0

对不起,我是 php 新手,所以请耐心等待。我正在创建一个用户界面,当我注册时它说我已经注册但它没有将数据存储到数据库中。此外,每次我注册时都会出现错误“您的 SQL 语法有错误;请查看与您的 MySQL 服务器版本相对应的手册,以在第 1 行的 'testing101''' 附近使用正确的语法。” 有人可以帮帮我吗!

   <?PHP

$uname = "";
$pword = "";
$errorMessage = "";
$num_rows = 0;

function quote_smart($value, $handle) {

   if (get_magic_quotes_gpc()) {
       $value = stripslashes($value);
   }

   if (!is_numeric($value)) {
       $value = "'" . mysql_real_escape_string($value, $handle) . "'";
   }
   return $value;
}

if ($_SERVER['REQUEST_METHOD'] == 'POST'){


    $uname = $_POST['username'];
    $pword = $_POST['password'];

    $uname = htmlspecialchars($uname);
    $pword = htmlspecialchars($pword);


    $uLength = strlen($uname);
    $pLength = strlen($pword);

    if ($uLength >= 10 && $uLength <= 20) {
        $errorMessage = "";
    }
    else {
        $errorMessage = $errorMessage . "Username must be between 10 and 20 characters" . "<BR>";
    }

    if ($pLength >= 8 && $pLength <= 16) {
        $errorMessage = "";
    }
    else {
        $errorMessage = $errorMessage . "Password must be between 8 and 16 characters" . "<BR>";
    }


    if ($errorMessage == "") {

    $user_name = "root";
    $pass_word = "";
    $database = "user authentication";
    $server = "127.0.0.1";

    $db_handle = mysql_connect($server, $user_name, $pass_word);
    $db_found = mysql_select_db($database, $db_handle);

    if ($db_found) {

        $uname = quote_smart($uname, $db_handle);
        $pword = quote_smart($pword, $db_handle);




        $SQL = "SELECT * FROM login WHERE USERNAME = '".$uname."'";
        $result = mysql_query($SQL)or die(mysql_error());
        $num_rows = mysql_num_rows($result);

        if ($num_rows > 0) {
            $errorMessage = "Username already taken";
        }

        else {


    $SQL = "INSERT INTO login (USERNAME, PASSWORD) VALUES ('{$uname}', MD5('{$pword}'))"; 
            $result = mysql_query($SQL);

            mysql_close($db_handle);

        //=================================================================================
        //  START THE SESSION AND PUT SOMETHING INTO THE SESSION VARIABLE CALLED login
        //  SEND USER TO A DIFFERENT PAGE AFTER SIGN UP
        //=================================================================================

            session_start();
            $_SESSION['login'] = "1";

            header ("Location: page1.php");

        }

    }
    else {
        $errorMessage = "Database Not Found";
    }




    }

}


?>

    <html>
    <head>
    <title>Basic Login Script</title>


    </head>
    <body>


<FORM NAME ="form1" METHOD ="POST" ACTION ="signup.php">

Username: <INPUT TYPE = 'TEXT' Name ='username'  value="<?PHP print $uname;?>" maxlength="20">
Password: <INPUT TYPE = 'TEXT' Name ='password'  value="<?PHP print $pword;?>" maxlength="16">

<P>
<INPUT TYPE = "Submit" Name = "Submit1"  VALUE = "Register">


</FORM>
<P>

<?PHP print $errorMessage;?>

    </body>
    </html>
4

1 回答 1

2

你在双引号你的文字:

smart_quote()在您的函数中添加了 1 组引号。
在您的实际查询中添加了一组引号,因此您正在生产:

INSERT .... VALUES (''$uname'', ''$password'');

如果您在处理查询调用时有适当的错误,您会看到:

$result = mysql_query($sql) or die(mysql_error());
                           ^^^^^^^^^^^^^^^^^^^^^^
于 2013-03-25T16:49:07.223 回答