0

我在 PHP 中有一个“注册”页面,我希望脚本在单击 HTML 按钮时运行。

PHP 基本上检查所有字段是否填写,检查密码和电子邮件确认是否相同并保存到数据库。

这是代码:

<?php
$Name = isset($_POST['Name']);
$Surname = isset($_POST['Surname']);

$Username = isset($_POST['Username']);

$Email = isset($_POST['Email']);
$C_Email = isset($_POST['C_Email']);

$Password = isset($_POST['password']);
$C_Password = isset($_POST['c_password']);

$SecQ = isset($_POST['SecQ']);
$SecA = isset($_POST['SecA']);


$con = mysql_connect('localhost', 'admin', 'storefile1234');
mysql_select_db ("storefile");

$check_username = mysql_query("SELECT FROM users WHERE username = '$Username'");
$check_email = mysql_query("SELECT FROM users WHERE Email = '$Email'");


if (!$con)
        {
        die('Could not connect: ' . mysql_error());
        }

if ($Name == null || $Surname== null || $Username == null || $Password == null || $C_Password == null || $Email == null || $C_Email == null || $SecQ == null || $SecA == null ) {

    echo "Missing details. Please enter all fields.";


} else {

    if(mysql_num_rows($check_username) != 0 && mysql_num_rows($check_email) != 0)
            {
            echo "Username/Email already exists";
            }
            if  ($Email == $C_Email && $Password == $C_Password) {

                $query = "INSERT INTO users (Username, Name,Surname, Password, Email, SecQ, SecA) VALUES ('NULL', ".$Username."', ".$Name."', ".$Surname."', ".$Password."', ".$SecQ."', ".$SecA."', ".$Email.')"';

                mysql_query($query) or die ('Error registering.');

                echo "Greetings, ".$Name.", you have been registered. ";

    }  else {

        echo "Error registering your account. Please try again.";
            }

 }


?>

还有,推荐吗?

每当我运行此页面时,都会Missing details. Please enter all fields.显示,而无需输入任何详细信息。

你怎么做到这一点?

4

3 回答 3

2

你想通过和喜欢这个函数来获取值isset($_POST['Username']);......
但是文档说:Returns TRUE if var exists and has value other than NULL, FALSE otherwise.

所以检查一下true,坚果null。并在之后转义您的 POST 数据。

你可以这样做:

$Name = isset($_POST['Name']) ? mysql_real_escape_string($_POST['Name']) : null;


PS请再次。不要使用mysql_*函数。它们已弃用
查看PDO(或mysqli_*)

于 2012-12-05T15:58:12.430 回答
0

你滥用isset

尝试这样的事情:

$Name = null;
if (isset($_POST['Name'])) {
    $Name = $_POST['Name'];
}

isset只是检查是否设置了值。

于 2012-12-05T15:58:28.060 回答
0

对于首次加载页面时打印该消息的问题,请使用 array_key_exists 函数测试用户是否已经提交了某些内容,然后再检查任何字段是否为空。像这样的东西:

if (array_key_exists('Name', $_POST) || array_key_exists('Surname', $_POST) || ... ) 
    if ($Name == null || $Surname== null || ... ) 
        echo "Missing details. Please enter all fields.";

观察:您不能将 isset 函数用于相同目的,因为根据 php 文档,它“确定变量是否已设置且不为 NULL

于 2012-12-05T16:08:48.833 回答