0

`我正在尝试从注册表单向数据库输入数据,但它似乎不起作用,我认为我做了正确的编码我不确定我在哪里做错了我逐个阅读代码并且我创建的所有数据库都遵循。

<form method='post' action='login.php'>
<table width='400' border='5' align='CENTER'>

<tr>
<td><h1>Registration</h1></td>

</tr>

<tr>
<td>User Name:</td>
<td><input type='text' name='name'/></td>
</tr>

<tr>
<td>Password:</td>
<td><input type='password' name='pass'/></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email'/></td>
</tr>
<tr>
<td><input type='submit' name='register' value='register'/></td>

</tr>

</table>
</form>

<?php
    $connect=mysql_connect("localhost","root","");
    $db_selected = mysql_select_db("users_db", $connect); 
    if(isset($_POST['submit'])){

    $users_name = $_POST['name'];
    $users_pass = $_POST['pass'];
    $users_email = $_POST['email'];

    if($users_name==''){
    echo "<script>alert('Please enter your Username')</script>";
        exit();
    }

    if($users_pass==''){
    echo "<script>alert('Please enter your password')</script>";
        exit();
    }

    if($users_email==''){
    echo "<script>alert('Please enter your email')</script>";
        exit();
    }

    $check_email="select*from 
    users where 
    users_email='$users_email'";

    $run = 
    mysql_query($check_email) or
    die(mysql_error());


    if(mysql_num_rows($run)>0){

    echo"<script>alert('Email $users_email 
    is already exist in our databse, please try another 
    one')</script>";  exit();
    }


    $query = "insert into users 
    (users_name,users_pass,users_email) values('
    $users_name','$users_pass','$users_email')";


    { 
        $result = mysql_query($query) 
        or die(mysql_error());
    }

    echo"<script>alert
    window.open('','_self')</script>";
    }

?>
4

1 回答 1

1

将初始分配更改为:

$users_name = mysql_real_escape_string($_POST['name']);
$users_pass = mysql_real_escape_string($_POST['pass']);
$users_email = mysql_real_escape_string($_POST['email']);

以避免字段中的特殊字符出现问题,以及防止 SQL 注入。

将插入查询更改为:

$query = "insert into users (users_name,users_pass,users_email)
          values('$users_name','$users_pass','$users_email')";

您之前有一个无关的换行符和空格$users_name,因此它们被插入到数据库中。

于 2013-10-17T21:57:25.500 回答