我遇到的问题是我有两种形式。student_register.php 和 student_verify.php 因此,当用户填写注册表并提交时,表单会发布到 student_verify.php,但会忽略 student_register.php 上的所有 php 脚本。它忽略了我放下的所有验证约束。看下面(它确实连接到 MySQL)
我有一个名为 student_register.php 的表单,其中包括以下代码:
<?php
include_once("scripts/global2.php");
mysql_connect("mysql.cms.gre.ac.uk","****","****") or die("Could not connect to server");
mysql_select_db("mdb_mj046") or die("Could not select database");
$message = '';
if(isset($_POST['username'])) {
$username = $_POST['username'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$dob = $_POST['dob'];
$gender = $_POST['gender'];
$addline1 = $_POST['addline1'];
$addline2 = $_POST['addline2'];
$city = $_POST['city'];
$postcode = $_POST['postcode'];
$phone = $_POST['phone'];
$mobile = $_POST['mobile'];
$email = $_POST['email'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
$college_id = $_POST['college_id'];
//error handeling
//If all the fields have been inserted
if ( (!$username) || (!$fname) || (!$lname) || (!$dob) || (!$gender) || (!$addline1) || (!$addline2) || (!$city) || (!$postcode) ||(!$phone) || (!$mobile) || (!$email) || (!$pass1) || (!$pass2) || (!$college_id) ) {
$message = 'Please insert all fields in the form below!';
}else{
//Checking if the password matches
if($pass1 != $pass2){
$message = 'Your password fields do not match!';
}else{
//securing the data, if passwords do match
$username = preg_replace("#[^0-9a-z]#i","",$username);
$fname = preg_replace("#[^0-9a-z]#i","",$fname);
$lname = preg_replace("#[^0-9a-z]#i","",$lname);
$dob = preg_replace("#[^0-9a-z]#i","",$dob);
$gender = preg_replace("#[^0-9a-z]#i","",$gender);
$addline1 = preg_replace("#[^0-9a-z]#i","",$addline1);
$addline2 = preg_replace("#[^0-9a-z]#i","",$addline2);
$city = preg_replace("#[^0-9a-z]#i","",$city);
$postcode = preg_replace("#[^0-9a-z]#i","",$postcode);
$phone = preg_replace("#[^0-9a-z]#i","",$phone);
$mobile = preg_replace("#[^0-9a-z]#i","",$mobile);
//Encrypts the password
$pass1 = sha1($pass1);
//Gets rid of any unwanted characters
$email = mysql_real_escape_string($email);
//Check for Dublicates-USERNAME
$user_query = mysql_query("SELECT username FROM students WHERE username='$username' LIMIT 1") or die ("Could not check username");
$count_username = mysql_num_rows($user_query);
//Check for Dublicates-EMAIL
$email_query = mysql_query("SELECT email FROM students WHERE email='$email' LIMIT 1") or die ("Could not check username");
$count_email = mysql_num_rows($email_query);
if($count_username > 0){
$message = 'Your username is already in use';
}else if($count_email > 0){
$message = 'Your email is already in use!';
}else{
///Insert the members into the DB
$query=mysql_query("INSERT INTO students (username, fname, lname, dob, gender, addline1, addline2, city, postcode, phone, mobile, email, password, activationKey, active, college_id) VALUES ('$username','$fname', '$lname','$dob', '$gender', '$addline1','$addline2', '$city','$postcode','$phone','$mobile', '$email','$password', '$activationKey', '','$college_id' )") or die ("Could not insert your information");
$student_id = mysql_insert_id();
$message = 'You have now been registered!';
//insert the members
}
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Register to my website</title>
<link href="css/global.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="container center">
<h1>Register to my site by filling the fields below!</h1>
<h3>Student Need to Register!</h3>
<p><?php print("$message");?></p>
<form action="student_verify.php" method="post" >
<table width="318" border="1" align="center">
<tr>
<td width="100">Username:</td>
<td width="144"><input type="text" name="username" placeholder="Username" /> </td>
</tr>
<tr>
<td>First Name:</td>
<td><input type="text" name="fname" placeholder="Firstname" /></td>
</tr>
<tr>
<td>Last Name: </td>
<td><input type="text" name="lname" placeholder="Lastname" /></td>
</tr>
<tr>
<td>Date of Birth:</td>
<td><input type="text" name="dob" placeholder="Date of Birth" /></td>
</tr>
<tr>
<td>Gender: </td>
<td><input type="text" name="gender" placeholder="Gender" /></td>
</tr>
<tr>
<td>Address: </td>
<td><input type="text" name="addline1" placeholder="Address Line 1" /></td>
</tr>
<tr>
<td> </td>
<td><input type="text" name="addline2" placeholder="Address Line 2" /></td>
</tr>
<tr>
<td>City: </td>
<td><input type="text" name="city" placeholder="City" /></td>
</tr>
<tr>
<td>Postcode:</td>
<td><input type="text" name="postcode" placeholder="Postcode" /></td>
</tr>
<tr>
<td>Phone Number:</td>
<td><input type="text" name="phone" placeholder="Phone Number" /></td>
</tr>
<tr>
<td>Mobile Number:</td>
<td><input type="text" name="mobile" placeholder="Mobile Number" /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type="text" name="email" placeholder="Email Address" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="pass1" placeholder="Password" /></td>
</tr>
<tr>
<td>Confirm:</td>
<td><input type="password" name="pass2" placeholder="Validate Password" /></td>
</tr>
<tr>
<td>College ID: </td>
<td><input type="text" name="college_id" placeholder="College ID" /></td>
</tr>
</table>
<p>
<input type="hidden" name="submitted" value="1"/>
<br />
<input type="submit" value="Register!" /> <br/>
<a href="index.php">Go Back </a>
</p>
</form>
</div>
</body>
</html>
问题是,student_register.php 中的所有 PHP 代码都没有运行,它不检查错误或什么都不检查,它只是发布到 student_verify.php,这意味着插入的代码没有运行。这就是我的 student_verify.php 的样子:
<?php
error_reporting (E_ALL ^ E_NOTICE);
session_start();
mysql_connect("mysql.cms.gre.ac.uk","****","*****") or die("Could not connect to server");
mysql_select_db("mdb_mj046") or die("Could not select database");
$note='';
if ($_POST['submitted']==1) {
##User is registering, insert data until we can activate it
$activationKey = rand(12345,98765);
$username = mysql_real_escape_string($_POST['username']);
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$dob = mysql_real_escape_string($_POST['dob']);
$gender = mysql_real_escape_string($_POST['gender']);
$addline1 = mysql_real_escape_string($_POST['addline1']);
$addline2 = mysql_real_escape_string($_POST['addline2']);
$city = mysql_real_escape_string($_POST['city']);
$postcode = mysql_real_escape_string($_POST['postcode']);
$phone = mysql_real_escape_string($_POST['phone']);
$mobile = mysql_real_escape_string($_POST['mobile']);
$email = mysql_real_escape_string($_POST['email']);
$password = sha1($_POST['pass1']);
$college_id = mysql_real_escape_string($_POST['college_id']);
$sql="INSERT INTO students (username, fname, lname, dob, gender, addline1, addline2, city, postcode, phone, mobile, email, password, activationKey, active, college_id) VALUES ('$username','$fname', '$lname','$dob', '$gender', '$addline1','$addline2', '$city','$postcode','$phone','$mobile', '$email','$password', '$activationKey', '','$college_id' )";
if (!mysql_query($sql))
{
die('Error:ERROR !! ' . mysql_error());
}
echo
$note="An email has been sent to" .$_POST[email]. "with an activation key. Our systems are going to verify that you are a member of your institue. Please check your mail to complete registration.";
##Send activation Email
$to = $_POST[email];
$subject = " E-Attendance Tracking & Monitoring System";
$message = "Welcome to our website!\r\rYou, or someone using your email address, has completed registration at Greenwich Freecycle. You can complete registration by clicking the following link:\rhttp:stuweb.cms.gre.ac.uk/~mj046/membership2/verify.php?$activationKey\r\rIf this is an error, ignore this email and you will be removed from our mailing list.\r\rRegards,\ Greenwich Freecycle Team";
$headers = 'From: noreply@ RBGFreecycle.com' . "\r\n" .
'Reply-To: noreply@ mj046@greenwich.ac.uk' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
ini_set("sendmail_from","mj046@greenwich.ac.uk");
mail($to, $subject, $message, $headers);
} else {
##User isn't registering, check verify code and change activation code to null, status to activated on success
$queryString = $_SERVER['QUERY_STRING'];
$query = "SELECT * FROM students";
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_array($result)){
if ($queryString == $row["activationKey"]){
echo $note="Congratulations!" . $row["username"] . " is now the proud new owner of an Greennwich Freecycle Website.com account.Please click here to access your account Profile Page ";
$sql="UPDATE students SET activationKey = '', active='1' WHERE (student_id = $row[student_id])";
if (!mysql_query($sql))
{
die('Error: ' . mysql_error());
}
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Verification Page</title>
<link href="css/global.css" rel="stylesheet" type="text/css">
</head>
<body>
<div class="container center" >
<h3> Verification Page</h3>
<form action="verify.php" method="POST">
<p><?php print("$note");?></p>
<a href="student_login.php">Login</a>
</form>
</div>
</body>
</html>
我不明白为什么它无法验证 student_register.php 上的数据,谁能帮助我,亲切的问候