我对 PHP 相当陌生,我正在阅读 Robin Nixon 的 Learning PHP, MySQL, JavaScript & CSS 2nd edition。我正在通过脚本将用户名和密码插入数据库。这本书说输入代码以从表单字段中插入数据。我试图这样做(在 /* / 之间),但查询给了我错误。此外,当我省略查询时,也没有错误。 当我输入查询时,在 / */中的注释之后的 javascript 中会显示一个错误。
<?php // adduser.php
require_once 'login.php';
$forename = $surname = $username = $password = $age = $email = "";
if (isset($_POST['forename']))
$forename = fix_string($_POST['forename']);
if (isset($_POST['surname']))
$surname = fix_string($_POST['surname']);
if (isset($_POST['username']))
$username = fix_string($_POST['username']);
if (isset($_POST['password']))
$password = fix_string($_POST['password']);
if (isset($_POST['email']))
$email = fix_string($_POST['email']);
$fail = validate_forename($forename);
$fail .= validate_surname($surname);
$fail .= validate_username($username);
$fail .= validate_password($password);
$fail .= validate_age($age);
$fail .= validate_email($email);
echo "<html><head><title>An Example Form</title>";
if ($fail == "") {
echo "</head><body>Form data successfully validated: $forename,
$surname, $username, $password, $age, $email.</body></html>";
/* require_once 'login.php';
$db_server = mysqli_connect($db_hostname, $db_username, $db_password,
$db_database) or die('Error connecting to MySQL server.');
$forename = mysqli_real_escape_string(db_server, trim($_POST['forename']));
$surname = mysqli_real_escape_string(db_server, trim($_POST['surname']));
$username = mysqli_real_escape_string(db_server, trim($_POST['username']));
$password = mysqli_real_escape_string(db_server, trim($_POST['password']));
$email = mysqli_real_escape_string(db_server, trim($_POST['email']));
$query = "INSERT INTO users VALUES" . "('$forename', '$surname', ".
"'$username', '$password', '$email');
$result = mysqli_query($db_server, $query); ".
"or die('Error querying database.');
mysqli_close($db_database); */
exit;
}
echo <<<_END
<style>.signup { border: 1px solid #999999;
font: normal 14px helvetica; color:#444444; }</style>
<script type="text/javascript">
function validate(form)
{
fail = validateForename(form.forename.value)
fail += validateSurname(form.surname.value)
fail += validateUsername(form.username.value)
fail += validatePassword(form.password.value)
fail += validateEmail(form.email.value)
if (fail == "") return true
else { alert(fail); return false }
}
</script></head><body>
<table class="signup" border="0" cellpadding="2"
cellspacing="5" bgcolor="#eeeeee">
<th colspan="2" align="center">Signup Form</th>
<tr><td colspan="2">Sorry, the following errors were found<br />
in your form: <p><font color=red size=1><i>$fail</i></font></p>
</td></tr>
<form method="post" action="adduser.php"
onSubmit="return validate(this)">
<tr><td>Forename</td><td><input type="text" maxlength="32"
name="forename" value="$forename" /></td>
</tr><tr><td>Surname</td><td><input type="text" maxlength="32"
name="surname" value="$surname" /></td>
</tr><tr><td>Username</td><td><input type="text" maxlength="16"
name="username" value="$username" /></td>
</tr><tr><td>Password</td><td><input type="text" maxlength="12"
name="password" value="$password" /></td>
</tr><tr><td>Age</td><td><input type="text" maxlength="3"
name="age" value="$age" /></td>
</tr><tr><td>Email</td><td><input type="text" maxlength="64"
name="email" value="$email" /></td>
</tr><tr><td colspan="2" align="center">
<input type="submit" value="Signup" /></td>
</tr></form></table>
<script type="text/javascript">
function validateForename(field) {
if (field == "") return "No Forename was entered.\\n"
return ""
}
function validateSurname(field) {
if (field == "") return "No Surname was entered.\\n"
return ""
}
function validateUsername(field) {
if (field == "") return "No Username was entered.\\n"
else if (field.length < 5)
return "Usernames must be at least 5 characters.\\n"
else if (/[^a-zA-Z0-9_-]/.test(field))
return "Only letters, numbers, - and _ in usernames.\\n"
return ""
}
function validatePassword(field) {
if (field == "") return "No Password was entered.\\n"
else if (field.length < 6)
return "Passwords must be at least 6 characters.\\n"
else if (! /[a-z]/.test(field) ||
! /[A-Z]/.test(field) ||
! /[0-9]/.test(field))
return "Passwords require one each of a-z, A-Z and 0-9.\\n"
return ""
}
function validateAge(field) {
if (isNaN(field)) return "No Age was entered.\\n"
else if (field < 18 || field > 110)
return "Age must be between 18 and 110.\\n"
return ""
}
function validateEmail(field) {
if (field == "") return "No Email was entered.\\n"
else if (!((field.indexOf(".") > 0) &&
(field.indexOf("@") > 0)) ||
/[^a-zA-Z0-9.@_-]/.test(field))
return "The Email address is invalid.\\n"
return ""
}
</script></body></html>
_END;
function validate_forename($field) {
if ($field == "") return "No Forename was entered<br />";
return "";
}
function validate_surname($field) {
if ($field == "") return "No Surname was entered<br />";
return "";
}
function validate_username($field) {
if ($field == "") return "No Username was entered<br />";
else if (strlen($field) < 5)
return "Usernames must be at least 5 characters<br />";
else if (preg_match("/[^a-zA-Z0-9_-]/", $field))
return "Only letters, numbers, - and _ in usernames<br />";
return "";
}
function validate_password($field) {
if ($field == "") return "No Password was entered<br />";
else if (strlen($field) < 6)
return "Passwords must be at least 6 characters<br />";
else if (!preg_match("/[a-z]/", $field) ||
!preg_match("/[A-Z]/", $field) ||
!preg_match("/[0-9]/", $field))
return "Passwords require 1 each of a-z, A-Z and 0-9<br />";
return "";
}
function validate_email($field) {
if ($field == "") return "No Email was entered<br />";
else if (!((strpos($field, ".") > 0) &&
(strpos($field, "@") > 0)) ||
preg_match("/[^a-zA-Z0-9.@_-]/", $field))
return "The Email address is invalid<br />";
return "";
}
function fix_string($string) {
if (get_magic_quotes_gpc()) $string = stripslashes($string);
return htmlentities ($string);
}
?>