我正在创建一个婚礼策划Web应用程序。我的数据库已连接,但没有插入数据,也没有在尝试注册用户时收到任何错误消息。
我将直接进入链接的登录页面。我试图将来自php和MySQL的日期格式(用户输入为dd/mm/yyyy和存储为yyyy / mm / dd)进行匹配,但不确定它是否正常/如果是问题。
我一直试图找出解决方案几个小时,我正面临解决它的压力,所以我可以完成我的论文。
<?php
//Starts the session
session_start();
require_once 'DBConnect.php';
$firstname = "";
$lastname = "";
$email_address = "";
$phone_num = "";
$acc_password = "";
$weddingdate = "";
// REGISTER USER
if (isset($_POST['btn-Register']))
{
// receive all input values from the form
$firstname = mysqli_real_escape_string($DBcon, $_POST['firstname']);
$lastname = mysqli_real_escape_string($DBcon, $_POST['lastname']);
$email_address = mysqli_real_escape_string($DBcon,
$_POST['email_address']);
$phone_num = mysqli_real_escape_string($DBcon, $_POST['phone_num']);
$acc_password = mysqli_real_escape_string($DBcon,
$_POST['acc_password']);
$weddingdate = mysqli_real_escape_string($DBcon,
$_POST['weddingdate']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
// phone_num and weddingdate can be NULL
if (empty($firstname)) { array_push($errors, "First Name is
required"); }
if (empty($lastname)) { array_push($errors, "Last Name is
required"); }
if (empty($email_address)) { array_push($errors, "Email is
required"); }
if (empty($acc_password)) { array_push($errors, "Password is
required"); }
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM customer WHERE email_address =
'$email_address' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
//if user exists
if ($user['email_address'] === $email_address)
{
array_push($errors, "User already exists");
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0)
{
//encrypt the password before saving in the database
$acc_password = md5($acc_password);
$query = "INSERT INTO customer (firstname, lastname,
email_address, phone_num, acc_password, weddingdate)
VALUES('$firstname', '$lastname' '$email_address',
'$phone_num', '$acc_password', '$weddingdate')";
mysqli_query($DBcon, $query);
$_SESSION['email_address'] = $email_address;
$_SESSION['success'] = "You are now Registered";
header('location: Login.php');
}
//This should format the date with phpMyAdmin
$weddingdate = date('Y-m-d H:i', strtotime($_POST["weddingdate"]));
// LOGIN USER
if (isset($_POST['btn-Login']))
{
$email_address = mysqli_real_escape_string($DBcon,
$_POST['email_address']);
$acc_password = mysqli_real_escape_string($DBcon,
$_POST['acc_password']);
if (empty($email_address))
{
array_push($errors, "Email Address is required");
}
if (empty($acc_password))
{
array_push($errors, "Password is required");
}
if (count($errors) == 0)
{
$acc_password = md5($acc_password);
$query = "SELECT * FROM customer WHERE
email_address='$email_address' AND
acc_password='$acc_password'";
$results = mysqli_query($DBcon, $query);
if (mysqli_num_rows($results) == 1)
{
$_SESSION['email_address'] = $email_address;
$_SESSION['success'] = "You are now logged in";
header('location: Main.php');
}else
{
array_push($errors, "Wrong username/password
combination");
}
}
}
}
&GT;
答案 0 :(得分:0)
insert查询行中存在语法错误。
$query = "INSERT INTO customer (firstname, lastname, email_address, phone_num, acc_password, weddingdate)
VALUES('$firstname', '$lastname', '$email_address', '$phone_num', '$acc_password', '$weddingdate')";
,
'$lastname'
答案 1 :(得分:0)
问题可能是变量不被视为其值。您需要在添加变量之前转义序列。所以,而不是
class AbstractTableViewCell: UITableViewCell {
func configure(with model: Any) { abstract }
}
final class ContactTableViewCell: AbstractTableViewCell {
override func configure(with model: Any) {
/* Real implementation here */
}
}
你需要这样做
$query = "INSERT INTO customer (firstname, lastname,
email_address, phone_num, acc_password, weddingdate)
VALUES('$firstname', '$lastname', '$email_address',
'$phone_num', '$acc_password', '$weddingdate')";
这应该可以解决您的问题,但正如其他一些评论者提到的那样,这可能会让您对SQL注入开放。您应该使用准备好的语句来保护自己免受这些漏洞的侵害。