我有一个简单的创建用户页面,如下所示:
<div id="Add_user_admin" class="tab-content ">
<h2>ADD</h2>
<div class="container">
<div class="row">
<div class="col-3"></div>
<div class="col-6">
<form action="includes/signup.php" method="POST">
<input type="text" name="username" placeholder="Username">
<br>
<input type="password" name="pwd" placeholder="Password">
<br>
<input type="text" name="email" placeholder="E-mail">
<br>
<input type="text" name="status" placeholder="Status">
<br>
<button type="submit" name="submit_reg"class="btn btn-primary">Submit</button>
</form>
</div>
<div class="col-3"></div>
</div>
</div>
</div>
在提交时调用的signup.php如下:
<?php
//check if submit clicked
if (isset($_POST['submit_reg'])){
include_once 'dbh.inc.php';
//gather data
$user = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['pwd']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$status = mysqli_real_escape_string($conn, $_POST['status']);
//check if empty
if (empty($user) || empty($password) || empty($email) || empty($status) ){
header("Location:../admin-cms.html?signup-empty-field");
exit();
}else{
//valid e-mail
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
header ("Location:../admin-cms.html?signup-inc-email");
exit();
}else{
//user taken
$sql = "SELECT * FROM users WHERE username='$user' ";
$result = mysqli_query($conn, $sql);
$result_check=mysqli_num_rows($result);
if($result_check>0){
header ("Location:../admin-cms.html?signup-user-taken");
exit();
}else{
//hash pass
$hash_pass= password_hash($password, PASSWORD_DEFAULT);
//insert stmt
$sql = "INSERT INTO users (username, password , status , e-mail) VALUES (?,?,?,?);";
$stmt = mysqli_stmt_init ($conn);
//check conn
if(!mysqli_stmt_prepare($stmt,$sql)){
echo "SQL ERROR CONNECT";
//execute
}else{
mysqli_stmt_bind_param($stmt ,"ssss" , $user , $hash_pass , $status ,$email);
mysqli_stmt_execute($stmt);
header("Location: ../admin-cms.html?signup=succes");
exit();
}
//just to check if it ran the code...it didnt
header("Location: ../admin-cms.html?signup=succes_not");
exit();
}
}
}
} else {
header ("Location:../admin-cms.html?signup-no-submit");
exit();
}
这是dbh.inc.php
<?php
$dbServername= "localhost";
$dbUsername= "root";
$dbPassword="";
$dbName="testcms";
$conn= mysqli_connect($dbServername,$dbUsername,$dbPassword,$dbName);
会发生什么:它将代码一直运行到 标题(“位置:../ admin-cms.html?signup=succes_not”); 出口(); 它应该来到执行插入的部分,然后返回到admin-cms.html并返回:?signup = succes
我认为问题在于以下内容:
mysqli_stmt_bind_param($ stmt,“ssss”,$ user,$ hash_pass,$ status,$ email);
mysqli_stmt_execute($语句);
然而,仍然有点新,所以我不知道为什么。我花了2个小时查找可能存在的问题,但无法找到任何问题。
答案 0 :(得分:0)
我犯了一个&#34; - &#34;在DB行的名称中,不允许使用SQL。