无法将.php文件中的数据插入mysql。不知道是什么问题。我有两个主要的.php文件。第一个是主页:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="jmtoday" class=" no_js">
<html>
<head>
<link href='icon.jpg' rel='icon' type='image/jpg'/>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-language" content="en" />
<LINK REL=StyleSheet HREF="Mainstyles.css" TYPE="text/css"></link>
<Title>Welcome to JM Today</title>
</head>
<body>
<div class="container">
<div class="header"><a class="logo" HREF="Homepage.html"><img src="Logo.png" alt="[JM Today]" ></a></div>
<div class="navbar">
<ul class="navbar"><li class="navbar"><a class="navbar" HREF="Homepage.html">Homepage</a> </li>
<li class="navbar"><a class="navbar" HREF="Classes.html">Classes</a></li>
<li class="navbar"><a class="navbar" HREF="Calendar.html">Calendar</a></li>
<li class="navbar"><a href="Tutoring.html" class="navbar">Tutoring</a></li>
<li class="navbar"><a href="News.html" class="navbar" >News</a></li>
<li class="navbar"><a href="Aboutus.html" class="navbar">About Us</a></li></div>
<div class="left"></div>
<div class="content"><h2 class="homepage">For Students. By Students.</h2><p>Welcome to JM Today, where you could find anything about your school, your classmates, and everything else. Online.<br/><br/><br/><br/><br/><br/></p></div>
<div class="signup"><h2 class="homepage">Sign Up Now</h2><h3 class="homepage">It's free, as you expected.</h3>
<form name="registration_form" method="post" action="register.php" onsubmit="return Validate();"><input type=hidden name=todo value=post>
<table>
<tr><td class="label">First Name:</td><td><input type="text" name="fname"></td></tr>
<tr><td class="label">Last Name:</td><td><input type="text" name="lname"></td></tr>
<tr><td class="label">E-Mail Address:</td><td><input type="text" name="email"></td> </tr>
<tr><td class="label">Username:</td><td><input type="text" name="username"></td></tr>
<tr><td class="label">Password:</td><td><input type="password" name="password"></td></tr>
<tr><td class="label">Password Confirmation:</td><td><input type="password" name="password_confirmation"></td></tr>
<tr><td class="label"><input type="submit" value="Register"></td></tr>
</form>
</table>
<script language = "Javascript">
function Validate()
{
if (document.registration_form.fname.value == '')
{
alert('Please fill in your first name!');
return false;
}
if (document.registration_form.lname.value == '')
{
alert('Please fill in your last name!');
return false;
}
if (document.registration_form.email.value == '')
{
alert('Please fill in your email address!');
return false;
}
if (document.registration_form.username.value == '')
{
alert('Please fill in your desired username!');
return false;
}
if (document.registration_form.password.value == '')
{
alert('Please fill in your desired password!');
return false;
}
if (document.registration_form.password_confirmation.value == '')
{
alert('Please fill in your password again for confirmation!');
return false;
}
if (document.registration_form.password.value !=
document.registration_form.password_confirmation.value)
{
alert("The two passwords are not identical! "+
"Please enter the same password again for confirmation");
return false;
}
return true;
}
</script>
</div>
</div>
<div class="footer"><p class="copyright">JMToday © 2010</p><p class="right">A Samir Ghobril Production</p></div>
</body>
第二个是register.php
!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="jmtoday" class=" no_js">
<html>
<head>
<link href='icon.jpg' rel='icon' type='image/jpg'/>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-language" content="en" />
<LINK REL=StyleSheet HREF="Mainstyles.css" TYPE="text/css"></link>
<Title>Sign up to JM Today</title>
</head>
<body>
<?php
$dbservertype='mysql';
$servername='localhost';
$dbusername='root';
$dbpassword='****';
$dbname='jmtdy';
connecttodb($servername,$dbname,$dbusername,$dbpassword);
function connecttodb($servername,$dbname,$dbuser,$dbpassword)
{
global $link;
$link=mysql_connect ("$servername","$dbuser","$dbpassword");
if(!$link){die("Could not connect to MySQL");}
mysql_select_db("$dbname",$link) or die ("could not open db".mysql_error());
}
?>
<?php
$username=$_POST['username'];
$password=$_POST['password'];
$password2=$_POST['password_confirmation'];
$todo=$_POST['todo'];
$email=$_POST['email'];
$fname=$_POST['fname'];
$lname=$_POST['lname'];
if(isset($todo) and $todo=="post"){
$status = "OK";
$msg="";
if(!isset($username) OR strlen($userid) <3){
$msg=$msg."Username should be equal to or more than 3 characters long<BR/>";
$status= "NOTOK";}
if(mysql_num_rows(mysql_query("SELECT username FROM users WHERE username = '$username'"))){
$msg=$msg."Username already exists. Please try another one<BR/>";
$status= "NOTOK";}
if ( strlen($password) < 3 ){
$msg=$msg."Password must be more than 3 charactors long<BR/>";
$status= "NOTOK";}
if ( $password <> $password2 ){
$msg=$msg."Passwords are not identical.<BR/>";
$status= "NOTOK";}
if($status<>"OK"){
echo "$msg<br/><input type='button' value='Retry' onClick='history.go(-1)'>";
}else{
if(mysql_query("insert into users(username,password,email,fname,lname) values('$username','$password','$email','$fname','$lname')")){
echo "Welcome, You have successfully signed up";}
else{ echo "Database Problem, please contact Site admin";
}
}
}
?>
</body>
</html>
如果你能帮助我,我会非常感激。 [编辑]好吧,我修复了代码并得到了此错误消息。用户'www-data'@'localhost'拒绝访问(使用密码:NO)。这有帮助吗?
答案 0 :(得分:2)
如果您要发布回复,可能会有所帮助。
在我的测试中,我得到了这个
Username should be equal to or more than 3 characters long
虽然我使用了6个字符。看一下代码很明显:
$username=$_POST['username'];
[...]
if(!isset($username) OR strlen($userid) <3){
$msg=$msg."Username should be equal to or more than 3 characters long<BR/>";
$status= "NOTOK";
}
您只是使用了错误的变量$ userid而不是$ username。纠正它,脚本应该正常工作。
但是在你这样做之前,你的代码还有一些问题:
永远不要将root用作脚本的数据库用户。如果SQL处理中存在漏洞,请创建一个权限较少的权限以最小化效果。
清理代码! Indention是有原因的,可以帮助您阅读您的(和其他)代码。至少在发布它并寻求帮助之前这样做。运气好的话,你会自己发现错误。
检查您的HTML。那里有很多无效的东西......
答案 1 :(得分:0)
我猜测其中一个查询正在死亡,因为您没有正确转义您插入查询的任何数据。考虑当有人填写这样的用户名时会发生什么:
$username = "Miles O'Brien"
$query = "SELECT username FROM users WHERE username = '$username'";
$ query变为:
SELECT username FROM users WHERE username = 'Miles O'Brien'
^^^^^^-- "bad data"
'brien'部分在您与用户名字段进行比较的字符串值之外结束,并导致解析错误。换句话说,每一个查询都是等待发生的SQL注入攻击。
至少,你需要做一些事情:
$username = mysql_real_escape_string($_POST['username']);
使数据“安全”填入查询字符串。
答案 2 :(得分:0)
提示在行
拒绝用户访问 'WWW的数据' @ 'localhost' 的
看起来您对mysql数据库的访问是以www用户身份进行的,而不是用户samaniac
你可以在你的页面上尝试以下
$link = mysql_connect('localhost', 'samaniac', 'your password here');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($link);
并告诉我你得到了什么......
答案 3 :(得分:-1)
好的,我已经编辑了registration.php代码。看看它。我收到一个错误:访问被拒绝用户'www-data'@'localhost'(使用密码:NO)。我想这意味着它没有识别我的sql用户名/密码或类似的东西。无论如何,这是我的php文件:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="jmtoday" class=" no_js">
<head>
<link href='icon.jpg' rel='icon' type='image/jpg'/>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-language" content="en" />
<LINK REL=StyleSheet HREF="Mainstyles.css" TYPE="text/css"></link>
<Title>Sign up to JM Today</title>
</head>
<body>
<?php
$dbservertype='mysql';
$servername='localhost';
$dbusername='samaniac';
$dbpassword='*****';
$dbname='jmtdy';
function connecttodb($servername,$dbname,$dbuser,$dbpassword)
{
global $link;
$link=mysql_connect("$servername","$dbuser","$dbpassword");
if(!$link){
die("Could not connect to MySQL");
}
connecttodb($servername,$dbname,$dbusername,$dbpassword);
mysql_select_db("$dbusername",$link) or die ("could not open db".mysql_error());
}
?>
<?php
$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
$password2=mysql_real_escape_string($_POST['password_confirmation']);
$todo=mysql_real_escape_string($_POST['todo']);
$email=mysql_real_escape_string($_POST['email']);
$fname=mysql_real_escape_string($_POST['fname']);
$lname=mysql_real_escape_string($_POST['lname']);
if(isset($todo) and $todo=="post"){
$status = "OK";
$msg="";
}
if(!isset($username) OR strlen($username) <3){
$msg=$msg."Username should be equal to or more than 3 characters long<BR/>";
$status= "NOTOK";
}
if(mysql_num_rows(mysql_query("SELECT username FROM users WHERE username = '$username'")or die (mysql_error ()))){
$msg=$msg."Username already exists. Please try another one<BR/>";
$status= "NOTOK";}
if ( strlen($password) < 3 ){
$msg=$msg."Password must be more than 3 charactors long<BR/>";
$status= "NOTOK";
}
if ( $password <> $password2 ){
$msg=$msg."Passwords are not identical.<BR/>";
$status= "NOTOK";
}
if($status<>"OK"){
echo "$msg<br/><input type='button' value='Retry' onClick='history.go(-1)'>";
}
else {
if(mysql_query("insert into users(username,password,email,fname,lname) values('$username','$password','$email','$fname','$lname')")or die (mysql_error ())){
echo "Welcome, You have successfully signed up";
}
else {
echo "Database Problem, please contact Site admin";
}
}
?>
</body>
</html>