我正在编写register.php,它创建了用户并将他添加到MySQL表“workers”。它有一个基本的验证,并使用会话来检查用户是否已经登录。但是,我遇到了我的INSERT查询问题,它不起作用。我发出了一条显示文本的错误消息:“出了问题,稍后再试......”并显示mysqli错误。但是它只显示消息而不起作用。如何显示mysql查询错误号以及我的查询有什么问题? register.php:
<?php
session_start();
include_once ('db.php');
$error = false;
$nameError = '';
$passwordError = '';
$usernameError = '';
$surnameError = '';
$emailError = '';
$MSG = '';
if (!isset($_SESSION['login_user'])) {
if (isset($_POST['Register'])) {
$name = $_POST['name'];
$surname = $_POST['surname'];
$email = $_POST['email'];
$password = $_POST['password'];
$username = $_POST['username'];
// Username validation
if (empty($username)) {
$error = true;
$usernameError = 'Please enter your username';
} else {
if (!preg_match('/^[a-zA-Z0-9]{5,}$/', $username)) {
$error = true;
$usernameError = 'Invalid Username';
}
}
//Name validation
if (empty($name)) {
$error = true;
$nameError = "Please enter your full name.";
} else if (strlen($name) < 3) {
$error = true;
$nameError = "Name must have at least 3 characters.";
} else if (!preg_match("/^[a-zA-Z ]+$/", $name)) {
$error = true;
$nameError = "Name must contain alphabets and space.";
}
//surname validation
if (empty($surname)) {
$error = true;
$surnameError = "Please enter your surname";
} else if (strlen($surname) < 3) {
$error = true;
$surnameError = "Surname must have at least 3 characters";
} else if (!preg_match("/^[a-zA-Z ]+$/", $surname)) {
$error = true;
$surnameError = "Surname must contain alphabets";
}
//basic email validation
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error = true;
$emailError = "Please enter valid email";
} else {
// check email exist or not
$query = "SELECT email FROM workers WHERE email='$email'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
if ($count != 0) {
$error = true;
$emailError = "Provided Email is already in use.";
}
}
// password validation
if (empty($password)) {
$error = true;
$passwordError = "Please enter password.";
} else if (strlen($password) < 6) {
$error = true;
$passwordError = "Password has to be at least 6 charachters long";
}
$name = mysqli_real_escape_string($conn, $name);
$surname = mysqli_real_escape_string($conn, $name);
$email = mysqli_real_escape_string($conn, $name);
$password = mysqli_real_escape_string($conn, md5($password));
$user = mysqli_real_escape_string($conn, $username);
if (!$error) {
$query = "INSERT INTO 'workers' (id,user_name,password,email,surname,name) VALUES(NULL ,$user,$password,$email,$surname,$name)";
$result = mysqli_query($conn, $query);
if ($result) {
$MSG = "Successfully registered, you may login now";
unset($name, $password, $username, $surname, $name);
} else {
$MSG = "Something went wrong, try again later...";
echo mysqli_error($conn);
}
}
}
}else{
echo "<script type='text/javascript'> document.location = 'welcome.php'; </script>";
exit();
}
?>
答案 0 :(得分:0)
您的查询中有一个错误 如果要在查询中使用“定义”表,则无法使用'。
这是真的
INSERT INTO `workers` (id,user_name,password,email,surname,name) VALUES(NULL ,$user,$password,$email,$surname,$name)";
答案 1 :(得分:0)
正如Barmar已经建议的那样,你应该change this query to use prepared statements。
我会更进一步,建议你使用mysqli一起使用PDO和废料。
话虽如此,正如pedram所指出的那样,你的表名规范存在问题,但我发现有时候人们会粘贴代码。
mysql中的所有tablename说明符都需要使用backtics。所以:
INSERT INTO 'workers'
不能上班。
INSERT INTO `workers`
可能。
在我看来,除非你的表名是保留字,否则没有充分的理由使用backtics。除非我绝对必须,否则我从不使用它们。
但这只是查询问题的一部分,因为您需要围绕任何CHAR / VARCHAR / STRING数据的引号。
所以你需要:
$query = "INSERT INTO `workers` (id,user_name,password,email,surname,name) VALUES (NULL, '$user','$password','$email','$surname','$name')";
最后但并非最不重要的是,你有这个代码:
if ($result) {
$MSG = "Successfully registered, you may login now";
unset($name, $password, $username, $surname, $name);
} else {
$MSG = "Something went wrong, try again later...";
echo mysqli_error($conn);
}
目前还不清楚你实际看到了什么,但这段代码应该回应mysqli_error()。你设置一个$ MSG变量,但你永远不会回应它。在生产代码中,您不应该向最终用户回应mysqli_error(),因为这会泄漏您的数据库内部。只是为了调试它没问题,但很容易忘记。