0

这是根据用户在表单中输入的内容来注册用户的功能。

function register($firstname, $lastname , $email, $password, $password2){
      // check if the first password is allowed
      if(!checkLogin($email, $password)){
         echo "checklogin failed";
         return false;  
     }

         // check if two passwords are equal
     if(strcmp($password, $password2) != 0){
         echo "passwords rent the same";
         return false;
     }

     // explode the email into two pieces
     $email = explode('@' , $email);
     echo "" . $email[0] . " and " . $email[1] . "";
     $insertemail = "$email[0]-" . "$email[1]";
     echo "" . $insertemail . "";

     // connect to database and insert values
     require("db.inc.php");
     $query = "INSERT into users set 
        firstname = ".mysqli_real_escape_string($link, $firstname) ." ,
        lastname = ".mysqli_real_escape_string($link, $lastname) ." ,
        email = ".mysqli_real_escape_string($link, $insertemail) ." ,
        password = ".mysqli_real_escape_string($link, $password) ." ";
     $result = mysqli_query($link, $query)
            or die("Error: " . mysqli_error($link));
     // check the query worked
     if(!result){
         return false;
     }

     return true;

 }

我不确定这是否有帮助,但“Connor”值是我在表单中输入的值并存储在 $firstname 中。

4

1 回答 1

2

您需要在 SQL 查询中用引号将文本值括起来,更不用说您的 INSERT 语法有点偏离:

 $query = "INSERT INTO users (firstname, lastname, email, password) VALUES 
           ( 
              '" . mysqli_real_escape_string($link, $firstname)   . "' ,
              '" . mysqli_real_escape_string($link, $lastname)    . "' ,
              '" . mysqli_real_escape_string($link, $insertemail) . "' ,
              '" . mysqli_real_escape_string($link, $password)    . "' 
           ) ";
于 2012-07-04T22:09:41.490 回答