我正在尝试制作一个已连接到数据库的注册表单,它还可以检查用户名是否唯一,但不幸的是,我无法在我的表中插入新数据。 如果有人可以帮助我,我将不胜感激。
<?php
error_reporting(E_ALL ^ E_DEPRECATED);
include 'connect.inc.php';
if(isset($_POST['submit'])) {
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password2 = mysql_real_escape_string($_POST['password2']);
$firstname = mysql_real_escape_string($_POST['firstname']);
$lastname = mysql_real_escape_string($_POST['lastname']);
//md5 password
$password_hash = md5($password);
//check to see if the fields are empty
if(empty($username) || empty($password)|| empty($firstname)|| empty($lastname)) {
echo "Not all fields filled!<br /><br />";
exit();
}
//check if password is equal
if($password != $password2) {
echo "Your Passwords Do Not Match.<br />";
exit();
} else {
$query = "SELECT `username` From `users` WHERE username='$username'";
$result = mysql_query($query);
if(mysql_num_rows($result) ==1) {
echo "Sorry, that user has already exists.";
exit();
} else {
$query1= mysql_query("INSERT INTO `users` ('',username,password,firstname,lastname) VALUES ('','$username', '$password_hash', '$firstname', '$lastname'");
if($result1 = mysql_query($query1)) {
echo "Registered Successfully";
} else {
echo "Sorry, You could not Register";
}
}
}
}
?>
<form action="" method="POST">
Username:<br />
<input type="text" name="username" /><br /><br />
Password:<br />
<input type="password" name="password" /><br /><br />
Confirm Password:<br />
<input type="password" name="password2" /><br /><br />
First Name:<br />
<input type="text" name="firstname" /><br /><br />
Last Name:<br />
<input type="text" name="lastname" /><br /><br />
<input type="submit" value="Register" name="submit" />
</form>
最佳答案
您的 INSERT 语句缺少右括号。
$query1= mysql_query("INSERT INTO ... '$lastname'");
$query1= mysql_query("INSERT INTO ... '$lastname')");
^
顺便说一句,我发现在执行单行 INSERT 时使用替代语法更容易,因此列名和值匹配:
$query1= mysql_query("INSERT INTO `users` SET
username='$username',
password='$password',
firstname='$firstname',
lastname='$lastname'");
这更容易确保列与正确的变量相匹配。也无需担心右括号。
参见 http://dev.mysql.com/doc/refman/5.7/en/insert.html有关此语法的详细信息。
您还应该放弃已弃用的 mysql 扩展,而改用 PDO。阅读这个不错的教程:https://phpdelusions.net/pdo
Jay Blanchard 是正确的,您的代码不安全。 安全性与正确性一样,不是附加功能。您提到您是初学者,但您不应该开始养成坏习惯。阅读https://blog.codinghorror.com/youre-probably-storing-passwords-incorrectly/
关于php - 无法插入到我的 MYSQL 表中,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38536107/