我对 PHP 很陌生,所以请耐心等待。我有一个注册表单,我正在提交在该表单上输入的值并将它们插入到 MySQL 数据库表中,但出现以下错误:
用户''@'localhost'对数据库'myproject'的错误访问被拒绝
我已经向我在代码中使用的用户授予了所有可能的访问权限,但仍然出现此错误。感谢任何帮助,并将奖励积分!
这是我的 HTML 表单:
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="stylesheet.css">
<title>Registration Page</title>
<script>
function validateForm() {
var x = document.forms["myForm"]["netID"].value;
if (x == null || x == "") {
alert("NetID must be filled out");
return false;
}
var y = document.forms["myForm"]["email"].value;
if (y == null || y == "") {
alert("Email must be filled out");
return false;
}
var n = document.forms["myForm"]["fname"].value;
if (n == null || n == "") {
alert("First Name cannot be blank");
return false;
} else if (n.length < 2) {
alert("First name cannot be less than 2 characters!");
return false;
}
var b = document.forms["myForm"]["lname"].value;
if (b == null || b == "") {
alert("Last Name cannot be blank");
return false;
} else if (b.length < 2) {
alert("Last Name cannot b less than 2 characters!");
return false;
}
}
</script>
</head>
<body>
<ul>
<br>
<br>
<br>
<br>
<center><img src="KSUlogo.PNG" alt="logo" style="width:100px;height:50px;"></center>
<br>
<br>
<br>
<br>
<br>
<li><a class="active" href="#home">Home</a></li>
<br>
<br>
<br>
<br>
<li><a href="#news">News</a></li>
<br>
<br>
<br>
<br>
<li><a href="#contact">Contact</a></li>
<br>
<br>
<br>
<br>
<li><a href="#about">About</a></li>
<br>
<br>
<br>
<br>
</ul>
<h1 style="text-align:center;">CCSE Community Profile Page</h1>
<br>
<br>
<br>
<br>
<br>
<h2 style="text-align:center;">Enter your Registration Information</h2>
<div style="text-align:center">
<form name="myForm" action="RegistrationValues.php"
onsubmit="return validateForm()" method="post">
<center>NetID: <input type="text" name="netID"></center>
<br>
<center>Email: <input type="text" name="email"></center>
<br>
<center>First Name: <input type="text" name="fname"></center>
<br>
<center>Last Name: <input type="text" name="lname"></center>
<br>
<br>
Services You Can Provide the CSE Community</center><br>
<br>
<input type="checkbox" name="radio" value="Java"> Java Tutoring<br>
<input type="checkbox" name="radio" value="Computer" checked> Computer Fixing<br>
<input type="checkbox" name="radio" value="PHP" checked> PHP Tutoring<br>
<br><br>
<select name="availabilty">
<option value="blank"></option>
<option value="Java">Morning</option>
<option value="Computer">Evening</option>
<option value="Service">Afternoon</option>
</select>
<br><br>
<center><input type="submit" value="Submit"></center>
</form>
</div>
</body>
</html>
这是我的 PHP 表单:
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="stylesheet.css">
<title>Registration Page</title>
</head>
<body>
<?php include "header.html";?>
<?php include "navigation.html";?>
<div style="text-align:center">
<p>netID: <?php echo $_POST["netID"]?></p>
<p>Email: <?php echo $_POST["email"]?></p>
<p>First Name <?php echo $_POST["fname"]?></p>
<p>Last Name: <?php echo $_POST["lname"]?></p>
<?php
$netID = $email = $fname = $lname = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$netID = test_input($_POST["netID"]);
$email = test_input($_POST["email"]);
$fname = test_input($_POST["fname"]);
$lname = test_input($_POST["lname"]);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$servername = "localhost";
$username = "myUser";
$password = "newpassword";
$dbname = "myproject";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
mysql_select_db("$dbname") or die( 'Error'. mysql_error() );
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
mysql_query("insert into ProfileInformation (netID, email, fname, lname, radio, availabilty)
values
('$_POST[netID]','$_POST[email]','$_POST[fname]','$_POST[lname]','$_POST[radio]','$_POST[availabilty]')")
or die(mysql_error());
echo "Done!!!!";
$stmt->close();
$conn->close();
?>
</body>
</html>
它似乎在某处将“”读取为用户名,但我不确定。 提前致谢。非常感谢。
最佳答案
您需要选择一个 api 并使用它,而不是混合使用 n 个匹配 - 但是,最好使用准备好的语句,而不是将 $_POST 变量直接嵌入到 sql 中。顺便说一句,$_POST 中的名称需要用引号引起来,除非它们作为常量存在!
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$conn->query("insert into ProfileInformation (netID, email, fname, lname, radio, availabilty)
values
( '{$_POST['netID']}', '{$_POST['email']}', '{$_POST['fname']}', '{$_POST['lname']}', '{$_POST['radio']}', '{$_POST['availabilty']}' )") or die(mysql_error());
echo "Done!!!!";
$conn->close();
既然您已经解决了连接问题(顺便说一句 - 问题是什么?您也许应该向 future 的读者分享失败的原因),您最初提供的 sql 很容易受到 sql 注入(inject)的攻击。首选方法是使用准备好的语句,如下所示:
if( isset( $_POST['netID'], $_POST['email'], $_POST['fname'], $_POST['lname'], $_POST['radio'], $_POST['availabilty'] ) ) {
$host = 'localhost';
$uname = 'xxx';
$pwd = 'xxx';
$db = 'xxx';
$conn = new mysqli( $host, $uname, $pwd, $db );
if ( !$conn ) {
die("Connection failed: " . mysqli_connect_error() );
}
$sql='insert into `ProfileInformation` ( `netID`, `email`, `fname`, `lname`, `radio`, `availabilty` ) values ( ?,?,?,?,?,? );';
$stmt=$conn->prepare( $sql );
if( $stmt ){
$netid=$_POST['netID'];
$email=$_POST['email'];
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$radio=$_POST['radio'];
$avail=$_POST['availabilty'];
/*
use i for integers
use s for strings
*/
$stmt->bind_params( 'isssss', $netid,$email,$fname,$lname,$radio,$avail );
$result=$stmt? 'Success!' : 'Fail!';
$stmt->close();
$conn->close();
} else {
echo 'Error creating statement';
}
} else {
echo 'One or more required POST variables are not set';
}
关于php - MySQL - PHP - 用户 '' @'localhost' 访问数据库 'myproject' 被拒绝,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39803736/