我目前正在使用 PHP 开发注册页面 一切似乎都运行正常,但信息没有输入到数据库中。我一直在寻找几个小时,但似乎找不到问题。 感谢您的帮助。
<!DOCTYPE>
<html>
<head>
<title>Web App</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="style.css">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4 /jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7 /js/bootstrap.min.js"></script>
</head>
<body style="background:lightblue;">
<div class="container">
<h1>Register</h1>
<form action="#" method="POST">
<div class="form-group">
<label for="email">Email address:*</label>
<input type="email" class="form-control" name="email" placeholder="Example@hotmail.co.uk" value="<?php if(isset($_POST['email'])) echo $_POST['email'];?>">
</div>
<div class="form-group">
<label for="fname">First Name:*</label>
<input type="text" class="form-control" name="fname" placeholder="John" value="<?php if(isset($_POST['fname'])) echo $_POST['fname'];?>">
</div>
<div class="form-group">
<label for="lname">Last Name:*</label>
<input type="text" class="form-control" name="lname" placeholder="Smith" value="<?php if(isset($_POST['lname'])) echo $_POST['lname'];?>">
</div>
<div class="form-group">
<label for="pwd">Password:*</label>
<input type="password" class="form-control" name="pwd1" placeholder="*********" value="<?php if(isset($_POST['pwd1'])) echo $_POST['pwd1'];?>">
</div>
<div class="form-group">
<label for="pwd">Re-Enter Password:*</label>
<input type="password" class="form-control" name="pwd2" placeholder="*********" value="<?php if(isset($_POST['pwd2'])) echo $_POST['pwd2'];?>">
</div>
<button type="submit" class="btn btn-default">Submit</button>
</form>
</div>
<?php
if($_SERVER['REQUEST_METHOD'] =='POST'){
require('connect.php');
$error = false;
//email
if(isset($_POST['email'])){
$email = mysql_real_escape_string(trim($_POST['email']));
}
else{
echo'please enter your email address';
$error = true;
}
//first name
if(!isset($_POST['fname'])){
$fname = mysql_real_escape_string(trim($_POST['fname']));
}
else{
echo'please enter your first name';
}
//last name
if(isset($_POST['fname'])){
$lname = mysql_real_escape_string(trim($_POST['lname']));
}
else{
echo'please enter your last name';
$error = true;
}
//password
if(isset($_POST['pwd2'])){
if(!empty($_POST['pwd2'])){
if ($_POST['pwd1'] != $_POST['pwd2']){
echo'Passwords do not match';
$error = true;
}
else{
$pwd = mysql_real_escape_string(trim($_POST['pwd1']));
}
}
else{
echo'Please enter your password';
$error = true;
}
}
else{
echo'please enter your password';
$error = true;
}
if (!$error){
$query = "INSERT INTO Login (Email, Firstname, Lastname, Password) VALUES ('$email', '$fname', '$lname', SHA512('$pwd')";
$results = mysql_query($query);
if (results){
header('Location: login.php');
}
else{
echo'Oops!';
}
mysql_close($db_connected);
exit();
}
}
?>
</body>
</html>
最佳答案
失败的原因是您从一开始就没有连接到数据库 ($db_connection)。此外,MySQL 没有SHA512()。会导致查询失败的函数。
Little Bobby说 your script is at risk for SQL Injection Attacks. 。连escaping the string不安全! SQL 注入(inject)! 它不再只是早餐了!
请stop using mysql_* functions . These extensions已在 PHP 7 中删除。了解 prepared PDO 的声明和 MySQLi并考虑使用 PDO,it's really pretty easy .
切勿存储纯文本密码! 请使用 PHP 的 built-in functions处理密码安全。如果您使用的 PHP 版本低于 5.5,您可以使用 password_hash() compatibility pack .确保您 don't escape passwords 或在散列之前对它们使用任何其他清理机制。这样做会更改密码并导致不必要的额外编码。
关于PHP 注册页面正在运行,但没有输入到数据库中,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40403997/