任何事情。
dbConnect('sessions');应为$cxn = dbConnect('sessions');
如果您使用mysqli_error()让MySQL告诉您它不喜欢的内容,系统会向您发出问题的原因。
最后,您应该在查询中使用绑定参数,而不是直接注入用户提供的数据。搜索&#34; mysqli绑定参数&#34;学习如何做到这一点。你现在所拥有的是可以攻击的。
对于INSERT语句,请使用绑定参数:
$sql = "INSERT INTO sessions.users (userid, password, fullname, email, notes) VALUES (?, ?, ?, ?, ?)";
$stmt = mysqli_prepare($sql);
mysqli_stmt_bind_param($stmt, 'issss', $newID, PASSWORD($newpass), $fullName, $email, $notes);
if(!mysqli_stmt_execute($stmt))
{
// use this for debugging, but do NOT leave it in production code
die(mysqli_error($cxn));
}
mysqli_stmt_close($stmt);
以上未经测试,因此您可能需要进行小幅调整。它应该让你很好地了解至少要做什么。
另外,请确保PASSWORD()确实是您想要使用的。我感觉不是,但我不想承担。