我有一个数据库,其中包含一个名为Users
的表和6列
(userID (primary), prenume, nume, nicknamee, parola, tara
)
我想开发一个用户注册系统。目前,我只希望用户输入用户名/昵称和密码。问题是,当我按提交时,凭据不会插入数据库。有人可以帮帮我吗?
这是我的代码:
<html>
<?php
$servername = hhhhh;
$username = hiuhiuhiuh;
$password = theseAreSecret;
$dbname = shhhh;
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully\n";
?>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Campfire</title>
<link rel="stylesheet" href="">
</head>
<body>
<form method="post">
Username:
<input type="text" name="nicknamee" value="Username"><br>
Password:
<input type="password" name="password" value="Password"><br>
<input type="submit" name="Submit1" value="submit">
<?php
if ( isset( $_POST['Submit1'] ) ) {
$sql = "INSERT INTO Users (userID, prenume, nume, nicknamee, parola, tara)
VALUES (5, 'John', 'Snow', '$_POST[nicknamee]', '$_POST[password]', 'Romania')";}
?>
</form>
</body>
<?php
// Print everything out
$result = $conn->query("SHOW TABLES");
while ( $row = $result->fetch_row() ){
$table = $row[0];
echo '<h3>',$table,'</h3>';
$result1 = $conn->query("SELECT * FROM $table");
if($result1) {
echo '<table cellpadding="0" cellspacing="0" class="db-table">';
$column = $conn->query("SHOW COLUMNS FROM $table");
echo '<tr>';
while($row3 = $column->fetch_row() ) {
echo '<th>'.$row3[0].'</th>';
}
echo '</tr>';
while($row2 = $result1->fetch_row() ) {
echo '<tr>';
foreach($row2 as $key=>$value) {
echo '<td>',$value,'</td>';
}
echo '</tr>';
}
echo '</table><br />';
}
}
echo '<br>';echo '<br>';echo '<br>';echo '<br>';
$conn->close();
?>
</html>
答案 0 :(得分:0)
如果没有连接问题,您应该执行将数据插入数据库的查询。
您只需拥有查询字符串$sql
但永远不会执行。
此行之后;
$sql = "INSERT INTO Users (userID, prenume, nume, nicknamee, parola, tara) VALUES (5, 'John', 'Snow', '$_POST[nicknamee]', '$_POST[password]', 'Romania')";
试;
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
答案 1 :(得分:0)
未将行添加到数据库的原因是查询未执行。它只是为您的查询设置$sql
。现在您需要做的就是使用$conn->query($sql)
执行查询。
顺便说一下,变量$servername
,$username
,$password
和$dbname
的值应该是双引号(“)或单引号(')。
以及其他一些问题......
\n
。 HTML虽然使用<br>
。<link rel="stylesheet" href="">
中有一个空的<head>
。以下是更正后的代码:
<html>
<?php
$servername = 'hhhhh';
$username = 'hiuhiuhiuh';
$password = 'theseAreSecret';
$dbname = 'shhhh';
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully<br>";
?>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Campfire</title>
</head>
<body>
<form method="post">
Username:
<input type="text" name="nicknamee" value="Username"><br>
Password:
<input type="password" name="password" value="Password"><br>
<input type="submit" name="Submit1" value="submit">
<?php
if (isset($_POST['Submit1'])) {
$sql = "INSERT INTO Users (userID, prenume, nume, nicknamee, parola, tara)
VALUES (5, 'John', 'Snow', '$_POST[nicknamee]', '$_POST[password]', 'Romania')";
$conn->query($sql); // this line was missing
}
?>
</form>
</body>
<?php
// Print everything out
$result = $conn->query("SHOW TABLES");
while ($row = $result->fetch_row()) {
$table = $row[0];
echo '<h3>', $table, '</h3>';
$result1 = $conn->query("SELECT * FROM $table");
if ($result1) {
echo '<table cellpadding="0" cellspacing="0" class="db-table">';
$column = $conn->query("SHOW COLUMNS FROM $table");
echo '<tr>';
while ($row3 = $column->fetch_row()) {
echo '<th>' . $row3[0] . '</th>';
}
echo '</tr>';
while ($row2 = $result1->fetch_row()) {
echo '<tr>';
foreach ($row2 as $key => $value) {
echo '<td>', $value, '</td>';
}
echo '</tr>';
}
echo '</table><br />';
}
}
echo '<br><br><br><br>';
$conn->close();
?>
</html>
但此安装程序存在一些安全问题。
<iframe>
,以提交发布请求以生成垃圾邮件用户。<script>alert(1)</script>
之类的内容插入到数据库中,然后将其打印到页面并触发警报。我建议使用htmlspecialchars($html)
编码回复。