我的PHP代码不会将用户添加到MySQL数据库

时间:2019-04-29 14:11:07

标签: php html mysql linux apache

我正在尝试使用php创建即时消息服务,无法启动网站并运行以将用户注册到MySQL数据库,但是对于我来说,我不明白为什么它不会添加用户

我已经在phpMyAdmin中为用户创建了表,还重新制作了它们,以防万一我弄乱了但没有用

这是我注册新用户的主要页面

<!doctype html>
<html>

<head>
<style>
*{margin:0px; padding:0px;}
#main{ width:200px; margin:24px auto; }
</style>
</head>

<body>
<?Php

        require_once("connection.php") ;
    if(isset($_POST['Register'])){
        $first_name = $_POST['first_name'] ;
        $last_name = $_POST['last_name'] ;
        $user_name = $_POST['user_name'] ;
        $password = $_POST['password'] ;
    if ($first_name !="" and $last_name !="" and $user_name !="" and $password !=""  ){

    $q="INSERT INTO `user` ('id','first_name','last_name','user_name', 'password')
        VALUES('', '".$first_name."', '".$last_name."', '".$user_name."', '".$password."') 
        " ;
        if(mysqli_query($con, $q )){
        header("location:login.php") ; 
        }else{
        echo $q ;
        }

    }else{
        echo "please fill in all the boxes" ;

    }

    }


?>



<div id="main">
<h2 align="center">Registration</h2>
<form method="post">
First Name:<br>
<input type="text" name="first_name" placeholder="First Name" />
<br><br>
Last Name:<br>
<input type="text" name="last_name" placeholder="Last Name" /><br><br>
User Name:<br>
<input type="text" name="user_name" placeholder="User Name" /><br><br>
Password:<br>
<input type="password" name="password" placeholder="Password" /><br><br>
<input type="submit" name"register" value="Register" />


</form>
</div>


</body>

</html>

它引用的是connection.php,

<?php

$con =  mysqli_connect("localhost","pmauser","root","chat application") ;

?>

一旦输入了所有文本,然后单击“注册”,该表单将清除,但不会弹出任何消息,此后,我转到phpMyAdmin并检查用户并显示为空,应该发生的事情是:文本框中的信息,并将其添加到数据库中。

4 个答案:

答案 0 :(得分:1)

name"register"更改为name"Register"

因为您的支票是这样

if(isset($_POST['Register'])){

OR

设为(如果您不想更改html)

 if(isset($_POST['register'])){

传递参数的方式将导致 SQL注入。请阅读here

答案 1 :(得分:0)

以下对我来说很完美。我更改了一些内容,但是它可以工作:)。

require_once("connection.php") ;
if(isset($_POST['register']))
{
        $first_name = $_POST['first_name'] ;
        $last_name = $_POST['last_name'] ;
        $user_name = $_POST['user_name'] ;
        $password = $_POST['password'] ;
    if (!empty($first_name) and !empty($last_name) and !empty($user_name) and !empty($password))
    {
                $q="INSERT INTO `user` (id,first_name,last_name,user_name, password) VALUES ('', '$first_name', '$last_name', '$user_name', '$password')";
                if(mysqli_query($con, $q )){
                        header("location:login.php");
                }else{ echo "ERROR: Could not execute $q. " . mysqli_error($con);}
     }
}
?>

<div id="main">
<h2 align="center">Registration</h2>
<form method="post">
First Name:<br>
<input type="text" name="first_name" placeholder="First Name" />
<br><br>
Last Name:<br>
<input type="text" name="last_name" placeholder="Last Name" /><br><br>
User Name:<br>
<input type="text" name="user_name" placeholder="User Name" /><br><br>
Password:<br>
<input type="password" name="password" placeholder="Password" /><br><br>
<input type="submit" name="register" value="Register" />

</form>
</div>
</body>
</html>

答案 2 :(得分:-1)

我确实注意到您为寄存器的输入框分配了一个值,因为输入框是一种提交类型,所以该值仅用于显示目的,而不是在表单中提交。我提供了一个隐藏的输入框来代替。

重构代码并对其进行修改以防止SQL注入攻击,您将获得以下信息:

HTML文档

<!doctype html>
<html>

    <head>
        <style>
            *{margin:0px; padding:0px;}
            #main{ width:200px; margin:24px auto; }
        </style>
    </head>

<body>

    <?php
        require_once("connection.php");

        if($_POST['register'] == 'Register')
        {
            $first_name = $_POST['first_name'];
            $last_name = $_POST['last_name'];
            $user_name = $_POST['user_name'];
            $password = password_hash($_POST['password'], PASSWORD_DEFAULT);

            if( ($first_name <> "") && ($last_name <> "") && ($user_name <> "") && ($password <> "")  )
            {
                $sql = "INSERT INTO `user` ('id', 'first_name', 'last_name', 'user_name', 'password') VALUES('', ?, ?, ?, ?);";
                if( $pdo->prepare($sql)->execute([$first_name, $last_name, $user_name, $password]) )
                    header("location:login.php"); 
                else
                    echo $sql->debugDumpParams();;
            }
            else
                echo "please fill in all the boxes";
        }
    ?>

    <div id="main">
        <h2 align="center">Registration</h2>

        <form method="post">
            First Name:<br>
            <input type="text" id="first_name" name="first_name" placeholder="First Name" />
            <br><br>
            Last Name:<br>
            <input type="text" id="last_name" name="last_name" placeholder="Last Name" /><br><br>
            User Name:<br>
            <input type="text" id="user_name" name="user_name" placeholder="User Name" /><br><br>
            Password:<br>
            <input type="password" id="password" name="password" placeholder="Password" /><br><br>
            <input type="hidden" id="register" name"register" value="Register" />
            <input type="submit" value="Register" />
        </form>
    </div>

</body>

</html>

连接PHP文件。

$host = '127.0.0.1';
$db   = 'test';
$user = 'root';
$pass = '';
$charset = 'utf8mb4';

$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
$options = [
    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
    PDO::ATTR_EMULATE_PREPARES   => false,
];
try {
     $pdo = new PDO($dsn, $user, $pass, $options);
} catch (\PDOException $e) {
     throw new \PDOException($e->getMessage(), (int)$e->getCode());
}

答案 3 :(得分:-1)

我怀疑USER信息数据没有存储在您的数据库中,因为AUTOCOMMIT已关闭。要验证这一点,请运行:     选择@@ autocommit; 在您插入之前。如果结果为0,则AUTOCOMMIT实际上已关闭。如果关闭,除非您在INSERT之后发出COMMIT,否则将不会保存您的INSERT。或者,打开AUTOCOMMIT(用于会话或整个数据库),即     SET自动提交= 1;

相关问题
最新问题