-3

我有一个带有 php 表单验证的 php 注册脚本。验证似乎工作正常,但它独立于 mysql 插入查询,因此无论表单输入是否正确,数据仍将沉入数据库。

<!DOCTYPE html>
<html lang="en">
<head>
<meta content="en-us" http-equiv="Content-Language">
<link rel="stylesheet" href="style.css" type="text/css" media="all">
<title>
Register Page
</title>
</head>
<body>
<div id="wrapper">
<!--header-->
<?php include("include/header.php"); ?>

<!-- end header-->
<!-- nav-->
<?php include("include/nav.php"); ?>

<!-- end nav-->
<!-- left bar-->
<?php include("include/left_bar.php"); ?>
<!-- end left bar-->
<!-- content-->
<div id="content" align="left">
<form method="post" action="check_register.php">
First Name: <br><input type="text" name="fname" ><br>
<?php if (isset($_POST["submit"])&&(empty($fname)))
{ echo"<center><em><div id='form'>Please Your Frist Name Is Required<br></div></em></center>";}?>
Last Name: <br><input type="text" name="lname" ><br>
<?php if (isset($_POST["submit"])&&(empty($lname)))
{ echo"<center><em><div id='form'>Please Your Last Name Is Required<br></div></em></center>";}?>
User Name: <br><input type="text" name="username" ><br>
<?php if (isset($_POST["submit"])&&(empty($username)))
{ echo"<center><em><div id='form'>Please Your User Name Is Required<br></div></em></center>";}?>
Email:<br> <input type="email" name="email" ><br>
<?php if (isset($_POST["submit"])&&(empty($email)))
{ echo"<center><em><div id='form'>Please Your Email Is Required<br></div></em></center>";}?>
Password: <br><input type="Password" name="password" ><br>
<?php if (isset($_POST["submit"])&&(empty($password)))
{ echo"<center><em><div id='form'>Please a Password Is Required<br></div></em></center>";}?>
Phone: <br><input type="tel" name="phone" ><br>
<?php if (isset($_POST["submit"])&&(empty($phone)))
{ echo"<center><em><div id='form'>Please Your Number Is Required<br></div></em></center>";}?>
Gender: <br><input type="text" name="gender" ><br>
<?php if (isset($_POST["submit"])&&(empty($gender)))
{ echo"<center><em><div id='form'>Please Your Gender Is Required<br></div></em></center>";}?>
<input type="submit" name="submit" value="Register">
</form>
</div>
<!-- end content-->
<!-- right bar-->
<?php include("include/right_bar.php"); ?>
<!-- end right bar-->

<!-- footer-->
<?php include("include/footer.php"); ?>
</div>
<!-- end footer-->
</body>
</html>

那是我的 register.php 包含 php 表单验证。

这是包含 mysql 查询的 check_register

有人请用主眼帮我找出问题

    <?php
$host="localhost";
$dbuser="root";
$dbpass="";
$db_name="login";
$db_table="login";
mysql_connect("$host","$dbuser","$dbpass")
or die("Could Not Establish Connection");
mysql_select_db("$db_name")or die(mysql_error());

$fname=$_POST["fname"];
$lname=$_POST["lname"];
$username=$_POST["username"];
$email=$_POST["email"];
$password=$_POST["password"];
$phone=$_POST["phone"];
$gender=$_POST["gender"];
//validation of input in the form fieldS
include("register.php");

$submit=mysql_query("INSERT INTO users(fname,lname,username,email,password,phone,gender)VALUES('$fname','$lname','$username','$email','$password','$phone','$gender')") or die("REGISTRATION NOT COMPLETED Thanks");
if($submit==TRUE){
Echo"<div style='background:yellow;'><script>alert('YOU HAVE SUCESSFULLY REGISTERED PLEASE LOGIN WITH YOUR USERNAME AND PASSWORD');</script></div>";
}
?>
4

4 回答 4

4

这是因为您的action="check_register.php".so 当您submit的表单直接转到.so 时check_register.php。无需在表单中查找任何内容。因此,您必须在check_register.php. 就这样。

于 2013-10-31T12:11:40.507 回答
1

添加到@Nabin Kunwar:

首先了解客户端和服务器端语言之间的区别。php是一种服务器端语言,这意味着它只会在服务器中执行。

1.所以你不能在html文件中写php验证。

现在了解表单中的 wat 'action'。它包含插入到表单中的数据的地址,即查询字符串(名称=值对)将进行处理。它主要包含 php 文件或其他一些服务器端语言的地址file.so 如果该值存在于数据库中,则将在服务器而不是客户端进行评估。

2.因此,如果您想动态生成任何错误消息,而不是使用 ajax,它将在用户填写表单时充当客户端和服务器之间的通信媒介,或者您也可以通过 php 来完成,但只会显示错误消息当用户按下提交按钮时,如果您不想在表单中放置提交按钮,您也可以使用 javascript。

于 2013-10-31T13:48:31.607 回答
0 
<?php
$host="localhost";
$dbuser="root";
$dbpass="";
$db_name="login";
$db_table="login";
mysql_connect("$host","$dbuser","$dbpass")
or die("Could Not Establish Connection");
mysql_select_db("$db_name")or die(mysql_error());

$fname=$_POST["fname"];
$lname=$_POST["lname"];
$username=$_POST["username"];
$email=$_POST["email"];
$password=$_POST["password"];
$phone=$_POST["phone"];
$gender=$_POST["gender"];
//validation of input in the form fieldS        
include("register.php");
 if (isset($fname) && isset($lname) && isset($username) && isset($email) && isset($password)&& isset($phone) && $isset($gender) ){
$submit=mysql_query("INSERT  INTO users(fname,lname,username,email,password,phone,gender)VALUES('$fname','$lname','$username','$email','$password','$phone','$gender')") or die("REGISTRATION NOT COMPLETED Thanks");
}
if($submit==TRUE){
Echo"<div style='background:yellow;'><script>alert('YOU HAVE SUCESSFULLY REGISTERED PLEASE LOGIN WITH YOUR USERNAME AND PASSWORD');</script></div>";
} 
?>

这就是答案。

于 2013-11-09T19:33:35.933 回答
0

一方面......卫生在哪里?!?您应该使用用户可以操作mysql_real_escape_string()所有变量。

其次,javascript 端代码不会阻止用户提交表单。您还必须在服务器端验证用户的输入(通过使用类似的代码if (empty($_POST['foo'])) { reject and go back })。即使您在一切都有效之前禁用了提交按钮,禁用 javascript 也会禁用这些检查。

于 2013-10-31T11:58:15.547 回答