“注册”页面未注册详细信息,详细信息未保存在名为members的表中,并且在提交后的注册页面中没有显示错误
<?php
include_once 'header.php';
if(isset($_POST["submit"])) {
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "root";
$mysql_database = "database";
$prefix = "";
$fname = $_POST['fname'];
$pass = $_POST['pass'];
$user = $_POST['user'];
$lname = $_POST['lname'];
$college = $_POST['college'];
$gender = $_POST['gender'];
$number = $_POST['number'];
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
mysql_select_db($mysql_database,$bd) or die("Could not select database");
$query=mysql_query("SELECT * FROM members WHERE user='".$user."'");
$numrows=mysql_num_rows($query);
echo"<br><br><br><br><br><br><br>";
if($numrows==0) {
$sql="INSERT INTO members(user, pass, fname, lname, number, gender, college) VALUES('$user', '$pass', '$fname', '$lname', '$number', '$gender', '$college')";
$result=mysql_query($sql);
if($result) {
echo "Success";
} else {
echo "Failure!";
};
} else {
echo"<center>This email is already registered , Please login to Continue</center>";
}
}
?>
答案 0 :(得分:0)
注册页面未注册详细信息,详细信息则未注册 被保存在名为member的表中,并且它没有显示错误 注册页面提交后
表名称为&#34;成员&#34;对 ? 。你的SQL查询说&#34;成员&#34;
$sql="INSERT INTO members(user,pass,fname,lname,number,gender,college) VALUES('$user','$pass','$fname','$lname','$number','$gender','$college')";
因此它不起作用。但是,是的,你需要知道的重要事情,就像ec45说的那样......
1.mysql _...()已弃用。使用PDO,如果你真的喜欢mysql函数,请使用mysqli ...()
2.永远不要直接使用从SQL查询中的表单获取的值,因为它使您容易受到SQL注入的攻击。使用准备好的陈述。
3.请编写干净的PHP代码。像这样的东西是人们滥用PHP的原因。最好的问候。
好的,我试图快速编写脚本的PDO版本。这里是。测试它并且它应该工作,还要检查数据库中的正确列名是否在SQL查询中表示。最好的问候
<?php
//let's ensure we can see all the errors
error_reporting( E_ALL );
ini_set("display_errors",1);
include_once "header.php";
if(isset($_POST["submit"])){
$dsn="mysql:host=localhost;dbname=database";
$user="root";
$password="root";
//this is PDO . Easier, and better.
try{
$db=newPDO($dsn,$user,$password);
$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
}catch(PDOException $e){
echo " Couldn't connect to the database because of ".$e;
}
//get the values from the form
$fname = $_POST['fname'];
$pass = $_POST['pass'];
$user = $_POST['user'];
$lname = $_POST['lname'];
$college = $_POST['college'];
$gender = $_POST['gender'];
$number = $_POST['number'];
//function to insert user into the database
function createUser($fname,$pass,$user,$lname,$college,$gender,$number){
//first check to ensure its a new user. If its a new user, we carry normal activities else, echo error message
if(checkUser($email)===false){
$sql=" INSERT INTO members(user,pass,fname,lname,number,gender,college) VALUES (?,?,?,?,?,?,?)";
$data=array($user,$pass,$fname,$lname,$number,$gender,$college);
$db->prepare($sql);
$inserted=$db->execute($data);
//if it returns true and its inserted, then show a success message
$output=(($inserted)?"<section style='color:green; font-weight:bold;'> <h4> You were registered succesfully</h4> </section>":" ");
echo $output;
}else{
echo "<section style='color:red; font-weight:bold;'> <h4> Someone's already registered with that name </h4> </section>"
}
}
//helps to check if a user has already been registered
function checkUser($email){
//watch the next few lines. Showcases the prepared statements
$sql="SELECT * FROM members WHERE user = ?";
$data=array($email);
$db->prepare($sql);
$prepared=$db->execute($data);
$result=(($prepared->rowCount() > 0) ? true :false );
return $result;
}
}
?>
答案 1 :(得分:0)
唯一的答案我建议你不要使用MYSQL而只使用MYSQLI / PDO,因为不推荐使用MYSQL。
在您当前的代码中,如果您有错误报告,那么您肯定不会收到错误消息,但会出现MYSQL弃用警告消息。