该代码应该从register.php接收表单数据并将其存储在数据库中,然后,页面应将用户重定向到done.php,但数据没有存储到数据库中。 这是代码:
<?php
session_start();
// variable declaration
$admin = "admin";
$errors = array();
$_SESSION['success'] = "";
// connect to database
$db = mysqli_connect('localhost', 'root', '', 'registration');
if($db == false){
echo "no connection!!!";
}
// define variables and set to empty values
$nameErr = $emailErr = $genderErr = "";
$fname = $lname = $username = $email = $email2 = $gender = "";
//escape and trim not allowed symbols
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
// REGISTER USER
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["fname"])) {
$nameErr = "First name is required";
} else {
$fname = test_input($_POST["fname"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$fname)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["lname"])) {
$nameErr = "Last name is required";
} else {
$lname = test_input($_POST["lname"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$lname)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["username"])) {
$nameErr = "Username is required";
} else {
$username = test_input($_POST["username"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$username)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
}
if (empty($_POST["email2"])) {
$emailErr = "Email2 is required";
} else {
$email2 = test_input($_POST["email2"]);
// check if e-mail address is well-formed
if (!filter_var($email2, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
}
$pass = mysqli_real_escape_string($_POST['pass']);
$pass2 = mysqli_real_escape_string($_POST['pass2']);
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users
WHERE username='$username'
OR email='$email'
LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "Email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
//encrypt password
$hash = password_hash($pass, PASSWORD_BCRYPT);
//insert values
$query = "INSERT INTO users (fname, lname, username, email, pass)
VALUES('$fname', '$lname', '$username', '$email', '$hash')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: done.php');
}
}
?>
我不知道该怎么办。我已经检查了8次以上的代码。 另一件事是,在添加test_input()函数之前,我已将mysqli_real_escape_string与POST方法一起使用,并使用md5作为密码。当时,它运行良好。
修改: 它在那个php页面中给了我这个错误代码:
致命错误:mysqli_sql_exception未捕获:C:\ xampp \ htdocs \ ReadingAmbassadors \ server.php:109中的“字段列表”中的未知列“ pass”:堆栈跟踪:#0 C:\ xampp \ htdocs \ ReadingAmbassadors \ server。 php(109):mysqli_query(Object(mysqli),“ INSERT INTO use ...”)#1 C:\ xampp \ htdocs \ ReadingAmbassadors \ register.php(1):include('C:\ xampp \ htdocs。 。)#2 {main}在第109行的C:\ xampp \ htdocs \ ReadingAmbassadors \ server.php中抛出
以及如何保护此代码免受sql注入?
修改2 : 问题是下面提到的行名为“ mario” 我决定使用PDO