我正在建立一个注册并登录系统,我在index.php中使用session_start()和db.php
这是我点击注册时遇到的错误
致命错误:在第23行的C:\ wamp \ www \ hotelempire \ register.php中调用未定义的方法mysqli :: error()
这是我的代码
<form id="registerform" name="registerform" method="post" >
<!-- Your Full Name -->
<div class="form-group">
<input type="text" class="input-text" name="register-fullname"
id="register-fullname" placeholder="Your Full Name" title="As Per AADHAR CARD">
</div>
<!-- Email-->
<div class="form-group">
<input type="email" class="input-text" name="register-email"
id="register-email" placeholder="Email Address">
</div>
<div class="form-group">
<select style="width: 100%" name="register-country" id="register-country" >
<option
value="india">India</option>
</select>
</div>
<div class="form-group">
<input type="tel" class="input-text" name="register-phoneno"
id="register-phoneno" placeholder="Contact No" maxlength="10">
</div>
<!-- password -->
<div class="form-group">
<input type="password" class="input-text" name="register-password"
id="register-password" placeholder="Password">
</div>
<!-- Btn -->
<input type="submit" name="register-submit" id="register-submit"
class="submit" value="Sign Up">
<p>By signing up, you agree to our terms of services and privacy policy.</p>
</form>
这些代码是register.php
$_SESSION['user-fullname'] = $_POST['register-fullname'];
$_SESSION['user-email'] = $_POST['register-email'];
$_SESSION['user-country'] = $_POST['register-country'];
$_SESSION['user-phoneno'] = $_POST['register-phoneno'];
$fullname = $mysqli->escape_string($_POST['register-fullname']);
$email = $mysqli->escape_string($_POST['register-email']);
$phoneno = $mysqli->escape_string($_POST['register-phoneno']);
$password = $mysqli->escape_string(password_hash($_POST['register-password'], PASSWORD_BCRYPT));
$hash = $mysqli->escape_string(md5(rand(0, 1000)));
$result = $mysqli->query("SELECT * FROM users WHERE user-email='$email'") or die($mysqli->error());
if ($result->num_rows > 0)
{
$_SESSION['message'] = '<div class="info-alert">User with this email already exists!</div>';
header("location: error.php");
}
else
{
$sql = "INSERT INTO users (first_name, last_name, email, password, hash)"
."VALUES ('$fullname','$email', '$phoneno' ,'$password', '$hash')";
if ($mysqli->query($sql))
{
$result = $mysqli->query("SELECT * FROM users WHERE user-email='$email'");
$user = $result->fetch_assoc();
$id = $user['user_id'];
$_SESSION['active'] = 0;
$_SESSION['logged_in'] = true;
if ($_SESSION['user-email'] == 'admin@admin.com')
{
header("location: admin.php");
}
else
{
$_SESSION['message'] =
"<div class='info-success'>Confirmation link has been sent to $email, please verify
your account by clicking on the link in the message!</div>";
$to = $email;
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$subject = 'Account Verification';
$message = '<html>
<head>
<title>TEST</title>
<style type="text/css">
body
{
background: #c1bdba;
font-family: "Titillium Web", sans-serif;
}
a
{
text-decoration: none;
color: #1ab188;
-webkit-transition: .5s ease;
transition: .5s ease;
}
a:hover
{
color: #179b77;
}
h1
{
font-size: 18px;
text-align: center;
color: #ffffff;
font-weight: 300;
}
h2
{
text-align: center;
color: #1ab188;
font-weight: 1000;
}
span
{
color: #1ab188;
font-weight: bold;
}
p
{
text-align: center;
color: #ffffff;
margin: 0px 0px 50px 0px;
padding-top: 2px;
}
.form
{
background: rgba(19, 35, 47, 0.9);
padding: 40px;
max-width: 600px;
margin: 40px auto;
border-radius: 4px;
box-shadow: 0 4px 10px 4px rgba(19, 35, 47, 0.3);
}
.button
{
font-family: "Titillium Web", sans-serif;
border: 0;
outline: none;
border-radius: 0;
padding: 15px 0;
margin-top: 30px;
font-size: 2rem;
font-weight: 600;
text-transform: uppercase;
letter-spacing: .1em;
background: #1ab188;
color: #ffffff;
-webkit-transition: all 0.5s ease;
transition: all 0.5s ease;
-webkit-appearance: none;
}
.button:hover, .button:focus
{
background: #179b77;
}
.button-block
{
display: block;
width: 100%;
}
</style>
</head>
<body>
<div class="form">
<h1 style="font-size: 20px; text-align: left;">Hello <a>'.$fullname.'</a></h1>,<br>
<h1>Thank you for signing up!<br>
Please click the button below to activate your account:<br></h1>
<a href="http://localhost/login-system/verify.php?id='.$id.'&hash='.$hash.'"><button class="button button-block">Activate Account</button></a>
</div>
</body>
</html>';
mail($to, $subject, $message, $headers);
header("location: success.php");
}
}
else
{
$_SESSION['message'] = '<div class="info-alert">Registration failed!</div>';
header("location: 404.html");
}
}
答案 0 :(得分:2)
错误消息是mysqli对象的属性,而不是方法,请使用
$mysqli->error;
现在您将获得404页面,因为如果此查询失败
$sql = "INSERT INTO users (first_name, last_name, email, password, hash)"
."VALUES ('$fullname','$email', '$phoneno' ,'$password', '$hash')";
if ($mysqli->query($sql))
{
您的其他条件重定向到您的404.html
页面
}
else
{
$_SESSION['message'] = '<div class="info-alert">Registration failed!</div>';
header("location: 404.html");
}
我认为,要获取此代码,您必须已经进行了我在此答案第一部分中建议的更改。
我还应该提到您的脚本对SQL Injection Attack是开放的 甚至if you are escaping inputs, its not safe! 在
MYSQLI_
或PDO
API中使用prepared parameterized statements我还可以建议错误检查,但是如果您不麻烦,请添加
ini_set('display_errors', 1); ini_set('log_errors',1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
到脚本顶部。这将强制所有mysqli_错误生成异常,您可以在浏览器上看到该异常以及正常的PHP错误。
您接下来遇到的错误是在此语句中:
$result = $mysqli->query("SELECT * FROM users WHERE user-email='$email'");
如果您实际上在列user-email
中使用连字符而不是下划线_
来命名列,则必须将该列名称包装在这样的反引号中
$result = $mysqli->query("SELECT * FROM users WHERE `user-email`='$email'");