-1

我编写了以下这段代码,如果 pswd = 重新键入 pswd 并稍后将以下值插入表中(不是),它必须回显“注册成功”。它只是简单地回显注册成功,但这些值并未插入到 TABLE 中。我很确定我在我的 PHP 代码中连接到数据库失败,请更正我的代码!我的代码如下:

<?php

session_start();
include('header.php');

$mysql_host = 'localhost';
$mysql_user = 'root';
$mysql_pass = '1234';

$mysql_db = "my_db";

if (!mysql_connect($mysql_host, $mysql_user, $mysql_pass) || !mysql_select_db($mysql_db))
 {
die(mysql_error());
}

if( isset( $_REQUEST['namevar'] ) ){

$nmvar = $_REQUEST['namevar'];
$email = $_REQUEST['name1'];
$psvar = $_REQUEST['p1'];
$cpsvar = $_REQUEST['p2'];
$gender = $_REQUEST['r1'];
$clvar = $_REQUEST['t2'];
$plvar = $_REQUEST['t1'];


if($psvar == $cpsvar)
{
$sql = "INSERT INTO `users` (name,email,password,confirm password,gender,college,place) 
VALUES ('$nmvar','$email','$psvar','$cpsvar','$gender','$clvar','$plvar')";
mysql_query($sql);
echo "Signup successful";
}
else
{
echo "Password Mismatch";
}   
}
?>
<form action="" method="post">
Name:
<input type="text" name="namevar" /><br/>
E-mail:
<input type="text" name="name1" /><br/>
Password:
<input type="password" name="p1" /><br/>
Confirm Password:
<input type="password" name="p2" /><br/>
Gender:
<input type="radio" name="r1" />
Male
<input type="radio" name="r1" />
Female
<br/>
Location:
<input type="text" name="t1" /><br/>
College:
<input type="text" name="t2" /><br/>
<input type="submit" value="submit" /><br/>
<input type="reset" value="reset" />
</form>
4

1 回答 1

1

在将数据提交到数据库之前,您应该对数据使用 mysql_real_escape_string() 函数。否则,您的代码将面临 SQL 注入的风险。

于 2013-03-29T17:11:20.003 回答