-3

我的 register.php 页面有问题。一旦我完成了所有表格,这就是

完整的错误信息:

无法运行查询:SQLSTATE [42000]:语法错误或访问冲突:1064 您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,以在 ') VALUES ('peterusername', 'fcebef48582240a' 附近使用正确的语法,第 16 行

注意“peterusername”是我输入的用户名。

顺便说一句,使用 Bootstrap v3.0

     <?php                  
    require("config.php");
    if(!empty($_POST)) 
    { 
        // Ensure that the user fills out fields 
        if(empty($_POST['username'])) 
        { die("Please enter a username."); } 
        if(empty($_POST['password'])) 
        { die("Please enter a password."); } 
        if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) 
        { die("Invalid E-Mail Address"); }                                                  
           if(empty($_POST['name'])) 
        { die("Please enter your name."); } 
           if(empty($_POST['gender'])) 
        { die("Please enter your gender."); } 
           if(empty($_POST['dateofbirth'])) 
        { die("Please enter your Date or Birth."); } 
           if(empty($_POST['nric'])) 
        { die("Please enter your NRIC."); } 
           if(empty($_POST['address'])) 
        { die("Please enter your address."); } 
            if(!filter_var($_POST['postalcode'], FILTER_SANITIZE_NUMBER_INT)) 
        { die("Invalid Postal Code"); } 
        if(!filter_var($_POST['mobilenumber'], FILTER_SANITIZE_NUMBER_INT)) 
        { die("Invalid Mobile Number"); } 
           if(empty($_POST['profession'])) 
        { die("Please enter your profession."); } 

       // =====================================================  

        // Check if the username is already taken
        $query = " 
            SELECT 
                1 
            FROM users 
            WHERE 
                username = :username 
        "; 
        $query_params = array( ':username' => $_POST['username'] ); 
        try { 
            $stmt = $db->prepare($query); 

            $result = $stmt->execute($query_params); 

        } 
        catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage()); } 
        $row = $stmt->fetch(); 
        if($row){ die("This username is already in use"); } 


        $query = " 
            SELECT 
                1 
            FROM users 
            WHERE 
                email = :email 
        "; 
        $query_params = array( 
            ':email' => $_POST['email'] 
        ); 
        try { 
            $stmt = $db->prepare($query);      
            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage());} 
        $row = $stmt->fetch(); 
        if($row){ die("This email address is already registered"); } 



        $query = " 
            SELECT 
                1 
            FROM users 
            WHERE 
                nric = :nric 
        "; 
        $query_params = array( ':nric' => $_POST['nric'] ); 
        try { 
            $stmt = $db->prepare($query);       
            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage()); } 
        $row = $stmt->fetch(); 
        if($row){ die("This NRIC is already in use"); }  


                $query = " 
            SELECT 
                1 
            FROM users 
            WHERE 
                mobilenumber = :mobilenumber 
        "; 
        $query_params = array( ':mobilenumber' => $_POST['mobilenumber'] ); 
        try { 
            $stmt = $db->prepare($query);       
            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage()); } 
        $row = $stmt->fetch(); 
        if($row){ die("This Mobile Number is already in use"); }  





        //---------------------------------------------------- Add row to database 
        $query = " 
            INSERT INTO users ( 
                username, 
                password, 
                salt, 
                email,
                name,
                gender,
                dateofbirth,
                nric,
                address,
                postalcode,
                mobilenumber,
                profession,


            ) VALUES ( 
                :username, 
                :password, 
                :salt, 
                :email, 
                :name,
                :gender,
                :dateofbirth,
                :nric,
                :address,
                :postalcode,
                :mobilenumber,
                :profession,

            ) 
        "; 

        // Security measures
        $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647)); 
        $password = hash('sha256', $_POST['password'] . $salt); 
        for($round = 0; $round < 65536; $round++){ $password = hash('sha256', $password . $salt); } 
        $query_params = array( 
            ':username' => $_POST['username'], 
            ':password' => $password, 
            ':salt' => $salt, 
            ':email' => $_POST['email'], 
            ':name' => $_POST['name'], 
            ':gender' => $_POST['gender'], 
            ':dateofbirth' => $_POST['dateofbith'], 
            ':nric' => $_POST['nric'], 
            ':address' => $_POST['address'], 
            ':postalcode' => $_POST['postalcode'], 
            ':mobilenumber' => $_POST['mobilenumber'], 
            ':profession' => $_POST['profession'], 
        ); 
        try {  
            $stmt = $db->prepare($query); 

            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage()); } 
        header("Location: successful.php"); 
        die("Redirecting to successful.php"); 
    }                              

?>




<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="">
    <meta name="author" content="">
    <link rel="shortcut icon" href="../../assets/ico/favicon.png">

    <title>Sign Up -</title>

    <!-- Bootstrap core CSS -->
    <link href="css/bootstrap.css" rel="stylesheet">

    <!-- Custom styles for this template -->
    <link href="jumbotron.css" rel="stylesheet">

    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
    <!--[if lt IE 9]>
      <script src="../../assets/js/html5shiv.js"></script>
      <script src="../../assets/js/respond.min.js"></script>
    <![endif]-->
  </head>

<body>
  <?php 
if (empty($_SESSION['user']))
 {
 include_once("header.php");
 }
else     {
      include_once("header2.php");
      }?>

               <div class="page-header">
      <div class="container">

    <h1> Register  </h1>


    <form action="register2.php" method="post" role="form"> 
    <div class="form-group">
        <label>Username:</label> 
        <input type="text" name="username" value="" /> 

        </div>
                 <div class="form-group">
        <label>Email: <strong style="color:darkred;">*</strong></label> 
        <input type="text" name="email" value="" /> 
              </div>

                             <div class="form-group">
        <label>Password:</label> 
        <input type="password" name="password" value="" /> <br /><br />
                                </div>

         <div class="form-group">
          <label>Name:</label> 
        <input type="text" name="name" value="" /> 
                           </div>





                                 <div class="form-group">   
                                 <label>Gender:</label> 
                         <div class="radio">

  <label>
    <input type="radio" name="gender" id="male" value="male" checked>
    Male
  </label>
</div>
<div class="radio">
  <label>
    <input type="radio" name="gender" id="female" value="female">
    Female
  </label>
</div>  
            </div>  




                               <div class="form-group">            
        <label>Date of Birth:</label> 
        <input type="text" name="dateofbirth" value="" /> 
                                </div>


                        <div class="form-group">           
        <label>NRIC:</label> 
        <input type="text" name="nric" value="" /> 
                              </div>

                                 <div class="form-group"> 
        <label>Address:</label> 
        <input type="text" name="address" value="" /> 
                               </div>

                                <div class="form-group">      
        <label>Postal Code:</label> 
        <input type="text" name="postalcode" value="" /> 
                          </div>


                                <div class="form-group">   
        <div class="input-group">
  <span class="input-group-addon">+65</span>
  <input type="text" name="mobilenumber" value="" class="form-control" placeholder="Mobile Number">
</div>
 </div>



                    <div class="form-group">   
        <label>Profession:</label> 
        <input type="text" name="profession" value="" /> 
                </div>

        <input type="submit" class="btn btn-info" value="Register" /> 
    </form>
</div>
</div>
      <?php include_once("footer.php");?>
</body>
</html>
4

1 回答 1

0

问题是查询中的语法问题。指出错误时非常清楚,但是您可以这样做:

你有(正如@andrewsi 指出的那样)几个杂散的逗号:

 $query = " 
        INSERT INTO users ( 
            username, 
            password, 
            salt, 
            email,
            name,
            gender,
            dateofbirth,
            nric,
            address,
            postalcode,
            mobilenumber,
            profession, <== This comma is extra.  Remove it.
        ) VALUES ( 
            :username, 
            :password, 
            :salt, 
            :email, 
            :name,
            :gender,
            :dateofbirth,
            :nric,
            :address,
            :postalcode,
            :mobilenumber,
            :profession, <== This comma is also extra.  Remove.
        ) 
    "; 

这样您的查询看起来像这样:

 $query = " 
        INSERT INTO users ( 
            username, 
            password, 
            salt, 
            email,
            name,
            gender,
            dateofbirth,
            nric,
            address,
            postalcode,
            mobilenumber,
            profession
        ) VALUES ( 
            :username, 
            :password, 
            :salt, 
            :email, 
            :name,
            :gender,
            :dateofbirth,
            :nric,
            :address,
            :postalcode,
            :mobilenumber,
            :profession
        ) 
    "; 
于 2013-10-16T16:36:32.097 回答