我正在做一个朋友的项目,我负责设计一个简单的网站来与他的数据库交互。我为他的一个页面编写了以下代码:
<!DOCTYPE html>
<html>
<head>
<title>Narcissus-OTS</title>
<meta charset="utf-8" />
<!--<meta http-equiv="refresh" content="3;url=./account.php" />-->
</head>
<body>
<?php include("./common/database.php"); ?>
<?php
//Grabs user-submitted credentials from previous page
$accountid = mysql_escape_string($_POST["acc"]);
$password = mysql_escape_string($_POST["pass"]);
$confirmation = mysql_escape_string($_POST["passtwo"]);
//Insures there is no duplicate database entry for accountid
$querycheck = $db->query("
SELECT *
FROM accounts a
WHERE a.name = $accountid
");
$checkifone = $querycheck->rowCount();
//If no duplicate entry...
if ($checkifone == 1) {
echo "There is already an account with that name; please choose a different account number.";
} else {
//Confirms if passwords match
if ($password == $confirmation) {
$passhash = sha1($password);
$database = $db->query("
INSERT INTO accounts
VALUES (NULL , '$accountid', '$passhash', '65535', '0', '', '1', '0', '0', '1');
");
echo "Your account has been successfully created.";
//If passwords do not match
} else {
echo "Your passwords did not match, please try again.";
}
}
?>
</body>
</html>
当我加载页面并查看页面源时,它似乎没有显示终止</body>或终止</html>标签。我跟踪了我的代码,看不到任何丢失的分号或括号。对于我的生活,我无法弄清楚这一点。它仅在密码不匹配时正确显示终止标签(最底部的嵌套 else 语句)。
编辑; 在有人说之前,我知道mysql_escape_string它已被弃用。
编辑2;database.php 看起来像...
<?php
$SERVER = "localhost";
$USERNAME = "redacted";
$PASSWORD = "redacted";
$DATABASE = "redacted";
$db = new PDO("mysql:dbname={$DATABASE}; host={$SERVER}", $USERNAME, $PASSWORD);
$db->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
?>