Question

我有一个简单的创建用户页面，如下所示：

<div id="Add_user_admin" class="tab-content ">
		<h2>ADD</h2>
			<div class="container">
			<div class="row">
				<div class="col-3"></div>
				<div class="col-6">
					<form action="includes/signup.php" method="POST">
						<input type="text" name="username" placeholder="Username">
						<br>
						<input type="password" name="pwd" placeholder="Password">
						<br>
						<input type="text" name="email" placeholder="E-mail">
						<br>
						<input type="text" name="status" placeholder="Status">
						<br>
						<button type="submit" name="submit_reg"class="btn btn-primary">Submit</button>
					</form>
				</div>
				<div class="col-3"></div>
			</div>
		</div>
		</div>

在提交时调用的signup.php如下：

<?php

//check if submit clicked
if (isset($_POST['submit_reg'])){
	include_once 'dbh.inc.php';
	
	//gather data
	$user = mysqli_real_escape_string($conn, $_POST['username']);
	$password = mysqli_real_escape_string($conn, $_POST['pwd']);
	$email = mysqli_real_escape_string($conn, $_POST['email']);
	$status = mysqli_real_escape_string($conn, $_POST['status']);
	

	//check if empty
	if (empty($user) || empty($password) || empty($email) || empty($status) ){
		header("Location:../admin-cms.html?signup-empty-field");
		exit();
	}else{
		//valid e-mail
		if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
			header ("Location:../admin-cms.html?signup-inc-email");
			exit();
		}else{
			//user taken
			$sql = "SELECT * FROM users WHERE username='$user' ";
			$result = mysqli_query($conn, $sql);
			$result_check=mysqli_num_rows($result);
			if($result_check>0){
				header ("Location:../admin-cms.html?signup-user-taken");
				exit();
			}else{
				//hash pass
				$hash_pass= password_hash($password, PASSWORD_DEFAULT);
				
				//insert stmt
				$sql = "INSERT INTO users (username, password , status , e-mail) VALUES (?,?,?,?);";
				$stmt = mysqli_stmt_init ($conn);
				
				//check conn
				if(!mysqli_stmt_prepare($stmt,$sql)){
					echo "SQL ERROR CONNECT";
				
				//execute				
				}else{
					mysqli_stmt_bind_param($stmt ,"ssss" , $user , $hash_pass , $status ,$email);
					mysqli_stmt_execute($stmt);
					header("Location: ../admin-cms.html?signup=succes");
					exit();
				}
				//just to check if it ran the code...it didnt
				header("Location: ../admin-cms.html?signup=succes_not");
				exit();
			}
		}
		
	}
} else {
	header ("Location:../admin-cms.html?signup-no-submit");
	exit();
}

这是dbh.inc.php

<?php

$dbServername= "localhost";
$dbUsername= "root";
$dbPassword="";
$dbName="testcms";


$conn= mysqli_connect($dbServername,$dbUsername,$dbPassword,$dbName);

会发生什么：它将代码一直运行到标题（“位置：../ admin-cms.html?signup=succes_not”）; 出口（）; 它应该来到执行插入的部分，然后返回到admin-cms.html并返回：？signup = succes

我认为问题在于以下内容：
mysqli_stmt_bind_param（$ stmt，“ssss”，$ user，$ hash_pass，$ status，$ email）; mysqli_stmt_execute（$语句）;

然而，仍然有点新，所以我不知道为什么。我花了2个小时查找可能存在的问题，但无法找到任何问题。

我添加了数据库的屏幕截图供参考：

Answer 1

我犯了一个＆＃34; - ＆＃34;在DB行的名称中，不允许使用SQL。

页面不运行mysqli_stmt_execute

1 个答案: