0

我正在尝试将数据保存到 sql 数据库中的注册表单。我还没有进行表单验证,因为最困扰我的是将这些东西放到 sql 中。我将不胜感激任何建议!

我有一个 form.php 文件,应该做艰苦的工作。当我提交表单时,此时,我得到一个空白屏幕,并且没有任何内容加载到数据库中。

<?php
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$password = $_POST['password'];
$email = $_POST['email'];
$cell = $_POST['cell'];
$experience = $_POST['experience'];
$ip = $_POST['ip'];

$password = md5($_POST['password']);

$connection = msql_connect(localhost, USERNAME, PASSWORD);
$db = mysql_select_db(registration,$connection);    

mysql_query("INSERT INTO userTable (fname,lname,password,email,cell,experience,ip) VALUES ('$fname', '$lname', '$password', '$email', '$cell', '$experience', '$ip')")
    or die (mysql_error());

echo "Thank you for your registration";


?>

我有一个包含以下内容的 html 文件:

            <form method = "post" action = "form.php">
            <h2>User Information</h2>

            <div><label>First Name:</label>
                <input type = "text" name = "fname"></div>
            <div><label>Last Name:</label>
                <input type = "text" name = "lname"></div>
            <div><label>Password:</label>
                <input type = "password" name = "password"></div>
            <div><label>Email:</label>
                <input type="text" name="email"></div>
            <div><label>Cellphone:</label>
                <input type="text" name="cell"></div>
                <input type="hidden" name="ip" value='<?php echo $IP ?>'/>
            <h2>What Is Your Experience Mountain Biking?</h2>
            <p><input type="radio" name="experience" value="n00b"
                checked>n00b
                <input type="radio" name="experience" value="intermediate">Intermediate
                <input type="radio" name="experience" value="extreme">Extreme                   
                </p>
            <p><input type="submit" name="submit" value="Register"></p>
        </form>

最后,我有一个名为“registration”的 sql 数据库(我在本地运行 xampp)我创建的表名为“userTable”,它包含 8 个字段,包括 ID(自动递增)和我包含的 7 个其他值在上面。知道我做错了什么吗?

4

2 回答 2

2

问题是什么?

1)问题是每次加载此页面时它都会进行 INSERT 查询 - 意味着每次插入空值时。为什么?

仅仅因为没有条件检查是否所有字段都已发布,所以而不是:

<?php

$fname = $_POST['fname'];
$lname = $_POST['lname'];
$password = $_POST['password'];
$email = $_POST['email'];
$cell = $_POST['cell'];
$experience = $_POST['experience'];
$ip = $_POST['ip'];

您应该检查$_POSTsuper-global 是否有一些键。所以在做任何查询之前 - 首先检查是否$_POST不为空

<?php

//This means that user did submit the form
if ( !empty($_POST) ){

  //all your stuff goes here
}

?>
<html>
.....
</html>

2)您确定您可以控制您的代码吗?显然不是。

您必须检查是否返回了某个函数TRUE,然后根据它执行以下操作。

例如,你确定那mysql_query("your sql query")是成功的吗?

3) 为 E_ALL 启用 error_reporting,所以只需放在error_reporting(E_ALL)页面顶部,如下所示:

<?php

error_reporting(E_ALL);

这样您就可以随时“即时”调试脚本

4)您正在尽一切努力使此代码难以维护,为什么?看这个:

<?php

//Debug mode:
error_reporting(E_ALL);

//Sure you want to show some error if smth went wrong:
$errors = array(); 

/**
 * 
 * @return TRUE if connection established 
 * FALSE on error
 */
function connect(){

 $connection = mysql_connect(localhost, USERNAME, PASSWORD);
 $db = mysql_select_db(registration,$connection);    

 if (!$connection || !$db ){
   return false; 
 } else {
   return true;
 }
}


//So this code will run if user did submit the form:
if (!empty($_POST)){

 //Connect sql server:
 if ( !connect() ){
   $errors[] = "Can't establish link to MySQL server";
 }

 $fname = $_POST['fname'];
 $lname = $_POST['lname'];
 $password = $_POST['password'];
 $email = $_POST['email'];
 $cell = $_POST['cell'];
 $experience = $_POST['experience'];
 //Why post ip? not smth like $_SERVER['REMOTE_ADDR']...
 $ip = $_POST['ip'];

 $password = md5($_POST['password']);

 //No error at this point - means that it successfully connected to SQL server: 
 if ( empty($errors) ){

  //let's prevent sql injection:

  $fname = mysql_real_escape_string($fname);
  //Please do this for all of them..
 }



//Now we should try to INSERT the vals:

$query = "INSERT INTO `userTable` (`fname`,`lname`,`password`,`email`,`cell`,`experience`,`ip`) VALUES ('$fname', '$lname', '$password', '$email', '$cell', '$experience', '$ip')";

//So try it:
if ( !mysql_query($query) ){
   // 
   //die (mysql_error());
   $errors[] = "Can't insert the vals";
} else {
   //Or on success:
   print ("Thank you for your registration");
   //or you can do redirect to some page, like this:

  //header('location: /thanks.php');
}


}

?>

<form method="post">
            <h2>User Information</h2>

            <div><label>First Name:</label>
                <input type = "text" name = "fname"></div>
            <div><label>Last Name:</label>
                <input type = "text" name = "lname"></div>
            <div><label>Password:</label>
                <input type = "password" name = "password"></div>
            <div><label>Email:</label>
                <input type="text" name="email"></div>
            <div><label>Cellphone:</label>
                <input type="text" name="cell"></div>
                <input type="hidden" name="ip" value='<?php echo $IP ?>'/>
            <h2>What Is Your Experience Mountain Biking?</h2>
            <p><input type="radio" name="experience" value="n00b"
                checked>n00b
                <input type="radio" name="experience" value="intermediate">Intermediate
                <input type="radio" name="experience" value="extreme">Extreme                   
                </p>

            <?php if ( !empty($errors) ) : ?>

            <?php foreach($errors as $error): ?> 
             <p><b><?php echo $error; ?></b></p>
            <?php endforeach; ?> 
             <?php endif; ?>


            <p><input type="submit" name="submit" value="Register"></p>
        </form>
于 2012-08-03T01:45:54.443 回答
-1
Solved my own problem


<?php
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$password = $_POST['password'];
$email = $_POST['email'];
$cell = $_POST['cell'];
$experience = $_POST['experience'];
$ip = $_POST['ip'];

$fname = mysql_real_escape_string($fname);
$lname = mysql_real_escape_string($lname);
$email = mysql_real_escape_string($email);
$password = md5($_POST['password']);

$servername="localhost";
$username="user";
$conn=  mysql_connect($servername,$username, password)or die(mysql_error());
mysql_select_db("registration",$conn);
$sql="insert into userTable (fname,lname,password,email,cell,experience,ip) VALUES ('$fname', '$lname', '$password', '$email', '$cell', '$experience', '$ip')";

$result=mysql_query($sql,$conn) or die(mysql_error());          
print "<h1>you have registered sucessfully</h1>";


echo "Thank you for your registration to the ";

mysql_close($connection);

?>

于 2012-08-03T01:59:11.723 回答