我在将数据插入数据库时遇到问题。我没有收到任何错误消息,但单击注册时没有任何消息。我真的很难过这个问题。任何援助都会很棒。我也确定我编写代码的方式会导致sql注入,所以我稍后会将其更改为PDO。
user_register.php
<!DOCTYPE html>
<html>
<head>
<title> Supplies</title>
<link rel="stylesheet" type="text/css" href="css/style.css">
<link rel="stylesheet" type="text/css" href="css/bootstrap.min.css">
<script type="text/javascript" src="js/jquery.js"></script>
<script type="text/javascript" src="js/bootstrap.min.js"></script>
<script type="text/javascript" src="main.js"></script>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
</head>
<body>
<div class="navbar navbar-inverse navbar-fixed-top">
<div class="container-fluid">
<div class="navbar-header">
<a href="#" class="navbar-brand">Supplies</a>
</div>
<ul class="nav navbar-nav">
<li><a href="http://localhost:8888/project1/">Home</a></li>
<li><a href="#">Product</a></li>
</ul>
</div>
</div>
<br>
<br>
<br>
<div class="container-fluid">
<div class="row">
<div class="col-md-2"></div>
<div class="col-md-18" id="signup_msg">
<!--alert from sign up form-->
</div>
<div class="col-md-2"></div>
</div>
<div class="row">
<div class="col-md-1"></div>
<div class="col-md-10">
<div class="panel panel-primary">
<div class="panel-heading">Customer Sign Up Form</div>
<div class="panel-body">
<form method="post">
<div class="row">
<div class="col-md-6">
<label for="f_name">First Name</label>
<input class="form-control" id="f_name" name="f_name" type="text" >
</div>
</div>
<div class="row">
<div class="col-md-6">
<label for="l_name">Last Name</label>
<input class="form-control" id="l_name" type="text" name="l_name">
</div>
</div>
<div class="row">
<div class="col-md-6">
<label for="email">Email</label>
<input class="form-control" id="email" type="text" name="email">
</div>
</div>
<div class="row">
<div class="col-md-6">
<label for="password">Password</label>
<input class="form-control" id="password" type="text" name="password">
</div>
</div>
<div class="row">
<div class="col-md-6">
<label for="repassword">Re-enter Password</label>
<input class="form-control" type="text" id="repassword" name="repassword">
</div>
</div>
<br>
<div class="row">
<div class="col-md-6">
<input type="buton" id="signup_button" name="signup_button" class="btn btn-primary btn-lg" value="Sign Up">
</div>
</div>
</form>
</div>
<div class="panel-footer">© 2017</div>
</div>
</div>
<div class="col-md-2></div>
</div>
</div>
</body>
</html>
main.js
$(document).ready(function(){
cat();
vendor();
product();
function cat(){
$.ajax({
url : "action.php",
method: "POST",
data : {category:1},
success : function(data){
$("#get_category").html(data);
}
})
}
function vendor(){
$.ajax({
url : "action.php",
method: "POST",
data : {vendor:1},
success : function(data){
$("#get_vendor").html(data);
}
})
}
function product(){
$.ajax({
url : "action.php",
method: "POST",
data : {getProduct:1},
success : function(data){
$("#get_product").html(data);
}
})
}
//this stops page from refreshing and allowing to select category
$("body").delegate(".category","click",function(event){
event.preventDefault();
var cid = $(this).attr('cid');
$.ajax({
url : "action.php",
method : "POST",
data : {get_seleted_Category:1,cat_id:cid},
success : function(data){
$("#get_product").html(data);
}
})
})
$("body").delegate(".selectVendor","click",function(event){
event.preventDefault();
var vid = $(this).attr('vid');
$.ajax({
url : "action.php",
method : "POST",
data : {selectVendor:1,vendor_id:vid},
success : function(data){
$("#get_product").html(data);
}
})
})
$("#search_btn").click(function(){
var keyword = $("#search").val();
if(keyword != ""){
$.ajax({
url : "action.php",
method : "POST",
data : {search:1,keyword:keyword},
success : function(data){
$("#get_product").html(data);
}
})
}
})
$("#signup_button").click(function(event){
event.preventDefault();
$.ajax({
url : "register.php",
method : "POST",
data : $("form").serialize(),
success : function(data){
$("#signup_msg").html(data);
}
})
})
})
register.php
<?php
include "db.php";
$f_name = $_POST["f_name"];
$l_name = $_POST["l_name"];
$email = $_POST['email'];
$password = $_POST['password'];
$repassword = $_POST['repassword'];
$name = "/^[A-Z][a-zA-Z ]+$/";
$emailValidation = "/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9]+(\.[a-z]{2,4})$/";
$number = "/^[0-9]+$/";
if(empty($f_name) || empty($l_name) || empty($email) || empty($password) || empty($repassword)){
echo "
<div class='alert alert-warning'>
<a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a><b>PLease Fill all fields..!</b>
</div>
";
exit();
} else {
if(!preg_match($name,$f_name)){
echo "
<div class='alert alert-warning'>
<a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a>
<b>this $f_name is not valid..!</b>
</div>
";
exit();
}
if(!preg_match($name,$l_name)){
echo "
<div class='alert alert-warning'>
<a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a>
<b>this $l_name is not valid..!</b>
</div>
";
exit();
}
if(!preg_match($emailValidation,$email)){
echo "
<div class='alert alert-warning'>
<a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a>
<b>this $email is not valid..!</b>
</div>
";
exit();
}
if(strlen($password) < 9 ){
echo "
<div class='alert alert-warning'>
<a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a>
<b>Password is weak</b>
</div>
";
exit();
}
if(strlen($repassword) < 9 ){
echo "
<div class='alert alert-warning'>
<a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a>
<b>Password is weak</b>
</div>
";
exit();
}
if($password != $repassword){
echo "
<div class='alert alert-warning'>
<a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a>
<b>password is not same</b>
</div>
";
exit();
}
//existing email address in our database
$sql = "SELECT user_id FROM user_info WHERE email = '$email' LIMIT 1" ;
$check_query = mysqli_query($con,$sql);
$count_email = mysqli_num_rows($check_query);
if($count_email > 0){
echo "
<div class='alert alert-danger'>
<a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a>
<b>Email Address is already available Try Another email address</b>
</div>
";
exit();
} else {
$password = md5($password);
$sql = "INSERT INTO 'user_info' ('first_name', 'last_name', 'email', 'password')
VALUES ('$f_name', '$l_name', '$email', '$password')";
$run_query = mysqli_query($con,$sql);
if($run_query){
echo "
<div class='alert alert-success'>
<a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a>
<b>You are Registered successfully..!</b>
</div>
";
}
}
}
?>
答案 0 :(得分:1)
修改强>
在</form>
(<input type="hidden" name="sqlid">
)
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title> Supplies</title>
<!--Stylesheets-->
<link rel="stylesheet" type="text/css" href="css/style.css">
<link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet">
<!--Scripts-->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body>
<div class="navbar navbar-inverse navbar-fixed-top">
<div class="container-fluid">
<div class="navbar-header">
<a href="#" class="navbar-brand">Supplies</a>
</div>
<ul class="nav navbar-nav">
<li><a href="http://localhost:8888/project1/">Home</a></li>
<li><a href="#">Product</a></li>
</ul>
</div>
</div>
<br><br><br>
<div class="container-fluid">
<div class="row">
<div class="col-md-2"></div>
<div class="col-md-18" id="signup_msg">
<!--alert from sign up form-->
</div>
<div class="col-md-2"></div>
</div>
<div class="row">
<div class="col-md-1"></div>
<div class="col-md-10">
<div class="panel panel-primary">
<div class="panel-heading">Customer Sign Up Form</div>
<div class="panel-body">
<form method="POST" id="myForm" name="myForm">
<div class="row">
<div class="col-md-6">
<label for="f_name">First Name</label>
<input type="text" class="form-control" id="f_name" name="f_name">
</div>
</div>
<div class="row">
<div class="col-md-6">
<label for="l_name">Last Name</label>
<input type="text" class="form-control" id="l_name" name="l_name">
</div>
</div>
<div class="row">
<div class="col-md-6">
<label for="email">Email</label>
<input type="email" class="form-control" id="email" name="email">
</div>
</div>
<div class="row">
<div class="col-md-6">
<label for="password">Password</label>
<input type="password" class="form-control" id="password" name="password">
</div>
</div>
<div class="row">
<div class="col-md-6">
<label for="repassword">Re-enter Password</label>
<input type="password" class="form-control" id="repassword" name="repassword">
</div>
</div>
<br>
<div class="row">
<div class="col-md-6">
<input type="submit" class="btn btn-primary btn-lg" value="Sign Up" onClick="return validateRegistration();">
</div>
</div>
<div id="registration_error" style="display:none;">Please check for any missing fields</div>
<input type="hidden" name="sqlid">
</form>
<script type="text/javascript">
function validateRegistration() {
var f_name_validate = document.forms["myForm"]["f_name"].value;
var l_name_validate = document.forms["myForm"]["l_name"].value;
var email_validate = document.forms["myForm"]["email"].value;
var password_validate = document.forms["myForm"]["password"].value;
if (f_name_validate == "", l_name_validate == "", email_validate == "", password_validate == "") {
$('#registration_error').fadeIn();
setTimeout(function() {
$('#registration_error').fadeOut('fast');
}, 5000);
return false;
} else if (f_name_validate == "") {
$('#registration_error').fadeIn();
setTimeout(function() {
$('#registration_error').fadeOut('fast');
}, 5000);
return false;
} else if (l_name_validate == "") {
$('#registration_error').fadeIn();
setTimeout(function() {
$('#registration_error').fadeOut('fast');
}, 5000);
return false;
} else if (email_validate == "") {
$('#registration_error').fadeIn();
setTimeout(function() {
$('#registration_error').fadeOut('fast');
}, 5000);
return false;
} else if (password_validate == "") {
$('#registration_error').fadeIn();
setTimeout(function() {
$('#registration_error').fadeOut('fast');
}, 5000);
return false;
// To make sure that the password values match
} else if ($('#password').val() !== $('#repassword').val()) {
$('#registration_error').fadeIn();
setTimeout(function() {
$('#registration_error').fadeOut('fast');
}, 5000);
return false;
} else {
// If everything matches then call ajax
$("#myForm").submit(function(e) {
$.ajax({
type: "POST",
url: "register.php",
data: $("#myForm").serialize(), // serializes the form's elements.
success: function(data) {
if (data == 'success') {
$('#signup_msg').html(data);
} else {
$('#signup_msg').html(data);
}
}
});
return false;
});
}
}
</script>
</div>
<div class="panel-footer">© 2017</div>
</div>
</div>
<div class="col-md-2"></div>
</div>
</div>
</body>
</html>
的 connection.php 强>
<?php
$hostname_sdatabase = "localhost";
$database_sdatabase = "db_name";
$username_sdatabase = "root";
$password_sdatabase = "";
$sdatabase = mysql_pconnect($hostname_sdatabase, $username_sdatabase, $password_sdatabase) or trigger_error(mysql_error(),E_USER_ERROR);
?>
将您的register.php代码简化为类似的东西,是的,我知道它不安全并且容易出现sql注入,但这只是测试,您可以根据自己的喜好对其进行修改
的 register.php 强>
<?php
$sqlid = $_POST['sqlid'];
$f_name = $_POST['first_name'];
$l_name = $_POST['last_name'];
$email = $_POST['email'];
$password = md5($_POST['password']);
$insertSQL = "INSERT INTO user_info (sqlid, first_name, last_name, email, password) VALUES ('$sqlid', '$f_name', '$l_name', '$email', '$password')";
mysql_select_db($database_sdatabase , $sdatabase);
$Result1 = mysql_query($insertSQL, $sdatabase) or die(mysql_error());
?>