0

我正在尝试最后一个小时解决这个问题。我有一个很长的表格,我正在尝试将信息上传到 mysql 数据库中。放到我做的桌子上。这是我正在使用的 mysql 查询:

mysql_query("INSERT INTO `users_temp`(`first_name`, `surname`, `birthday`, `nationality`, `email`, `mobile`, `landline`, `address`, `town`, `post_code`, `country`, `password`, `code_conf`) VALUES ([$f_name],[$s_name],[$bday],[$nationality],[$email],[$mobile],[$landline],[$address],[$town],[$post_code],[$country],[$pass],[$conf_code])");

如果有人看到任何问题为什么它不起作用,请告诉我。谢谢...

$f_name         = $_POST["f_name"];
$s_name         = $_POST["s_name"];
$pass           = $_POST["pass"];
$birthday       = $_POST["bday"];
$nationality    = $_POST["nationality"];
$email          = $_POST["email"];
$mobile         = $_POST["mobile"];
$landline       = $_POST["landline"];
$address        = $_POST["address"];
$town           = $_POST["town"];
$post_code      = $_POST["post_code"];
$country        = $_POST["country"];

$conf_code      = substr(md5(uniqid(rand(), true)), 1, 70);

include("connect_into_mysql.php");
mysql_select_db("jzperson_edu", $conn);

$res_01 = mysql_query("SELECT * FROM users WHERE email='$email'");
$count_01 = mysql_num_rows($res_01);

if($count_01==0)
{
mysql_query("INSERT INTO users_temp ('first_name','surname','birthday','nationality','email','mobile','landline','address','town','post_code','country','password','code_conf') VALUES ('$f_name','$s_name','$bday','$nationality','$email','$mobile','$landline','$address','$town','$post_code','$country','$pass','$conf_code')");
header("Location: home.php");
}else{echo "This email is already registered. If you lost your password you can reset it here.";}
4

1 回答 1

1

1/ 你必须知道 SQL 注入:请阅读这篇文章。用 mysql_real_escape_string 封装所有 $_POST 数据,例如:

$f_name         = mysql_real_escape_string($_POST["f_name"]);

2/ MySQL 将很快被弃用,请参见此处的红框。

3/ 在你的所有标题之后,放置一个 die() (否则,你的代码会一直执行到最后,如果客户端的浏览器重定向被禁用,他可能会看到一些未经授权的内容)。

4/ 不要在一行写很长的请求,这样可以避免麻烦,使工作更容易。要调试它,or die(mysql_error())请在末尾添加一个“”,它将显示一条消息,帮助您获得解决方案。

mysql_query("
INSERT INTO users_temp (
    'first_name','surname','birthday',
    'nationality','email','mobile',
    'landline','address','town',
    'post_code','country','password',
    'code_conf'
) VALUES (
    '$f_name','$s_name','$bday',
    '$nationality','$email','$mobile',
    '$landline','$address','$town',
    '$post_code','$country','$pass',
    '$conf_code'
)
") or die(mysql_error());

顺便说一句,您正在检查用户表并插入到 user_tmp 表中。您可能会以这种方式遇到冲突问题,不是吗?

于 2012-09-08T22:10:08.717 回答