0

注册.php

<?php

include("db.php");
if (isset($_POST['email']) && isset($_POST['password']) && isset($_POST['name']) &&  isset($_POST['password2']) && isset($_POST['name']) && isset($_POST['address']) && isset($_POST['city']) && isset($_POST['state']))

{
    $con=mysqli_connect("localhost", "useradmin", "FNEpsTa6qvmRjBBf", "userdata") or die("failed to connect");
    //Prevent SQL injections
    $name = mysql_real_escape_string($_POST['name']);
    $email = mysql_real_escape_string($_POST['email']);
    $address = mysql_real_escape_string($_POST['address']);
    $city = mysql_real_escape_string($_POST['city']);
    $password = mysql_real_escape_string($_POST['password']);
    $password2 = mysql_real_escape_string($_POST['password2']);

    //Get MD5 hash of password
    $password = md5($_POST['password']);
    $query="SELECT email FROM users WHERE email = '".$email."'";
    $query2="INSERT INTO users (name, email, address, city, state, password) VALUES ('$name', '$email', '$address', '$city', '$state', '$password');";
    //Check to see if email exists
    $sql = mysqli_query($con, $query);
    $rows=(mysqli_num_rows($sql));
    if($rows>0)
    {
        die ("email taken.");
    }
    if($password<>$password2)
    {
        die ("passwords do not match");
    }

    $sql = mysqli_query($con, $query2);
    if($sql)
        header(location:welcome.php);

}
?>

<html></html>
<center>
<form action="register.php" method="post">
<table>
<tr><td>Name: </td><td><input name="name" type="text" /></td></tr>
<tr><td>Email:</td><td> <input name="email" type="text" /></td></tr>
<tr><td>Address: </td><td><input name="address" type="text" /></td></tr>
<tr><td>City: </td><td><input name="city" type="text" /></td></tr>
<tr><td>State: </td><td><select name="State"> 
<option value="" selected="selected">Select a State</option> 
<option value="AL">Alabama</option> 
<option value="AK">Alaska</option> 
<option value="AZ">Arizona</option> 
<option value="AR">Arkansas</option> 
<option value="CA">California</option> 
<option value="CO">Colorado</option> 
<option value="CT">Connecticut</option> 
<option value="DE">Delaware</option> 
<option value="DC">District Of Columbia</option> 
<option value="FL">Florida</option> 
<option value="GA">Georgia</option> 
<option value="HI">Hawaii</option> 
<option value="ID">Idaho</option> 
<option value="IL">Illinois</option> 
<option value="IN">Indiana</option> 
<option value="IA">Iowa</option> 
<option value="KS">Kansas</option> 
<option value="KY">Kentucky</option> 
<option value="LA">Louisiana</option> 
<option value="ME">Maine</option> 
<option value="MD">Maryland</option> 
<option value="MA">Massachusetts</option> 
<option value="MI">Michigan</option> 
<option value="MN">Minnesota</option> 
<option value="MS">Mississippi</option> 
<option value="MO">Missouri</option> 
<option value="MT">Montana</option> 
<option value="NE">Nebraska</option> 
<option value="NV">Nevada</option> 
<option value="NH">New Hampshire</option> 
<option value="NJ">New Jersey</option> 
<option value="NM">New Mexico</option> 
<option value="NY">New York</option> 
<option value="NC">North Carolina</option> 
<option value="ND">North Dakota</option> 
<option value="OH">Ohio</option> 
<option value="OK">Oklahoma</option> 
<option value="OR">Oregon</option> 
<option value="PA">Pennsylvania</option> 
<option value="RI">Rhode Island</option> 
<option value="SC">South Carolina</option> 
<option value="SD">South Dakota</option> 
<option value="TN">Tennessee</option> 
<option value="TX">Texas</option> 
<option value="UT">Utah</option> 
<option value="VT">Vermont</option> 
<option value="VA">Virginia</option> 
<option value="WA">Washington</option> 
<option value="WV">West Virginia</option> 
<option value="WI">Wisconsin</option> 
<option value="WY">Wyoming</option>
</select></td></tr>
<tr><td>Password: </td><td><input type="password" name="password" /></td></tr>
<tr><td>Confirm Password: </td><td><input type="password" name="password2" /></td></tr>
<tr><td><input type="submit" value="Submit" /></td></tr>
</table>
</form></center>

页面运行没有错误,但没有显示在数据库中我输入数据并点击提交,这将我返回到没有错误的页面,但信息从未插入到我的数据库中。数据库连接也很好,因为我已经检查过了。但下面是数据库的导出。

CREATE DATABASE userdata;
USE userdata;


CREATE TABLE IF NOT EXISTS `users` (
  `Name` varchar(50) NOT NULL,
  `Address` varchar(50) NOT NULL,
  `City` varchar(25) NOT NULL,
  `State` varchar(2) NOT NULL,
  `Email` varchar(25) NOT NULL,
  `Password` varchar(25) NOT NULL,
  PRIMARY KEY (`Email`),
  UNIQUE KEY `Password` (`Password`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

在 php myadmin 中使用该密码创建了用户,所以我知道这很好。

4

2 回答 2

0

尝试添加

if ($con->connect_error) {
die('Connect Error (' . $con->connect_errno . ') '
        . $con->connect_error);
}

连接到数据库后。我还要补充

$sql = mysqli_query($con, $query2);
if($sql) {
    header(location:welcome.php);
} else {
    echo mysqli_error($con);
}

查看您的查询可能出现的错误。

于 2013-04-14T04:32:38.250 回答
0

由于您使用的是 mysqli 扩展,而不是 mysql,因此您必须使用mysqli_real_escape_string()而不是mysql_real_escape_string().

但是您确实应该使用准备好的语句,而不是在查询中插入变量。然后,您根本不必担心转义值。这是使用 mysqli 或 PDO 而不是 mysql 的主要好处之一。

于 2013-04-14T04:16:52.607 回答