Question

好的，所以我的注册系统正确地将用户名，密码和电子邮件插入我的数据库，但没有任何其他字段。我首先尝试将值直接放入SQL查询中，然后将它们作为隐藏文本字段放在表单中。直接值给出了SQL语法错误，隐藏文本没有插入任何内容，只是成功添加了用户，传递和电子邮件。所有MYSQL字段类型都是LONGTEXT。这是代码。

Register.php

<form name="register" method="post" action="register2.php"><br />

Username<br><input name="username" type="text" size="20" /><br /><br />

Password<br><input name="password" type="password" size="20" /><br /><br />

E-mail<br><input name="email" type="text" size="20" /><br /><br />

<input="hidden" id="status" type="text" value=Waiting for a request size="100" />
<input="hidden" id="request" type="text" value="None sent" size="100" />
<input="hidden" id="paid" type="text" value="Please pay for an instant spot" size="100" />
<input="hidden" id="priority" type="text" value="To be determined by your web designer" size="100" />
<input="hidden" id="files" type="text" value="None" size="100" />
<input="hidden" id="filespass" type="text" value=None" size="100" /><div id="captcha2">
<img id="captcha" src="securimage/securimage_show.php" alt="CAPTCHA Image" /><br><br>Please re-write the security code below<br><input type="text" name="captcha_code" size="10" maxlength="6" size="20"/></div>

<br>
<input type="submit" name="submit" value="Register" /><br><br>
<a href='forgot.php'>Forgot</a> your password?<br>

</form>

Register2.php

<?php
include_once 'securimage/securimage.php';
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']) == false) {
 // the code was incorrect
 // you should handle the error so that the form processor doesn't continue

 // or you can use the following code if there is no validation or you do not know how
 echo "The security code entered was incorrect.<br /><br />";
 echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
 exit;
 }else{

 $con = mysql_connect(secret);
 if (!$con)
 {
 die('Could not connect: ' . mysql_error());
 }

mysql_select_db("dylanmediagroup", $con);

$username = htmlspecialchars($_POST['username']);
$password = htmlspecialchars($_POST['password']);
$email = htmlspecialchars($_POST['email']);
$status = htmlspecialchars($_POST['status']);
$priority = htmlspecialchars($_POST['priority']);
$paid = htmlspecialchars($_POST['paid']);
$files = htmlspecialchars($_POST['files']);
$filespass = htmlspecialchars($_POST['filespass']);

$checkuser = mysql_query("SELECT * FROM users WHERE username ='$username'");
$checkemail = mysql_query("SELECT * FROM users WHERE email='$password'");

if(mysql_num_rows($checkuser) > 0 ) { //check if there is already an entry for that username

echo "<img src='http://www.myhealthguardian.com/wp-content/uploads/2010/01/sad-face.gif' width='25%' height='21%'><br><br>Account already registered.<br> <a href='forgot.php'>Forgot</a> your password?<br><br>";

} else {

$sql="INSERT INTO `users` (username, password, email, status, priority, paid, files, filespass) VALUES ('$username', '$password', '$email', '$status', '$priority', '$paid', '$files', '$filespass')";

}

if (!mysql_query($sql,$con))
  {

  }else{

echo "<img src='http://3.bp.blogspot.com/-vpsc13PCfc0/TaLCGaq2SjI/AAAAAAAACTA/hw2MDzTk6mg/s1600/smiley-face.jpg' height='21%' width='25%'><br><br>Your registration was successful, please <a href='login.php'>login</a> to continue.";

}
}

mysql_close($con)
?>

Answer 1

您使用id代替名称作为隐藏输入。请使用以下语法：

    <input type="hidden" name="name" value="value" />

你的一个值似乎也破坏了字符串，因为它中有引号。

注册PHP / SQL不会插入longtext字段

1 个答案: