1

我正在使用 php 创建简单的注册表单。我已经使用 php 完成了验证检查,它工作正常.. Select 语句可以正常检查用户名是否退出.. 但是在这里我插入数据时遇到问题.. 提交时没有任何反应。这是完整的代码..所有代码都很好问题是插入部分..请看一下..

<h3>* Required Fields<br/>  </h3>
         <?php 
         if(isset($_POST['username'])){ 
    # connect to the database here 
    # search the database to see if the user name has been taken or not 
    include 'config.php'; 
    $username=$_POST['username'];

    $query = "SELECT * FROM account WHERE userid='$username' "; 
    //$sql = mysql_query($query); 
    //$row = mysql_fetch_array($sql);

    $sql=mysql_query($query) or die($sql.">>".mysql_error());
    $row=mysql_num_rows($sql);
    //if($num>0){ //check if

    #check too see what fields have been left empty, and if the passwords match 
    if($row>0|| empty($_POST['fname'])||empty($_POST['lastname'])|| empty($_POST['username'])||empty($_POST['password1'])|| empty($_POST['password2'])|| empty($_POST['day'])|| empty($_POST['Month'])|| empty($_POST['year'])|| empty($_POST['gender']) || empty($_POST['contact'])||$_POST['password1']!=$_POST['password2']|| $_POST['gender_select']='gender'|| $_POST['month_select']='month'|| $_POST['day_select']='day'|| $_POST['year_select']='year'){ 
        # if a field is empty, or the passwords don't match make a message 
        $error = '<h4>'; 

        if(empty($_POST['fname'])){ 
            $error .= 'First Name can\'t be empty<br>'; 
        } 
        if(empty($_POST['lastname'])){ 
            $error .= 'Last Name can\'t be empty<br>'; 
        } 
        if(empty($_POST['username'])){ 
            $error .= 'Email can\'t be empty<br>'; 
        } 
        if(empty($_POST['password1'])){ 
            $error .= 'Password can\'t be empty<br>'; 
        } 
        if(empty($_POST['password2'])){ 
            $error .= 'You must re-type your password<br>'; 
        } 

        if(empty($_POST['contact'])){ 
            $error .= 'contact is not selected<br>'; 
        } 
        if($_POST['password1']!=$_POST['password2']){ 
            $error .= 'Passwords don\'t match<br>'; 
        } 
        if($row>0){ 
            $error .= 'User Name already exists<br>'; 
        } 
        if($_POST['gender_select'] == 'gender'){
        $error.= "Please select a gender<br>";
        }
        if($_POST['month_select'] == 'month'){
        $error.= "Please select a month<br>";
        }
        if($_POST['day_select'] == 'day'){
        $error.= "Please select a day<br>";
        }
        if($_POST['year_select'] == 'year'){
        $error.= "Please select a year<br>";
        }

        $error .= '</h4>'; 
    }else{ 

                $ftname=$_POST['fname'];
                $lastname=$_POST['lastname'];
                $gender=$_POST['gender'];
                $bday=$_POST['day_select'];
                $byear=$_POST['year_select'];
                $bmonth=$_POST['month_select'];
                $username=$_POST['username'];
                $password=$_POST['password1'];
                $contact=$_POST['contact'];
        $query= mysql_query(" insert into Account (firstname,lastname,gender,bday,byear,bmonth,userid,password,contactno) values 
                             ('$ftname','$lastname','$gender','$bday','$byear','$bmonth','$username','$password','$contact')") or die(mysql_error());

                if($query){

                    echo "New record was saved.";  
               // echo "<script>alert('Congratulation! You Create account successfully! ')</script>";
                          }
                else
                {
                     echo "Sorry no record saved.";
                }
    } 
} 
# echo out each variable that was set from above, 
# then destroy the variable. 
if(isset($error)){ 
    echo $error; 
    unset($error); 
} 
?> 

        </div>

            <form id="send" name="form" method="post" action="">

                <p>

                <label for="name">Name *</label>
                <input type="text" name="fname"  />
                </p>

                <p>
                <label for="lastnamme">Father Name *</label>
                <input type="text" name="lastname"  />
                </p>

                <p>

                <label for="username">Email Address *</label>
                <input type="text" name="username"  />
                </p>

                <p>

                <label for="password">Password *</label>
                <input type="password" name="password1"  />
                </p>
                 <p>

                <label for="cpassword">Confirm Password *</label>
                <input type="password" name="password2"   />
                </p>

                <p>
                <label for="dob">Date of Birth *</label>
                <select name="day_select">
                 <option value="day" >Day&nbsp;</option>
                  <?php for($i=0;$i<=31;$i++)
                                {
                                 ?>
            <option value="<?php echo $i; ?>"><?php echo $i."<br>"; ?></option>
            <?php } ?>
          </select>

          &nbsp;
          <select name="month_select"  >
              <option value="month" >Month*</option>

              <option value="January">January</option>
              <option value="February">February</option>
              <option value="March">March</option>
              <option value="April">April</option>
              <option value="May">May</option>
              <option value="June">June</option>
              <option value="July">July</option>
              <option value="August">August</option>
              <option value="September">September</option>
              <option value="October">October</option>
              <option value="November">November</option>
              <option value="December">December</option>
              <option value="unknown" >Unknown</option>
            </select>
            &nbsp;
           <select name="year_select" >
           <option value="year" >Year&nbsp;&nbsp;</option>
            <?php for($i=1920;$i<=2013;$i++)
                                {
                                 ?>

            <option value="<?php echo $i; ?>"><?php echo  $i."<br>"; ?></option>
            <?php } ?>
          </select>

                </p>

                <p>

                <label for="genderr">Gender *</label>

                <select name="gender_select"  >
                <option value="gender">Gender </option>
                <option value="male">Male </option>
                <option value="female">Female</option>
                <option value="other">other</option>
                </select>
                </p>

                <p>
                <label for="contactno">Contact No *</label>
                <input type="text" name="contact"  />
                </p>

                <p>


                <input type="submit" id="submit" name="submit" value="Sign Up" />
                </p>

            </form>




            </div>

        <!--END #signup-inner -->
        </div>

    <!--END #signup-form -->   
    </div>

            </div>

            </div><!-- end content -->

        </div><!-- end main -->

        <?php include('footer.php'); ?>
    </body>
4

2 回答 2

2

您现在应该使用 MySQLi 而不是 MySQL。而且您还绝对需要先检查您的输入以避免 SQL 注入!

$ftname=mysqli_real_escape_string($con, $_POST['fname']);
$lastname=mysqli_real_escape_string($con, $_POST['lastname']);
$gender=mysqli_real_escape_string($con, $_POST['gender']);
$bday=mysqli_real_escape_string($con, $_POST['day_select']);
$byear=mysqli_real_escape_string($con, $_POST['year_select']);
$bmonth=mysqli_real_escape_string($con, $_POST['month_select']);
$username=mysqli_real_escape_string($con, $_POST['username']);
$password=mysqli_real_escape_string($con, $_POST['password1']);
$contact=mysqli_real_escape_string($con, $_POST['contact']);

mysqli_query($con, "INSERT INTO Account
(firstname,lastname,gender,bday,byear,bmonth,userid,password,contactno) 
VALUES ('".$ftname."','".$lastname."','".$gender."','".$bday."','".$byear."','".$bmonth."','".$username."','".$password."','".$contact."')") 
or die(mysqli_error($con));

但是,您需要在脚本的开头定义 $con。这是与 MySQL 数据库的连接 -

$con=mysqli_connect("localhost","username","password","databasename");

希望有帮助:)

于 2013-10-13T21:35:26.420 回答
0

您没有在插入语句中正确连接您的值。应该

mysql_query(" 插入 Account (firstname,lastname,gender,bday,byear,bmonth,userid,password,contactno) 值 ('".$ftname."','".$lastname."','".$gender ."','".$bday."','".$byear."','".$bmonth."','".$username."','".$password."',' ".$contact."')") 或 die(mysql_error());

但是要小心你的方法很容易发生 sql 注入。您不应该将源自公共表单的值直接连接到 sql 查询。您需要仔细转义这些值或使用 PDO 准备好的语句。

于 2013-10-13T20:10:53.017 回答