-1

我正在尝试为我的数据库创建电子邮件验证表单,但遇到了许多问题。当我尝试运行下面的代码时,我收到错误未选择数据库。

我也得到一个未定义的变量错误。我希望将用户名放入我的数据库中的用户名字段下,但显然 $name 是一个未定义的变量。第 xx 行未定义变量错误mysql_query("INSERT INTO registrations (username, password, email, hash) VALUES( '". mysql_real_escape_string($name) ."',

我正在使用 WAMP 服务器。数据库的名称是sitememberdetails,我需要输入信息的表的名称是registrations。我对此很陌生-谁能告诉我如何定义变量以及如何选择数据库(即使它似乎已经被选中?)

     <?php

             $host = "localhost";
             $username = "";
             $password = "";
             $databasename = "sitememberdetails";
             $email="xxxxxx@xxxxxxxx.xxx";


              $connection = mysql_connect($host,$username,$password) or die        
             ("Error: ".mysql_error());

               mysql_select_db($databasename);("sitememberdetails") or  

               die(mysql_error());   



                    if(isset($_POST['name']) && !empty($_POST['name']) AND  

                    isset($_POST['email']) && !empty($_POST['email'])){  
                     $name = mysql_real_escape_string($_POST['name']);  
                     $email = mysql_real_escape_string($_POST['email']); }  



                      if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a- 

                        z0-9-]+)*(\.[a-z]{2,3})$/i", $email)){

$msg = 'The email you have entered is invalid, please try again.';  
                }else{  

                    $msg = 'Your account has been made, <br /> please verify it     

              by clicking the activation link that has been send to  

                 your email.';  
                       }  


                        $hash = md5( rand(0,1000) ); 


                         $password = rand(1000,5000); 



                        mysql_query("INSERT INTO registrations (username, password,  

                          email, hash) VALUES( 
                          '". mysql_real_escape_string($name) ."', 
                          '". mysql_real_escape_string(md5($password)) ."', 
                          '". mysql_real_escape_string($email) ."', 
                          '". mysql_real_escape_string($hash) ."') ") or  

                          die(mysql_error());



                             $to      = $email; // Send email to our user  
                      $subject = 'Signup | Verification'; // Give the email a subject  
                      $message = ' 
                       Thanks for signing up! 
                      Your account has been created, you can login with the following  

                       credentials after you have activated your account by pressing  

                       the url below. 

                 Username: '.$name.' 
                 Password: '.$password.' 

                      Please click this link to activate your account: 
                      http://www.yourwebsite.com/verify.php?email='.$email.'& 

                      hash='.$hash.' 
                       ';  
                     $headers = 'From:noreply@yourwebsite.com' . "\r\n"; // Set from  

                       headers  
                       mail($to, $subject, $message, $headers); // Send our email  


                        ?>
4

4 回答 4

1

尝试更改此代码

mysql_select_db($databasename);("sitememberdetails") or  

           die(mysql_error());

对此

mysql_select_db($databasename) or  die(mysql_error());

停产;

if (database_connection) {
unset($undefined_variable_error)
} else {
echo $undefined_variable_error;
}
// Because mysql_real_escape_string needs an open mysql connection
于 2012-10-30T15:12:46.287 回答
1

查看此修改后的代码:

<?php
         $host = "localhost";
         $username = "";
         $password = "";
         $databasename = "sitememberdetails";
         $email="xxxxxx@xxxxxxxx.xxx";


        $connection = mysql_connect($host,$username,$password) or die ("Error: ".mysql_error());
        mysql_select_db($databasename) or die(mysql_error());   


               $name = "";
           if(isset($_POST['name']) && !empty($_POST['name']) AND  
           isset($_POST['email']) && !empty($_POST['email'])){  
                 $name = mysql_real_escape_string($_POST['name']);  
                 $email = mysql_real_escape_string($_POST['email']); }  



                if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email)){
                    $msg = 'The email you have entered is invalid, please try again.';  }
            else { 
                $msg = 'Your account has been made, <br /> please verify it     
                            by clicking the activation link that has been send to your email.';  
                  }  


            $hash = md5( rand(0,1000) ); 
            $password = rand(1000,5000); 

            mysql_query("INSERT INTO registrations (username, password,email, hash) VALUES( 
                      '". mysql_real_escape_string($name) ."', 
                      '". mysql_real_escape_string(md5($password)) ."', 
                      '". mysql_real_escape_string($email) ."', 
                      '". mysql_real_escape_string($hash) ."') ") or die(mysql_error());

            $to = $email; // Send email to our user  
                $subject = 'Signup | Verification'; // Give the email a subject  
            $message = ' Thanks for signing up! 
                Your account has been created, you can login with the following  
                credentials after you have activated your account by pressing  
                the url below. 
                    Username: '.$name.' 
                    Password: '.$password.' 
                Please click this link to activate your account: 
                http://www.yourwebsite.com/verify.php?email='.$email.'& 
                hash='.$hash.' 
               ';  

            $headers = 'From:noreply@yourwebsite.com' . "\r\n"; // Set from  

                mail($to, $subject, $message, $headers); // Send our email  

?>

我建议你使用 PDO 而不是 mysql_ 函数

于 2012-10-30T15:29:34.733 回答
0

似乎 $name 值没有发布到表单中。如果 name 变量已设置且不为空,您将对其进行 mysql_escaping,但如果 name 变量根本没有设置会发生什么?没有对此进行检查,因此它会一直持续到到达 INSERT 语句并导致错误为止。

在此处查看示例 #1以选择数据库。($databasename); 后面有一个分号;这是没有意义的。

于 2012-10-30T15:13:28.650 回答
0

这是一些修改后的代码,使用 PDO 而不是 mysql_*。让我知道这个是否有效,我们可以从那里解决任何问题。

<?php

            $host = 'localhost';
            $dbname = 'sitememberdetails';
            $user = '';
            $pass = '';
            try
            {
                $DB = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass); 
            }
            catch(PDOException $e)
            {  
                echo $e->getMessage();  
            }

            if(isset($_POST['name']) && !empty($_POST['name']) AND isset($_POST['email']) && !empty($_POST['email']))
            {  
                $name = $_POST['name'];  
                $email = $_POST['email'];
            }
            else
            {
                $name = 'No Name';  
                $email = 'No Email';
            }

            if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email))
            {
                $msg = 'The email you have entered is invalid, please try again.';  
            }else{  
                $msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been send to your email.';  
            }  

            $hash = md5( rand(0,1000) ); 
            $password = rand(1000,5000); 

            $query = "INSERT INTO registrations (username, password, email, hash) VALUES('?', '?', '?', '?')";
            $sth = $DB->prepare($query);
            //By using ?'s and prepare/execute, PDO will prevent SQL Injection for you!
            $sth->execute(array($name, md5($password), $email, $hash));

            $to      = $email; // Send email to our user  
            $subject = 'Signup | Verification'; // Give the email a subject  
            $message = 'Thanks for signing up! Your account has been created, 
                        you can login with the following credentials after you 
                        have activated your account by pressing the url below. 
                        Username: '.$name.' 
                        Password: '.$password.' 

                        Please click this link to activate your account: 
                        http://www.yourwebsite.com/verify.php?email='.$email.'& 

                        hash='.$hash;  
            $headers = 'From:noreply@yourwebsite.com' . "\r\n"; // Set from header  
            mail($to, $subject, $message, $headers); // Send our email  
?>
于 2012-10-30T15:15:10.523 回答