1

我的代码如下:

<?php

require("db.php");

if(isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email'])){

    //prevent SQL injections
    $username = mysql_real_escape_string($_POST['username']);
    $email = mysql_real_escape_string($_POST['email']);

    //get MD5 hash of password
    $password = md5($_POST['password']);

    //check to see if username exists
    $sql = mysql_query("SELECT Username FROM Users WHERE Username = '".$username."'");

    if(mysql_num_rows($sql)>0){
        die ("Username taken. Please pick a different Username");
    }

    mysql_query("INSERT INTO Users (Username, Password, Email, UserType)
                VALUES ('$username','$password','$email','3')") 
        or die (mysql_error()); 

    echo "Account Created.";
}    
?>

<html>
    <form action="register.php" method="post">
        Username: <input name="username" ID="username" type="text"/><br>
        Password: <input name"password" id="password" type="password"/><br>
        Email: <input name="email" id="email" type="text" /><br>
        <input type = "submit" value = "Submit"/>

    </form>

</html>

我不确定为什么没有创建我的用户。在过去的几个小时里,我已经尝试过研究,但我不确定为什么会出错......它看起来对我来说......

如果有人可以提供任何帮助,那就太好了。谢谢。

编辑:

<?php

session_start();

$host="<myDBHost>"; // Host name 
$localusername="<myDBusername>";
$localpassword="<myDBpassword";
$database_name="<mydbName>";

mysql_connect("$host", "$localusername", "$localpassword")
    or die("An error occured while establishing a connection to the DB.");
mysql_select_db($database_name);
4

1 回答 1

1

在此处查看如何设置变量的使用:

"SELECT Username FROM Users WHERE Username = '".$username."'"

您需要始终在整个脚本中执行此操作:

"INSERT INTO Users (Username, Password, Email, UserType)
            VALUES ('".$username."','".$password."','".$email."','3')"

还有其他方法可以做到这一点,但只需选择一种并坚持下去。

正如我上面所说:

不要md5()在密码上使用。您应该使用盐和散列算法。请不要mysql_*新代码中使用函数。它们不再被维护并被正式弃用。看到红框了吗?改为了解准备好的语句,并使用PDOMySQLi -本文将帮助您决定使用哪个。如果您选择 PDO,这里有一个很好的教程

好的,这是一个基于您的代码的框架,它将帮助您从正确的方向开始使用 mysqli。请记住,您仍然需要始终验证用户输入并对密码进行散列和加盐。还有更好的方法来显示您的错误。我这样做是为了帮助您调试脚本。

    <?php
session_start();
define("DB_HOST", "your host");     
define("DB_USERNAME", "your username");          
define("DB_PASSWORD", "your password"); 
define("DB_NAME", "database name");

if(isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']))
    {
    $Mysqli = new mysqli(DB_HOST, DB_USERNAME, DB_PASSWORD, DB_NAME);
        if ($Mysqli->connect_errno)
            {
                echo "Failed to connect to MySQL: (" . $Mysqli->connect_errno . ") " . $Mysqli->connect_error;
                $Mysqli->close();
            }   
    //prevent SQL injections you should validate these with form validation functions
    $username = $_POST['username'];
    $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
    //get MD5 hash of password - this should be hashed and salted
    $password = md5($_POST['password']);
    //first query check if user name exist
    $query = "SELECT Username FROM Users WHERE Username = ?";

    if(!$stmt = $Mysqli->prepare($query))
          {
             echo "Failed to Prepare Query: (" . $stmt->errno . ") " . $stmt_error;

          }
    if(!$stmt->bind_param("s",$username))
          {
             echo "Failed to bind Query: (" . $stmt->errno . ") " . $stmt_error;
          }
    if($stmt->execute())
         {    
            $stmt->store_result();
            if($stmt->num_rows>0)
                {
                    die ("Username taken. Please pick a different Username");
                }
            $stmt->free_result();
        }
    //second query put user in database 
    $query = "INSERT INTO Users (Username, Password, Email, UserType)VALUES (?,?,?,?)";

    if(!$stmt = $Mysqli->prepare($query))
          {
             echo "Failed to Prepare Query: (" . $stmt->errno . ") " . $stmt_error;

          }
    if(!$stmt->bind_param("sssi",$username,$password,$email,3))
          {
             echo "Failed to bind Query: (" . $stmt->errno . ") " . $stmt_error;
          }
    if($stmt->execute())
         {    
            echo "Account Created.";
            $stmt->close();
        }
        else
            {   
                echo "Could not create account at this time.";
            }
    }
    else
        {
?>

<html>
    <form action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>" method="post">
        Username: <input name="username" ID="username" type="text"/><br>
        Password: <input name"password" id="password" type="password"/><br>
        Email: <input name="email" id="email" type="text" /><br>
        <input type = "submit" value = "Submit"/>

    </form>

</html>

<?PHP
}
?>
于 2013-01-15T00:49:32.047 回答