-1

有人可以向我解释我的注册页面有什么问题吗?数据库连接很好,但是当我检查表时没有任何新用户。

我的 HTML

<form action="register.php" method="post">
<input type="text" name="username" placeholder="username"><br/>
<input type="password" name="password" placeholder="password"><br/>
<input type="text" name="email" placeholder="E-mail"><br/>
<input type="submit" value="Submit">
</form>

我的 PHP

<?php

$user_name = "mah user name";
$password = "mah password";
$database = "Peoples";
$server = "mysql6.000webhost.com";

$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);
$username = test_input($_POST["username"]);
$email = test_input($_POST["email"]);
$password = $_POST["password"];
$registered=0;

if ($db_found) {

$SQL = "INSERT INTO users (username,password,email,registered) VALUES ($username, $password, $email,$registered)";

$result = mysql_query($SQL);

mysql_close($db_handle);

print "Records added to the database";

}
else {

print "Database NOT Found ";
mysql_close($db_handle);

}

function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}

抱歉,如果代码太多。?>

4

2 回答 2

0

尝试将函数 test_data 放在值之前。

<?php

  $user_name = "mah user name";
  $password = "mah password";
  $database = "Peoples";
  $server = "mysql6.000webhost.com";

  $db_handle = mysql_connect($server, $user_name, $password);
  $db_found = mysql_select_db($database, $db_handle);

  function test_input($data){
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
  }

  $username = test_input($_POST["username"]);
  $email = test_input($_POST["email"]);
  $password = $_POST["password"];
  $registered=0;


  /* or you could use PHP built in filters

  $username  = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
  $password  = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
  $email     = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
  */


  $SQL = "INSERT INTO users (username,password,email,registered) VALUES ('$username','$password','$email','$registered')";

  $result = mysql_query($SQL) or die(mysql_error());

  if($result) {
    echo 'Registration was successfull.';
  }
  else {
    echo 'Registration was not successfull';

  }

mysql_close($db_handle);
?>

更多关于内置过滤器PHP Filters

于 2013-09-21T01:45:12.153 回答
0

我以前遇到过这些问题,通常需要一点怀疑,因为 MySQL 错误不会显示为 PHP 错误 - 因此不会打印到页面上。就我个人而言,我会在 PHP 中使用 MySQLi,因为它对几件事有更好的支持,如果你想要细节,只需进行谷歌搜索,有时 SQL 可能只需要使用 ` 字符将表和数据库名称包装在查询中(1 个键的左侧在 Windows 键盘上)

尝试改用以下代码:

<?php
    // Init databse connection
    $db_handle = new mysqli("mysql6.000webhost.com","username","password","Peoples") or die("Database connection error");

    // check connection
    if ($db_handle->connect_errno) {
        printf("Connect failed: %s\n", $mysqli->connect_error);
        exit();
    }

    // Strip function for query string
    function test_input($data){
        $data = trim($data);
        $data = stripslashes($data);
        $data = htmlspecialchars($data);
        return $data;
    }

    $username = test_input($_POST["username"]);
    $email = test_input($_POST["email"]);
    $password = $_POST["password"];
    $registered=0;

    // Try insert query, sometimes wrapping the table name in ` characters solves the issue - only use on database and table names not values
    if($result = $db_handle->query("INSERT INTO `users` (username,password,email,registered) VALUES ('$username','$password','$email','$registered');")) {
        echo 'Records added to the database';
        // free result set
        $result->close();
    }
    else {
        echo 'Database NOT Found';
    }

    $db_handle->close();
?>

unset($var); 也是一个好习惯。' 但老实说,如果您期望的流量很少,则无需担心。

如果您在数据库中保存用户数据,那么保存原始密码可能会让人们感到不安,如果数据从您那里被盗,您真的不应该这样做,然后您必须向所有用户解释为什么有人到处乱跑他们喜欢用于登录的所有内容的用户名和密码。

你应该使用:

$password = hash('sha256',$_POST['password']);

并存储该字符串或您喜欢的任何其他哈希变体 - sha256 恰好是我喜欢使用的那个。当用户尝试登录时,您应该再次对他们提供的密码进行哈希处理,并根据存储在数据库中的哈希值进行检查。

最后,如果某些用户在线输入密码,他们可能更喜欢您为您的域使用 SSL 加密,如果您不熟悉,请再次进行谷歌搜索,任何其他问题我会尽我所能回答:)

于 2013-09-21T02:22:42.690 回答