0

对不起,我是 php 新手,所以请耐心等待。我正在创建一个用户界面,当我注册时它说我已经注册但它没有将数据存储到数据库中。有人可以帮帮我吗!

 <?PHP
$uname = "";
$pword = "";
$errorMessage = "";
$num_rows = 0;

function quote_smart($value, $handle) {

   if (get_magic_quotes_gpc()) {
       $value = stripslashes($value);
   }

   if (!is_numeric($value)) {
       $value = "'" . mysql_real_escape_string($value, $handle) . "'";
   }
   return $value;
}

if ($_SERVER['REQUEST_METHOD'] == 'POST'){


    $uname = $_POST['username'];
    $pword = $_POST['password'];

    $uname = htmlspecialchars($uname);
    $pword = htmlspecialchars($pword);

    $uLength = strlen($uname);
    $pLength = strlen($pword);

    if ($uLength >= 10 && $uLength <= 20) {
        $errorMessage = "";
    }
    else {
        $errorMessage = $errorMessage . "Username must be between 10 and 20 characters" . "<BR>";
    }

    if ($pLength >= 8 && $pLength <= 16) {
        $errorMessage = "";
    }
    else {
        $errorMessage = $errorMessage . "Password must be between 8 and 16 characters" . "<BR>";
    }



    if ($errorMessage == "") {

    $user_name = "root";
    $pass_word = "";
    $database = "user authentication";
    $server = "127.0.0.1";

    $db_handle = mysql_connect($server, $user_name, $pass_word);
    $db_found = mysql_select_db($database, $db_handle);

    if ($db_found) {

        $uname = quote_smart($uname, $db_handle);
        $pword = quote_smart($pword, $db_handle);


        $SQL = "SELECT * FROM login WHERE USERNAME = $uname";
        $result = mysql_query($SQL);
        $num_rows = mysql_num_rows($result);

        if ($num_rows > 0) {
            $errorMessage = "Username already taken";
        }

        else {

            $SQL = "INSERT INTO login (L1, L2) VALUES ($uname, md5($pword))";

            $result = mysql_query($SQL);

            mysql_close($db_handle);

        //=================================================================================
        //  START THE SESSION AND PUT SOMETHING INTO THE SESSION VARIABLE CALLED login
        //  SEND USER TO A DIFFERENT PAGE AFTER SIGN UP
        //=================================================================================

            session_start();
            $_SESSION['login'] = "1";

            header ("Location: page1.php");

        }

    }
    else {
        $errorMessage = "Database Not Found";
    }




    }

}


?>

    <html>
    <head>
    <title>Basic Login Script</title>


    </head>
    <body>


<FORM NAME ="form1" METHOD ="POST" ACTION ="signup.php">

Username: <INPUT TYPE = 'TEXT' Name ='username'  value="<?PHP print $uname;?>" maxlength="20">
Password: <INPUT TYPE = 'TEXT' Name ='password'  value="<?PHP print $pword;?>" maxlength="16">

<P>
<INPUT TYPE = "Submit" Name = "Submit1"  VALUE = "Register">


</FORM>
<P>

<?PHP print $errorMessage;?>

    </body>
    </html>
4

2 回答 2

0

在此处输入链接描述$SQL = "INSERT INTO login (L1, L2) VALUES ($uname, md5($pword))";

您没有将值插入到正确的字段中,它会出现。您将在$unameL1 和md5($pword)L2 中插入,但在上面的选择查询中,用户名的字段名称不同,我认为密码的字段名称相同。

$SQL = "SELECT * FROM login WHERE USERNAME = $uname";

最有可能的是,您的插入查询应该是这样的:

$SQL = "INSERT INTO login (USERNAME, PASSWORD) VALUES ('{$uname}', MD5('{$pword}'))";

我在用户名和密码周围添加了单引号,因为大概它们是字符串。此外,我在变量周围添加了花括号,以区分什么是 SQL 和什么是 PHP。

最后一件事,我会按照Willem 的建议使用PDO进行检查

于 2013-03-24T19:49:15.927 回答
0

您可能还想使用 PDO,然后您不必清理用户输入,因为 PDO 会为您处理这些。您可能希望创建一个包含所有连接详细信息的文件,如下所示:

   <?php

          define('DB_HOST', 'localhost');
          define('DB_NAME', 'user authentication');
          define('DB_USER', 'root');
          define('DB_PASS', '');
          define('DSN', 'mysql:host='. DB_HOST . ';dbname=' . DB_NAME);

    ?>

然后,您可能想要创建一个类来连接到您的数据库,例如:

<?php

    class database{

    public function databaseConnect(){
            /*Creates a new instance of the PDO called $db.
             * NOTE: the use of DSN, DB_USER and so on.  These variable live in the dbsettings file.
            */
            $db = new PDO(DSN,DB_USER,DB_PASS);
            $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
            return $db;
        }
    }

?>

然后您可能想要创建一个类来注册您的用户,例如:

<?php

    //Include the database class file to allow access to properties and methods within that class.
    require_once 'class.database.php';


    //echo 'I am database class file now included in the users class file. <br />';

    //This method will be user to check if the user enter the correct username password pair.
    class users{


        public function checkValidUser($username){
            $userExists = false;
            try {
                $db = database::databaseConnect();

                $stmt = $db->prepare('SELECT uname FROM table WHERE uname=:username');
                $stmt->bindParam(':uname', $username, PDO::PARAM_STR);
                $stmt->execute();

                if ($stmt->rowCount() == 1){
                    $userExists = true;
                }

                $db = null;

            } catch (PDOException $e) {
                $userExists = false;
            }
            return $userExists;
        }

        public function addUser($firstname, $lastname, $username,$password){
            $success = true;
            //Connect to the database
            try {
                $db = database::databaseConnect();
                //$db->databaseConnect();

                $stmt = $db->prepare('INSERT INTO table (FirstName, LastName, Username, Password) VALUES (:firstname, :lastname, :username, :password)');
                $stmt->bindParam(':firstname', $firstname, PDO::PARAM_STR);
                $stmt->bindParam(':lastname', $lastname, PDO::PARAM_STR);
                $stmt->bindParam(':username', $username, PDO::PARAM_STR);
                $stmt->bindParam(':password', $password, PDO::PARAM_STR);
                $success = $stmt->execute();

                if ($success){

                    $success = true;
                }

                $db = null;

            } catch (PDOException $e) {
                //echo 'There was an error adding a new user.  Please go back and try again.  If this problem persits please contact the administrator.';
                $success = false;
            }
            return $success;
        }


?>

希望这会有所帮助。

于 2013-03-24T19:32:25.310 回答