Javascript Php表单数据未通过用户名检查提交到mysql数据库
表单正在加载到注册页面。但在给出任何输入后,它不会存储在MySQL数据库上,而且也不会检查用户名的可用性 这里是HTML代码部分:Javascript Php表单数据未通过用户名检查提交到mysql数据库,javascript,php,jquery,html,mysql,Javascript,Php,Jquery,Html,Mysql,表单正在加载到注册页面。但在给出任何输入后,它不会存储在MySQL数据库上,而且也不会检查用户名的可用性 这里是HTML代码部分: <html> <link type="text/css" rel="stylesheet" href="design.css"> <div class ="cus_head"> </div> <body> <center> <h1 style="color:#1AAB3
<html>
<link type="text/css" rel="stylesheet" href="design.css">
<div class ="cus_head"> </div>
<body>
<center> <h1 style="color:#1AAB30;">Register </h1>
<form method="post" action="reg_process.php">
UserName: <input type="text" name="cus_username" >
<span class="error">* <?php echo $cus_username_err;?></span>
<span id="username_status"></span>
<script type="text/javascript" src="js/jquery.js"></script>
<script type="text/javascript" src="js/users.js"></script>
<br><br>
First Name: <input type="text" name="firstname">
<span class="error">* <?php echo $firstname_err;?></span>
<br><br>
Last Name: <input type="text" name="lastname">
<span class="error">* <?php echo $lastname_err;?></span>
<br><br>
Email Id: <input type="email" name="email">
<span class="error">* <?php echo $email_err;?></span>
<br><br>
Password: <input type="password" name="password">
<span class="error">* <?php echo $password_err;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
</center>
</body>
<div class ="cus_head"> </div>
<?php
$link = mysqli_connect("%", "****", "****", "****");
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
require 'username_check.php';
// define variables and set to empty values
$cus_username = $firstname = $lastname = $email = $password = "";
// defining variable and set to empty value for error
$cus_username_err = $firstname_err = $lastname_err = $email_err = $password_err = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST['cus_username'])) {
$cus_username_err = "UserName is required";
} else {
$cus_username = sanitize($_POST['cus_username']);
}
if (empty($_POST['firstname'])) {
$firstname_err = "First Name is required";
} else {
$firstname = sanitize($_POST['firstname']);
}
if (empty($_POST['lastname'])) {
$lastname_err = "Last Name is required";
} else {
$lastname = sanitize($_POST['lastname']);
}
if (empty($_POST['email'])) {
$email_err = "Email is required";
} else {
$email = sanitize($_POST['email']);
}
if (empty($_POST['password'])) {
$password_err = "password is required";
} else {
$password = sanitize($_POST['password']);
}
}
// attempt insert query execution
$sql = "INSERT INTO ***** (`cus_username`, `firstname`, `lastname`, `email`, `password`) VALUES ('$cus_username', '$firstname', '$lastname','$email,'$password')";
if(mysqli_query($link, $sql)){
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
function sanitize($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
mysqli_close($link);
?>
参考您的用户名检查
脚本-由于ajax函数在keyup
上被触发,因此不太可能完成整个字段,因此在sql中使用like
操作符更有意义。
与其直接在sql语句中嵌入变量,不如使用准备好的语句
——此处的语句使用问号作为占位符,该占位符随后绑定到一个构造的字符串变量,该字符串变量包含$\u POST['username']
在键控时的内容
<?php
/*
username_check.php
*/
if( $_SERVER['REQUEST_METHOD']=='POST' && !empty( $_POST['username'] ) ){
$dbhost = 'localhost';
$dbuser = 'root';
$dbpwd = 'xxx';
$dbname = 'xxx';
$db = new mysqli( $dbhost, $dbuser, $dbpwd, $dbname );
$rows=0;
/*
sql prepared statement using `LIKE` operator
*/
$sql='select * from `TABLE` where `username` like ?';
$stmt = $db->prepare( $sql );
if( $stmt ){
/* Bind the placeholder to an as yet undefined variable - $username */
$stmt->bind_param( 's', $username );
/* Generate the $username variable with trailing % */
$username = $_POST['username']."%";
/* Query the db */
$result = $stmt->execute();
if( $result ){
/* If the query succeeded, get the row count */
$stmt->store_result();
$rows=$stmt->num_rows;
}
/* tidy up */
$stmt->free_result();
$stmt->close();
}
$db->close();
/* Send response back to javascript callback */
exit( $rows > 0 ? "Username already exists" : "Username doesn't exist" );
}
?>
--更新
用于添加新用户的html/php页面
<?php
?>
<!doctype html>
<html>
<head>
<meta charset='utf-8' />
<title>Add a user</title>
<script src='//code.jquery.com/jquery-latest.js' type='text/javascript'></script>
<style>
html, html *{font-family:calibri,verdana,arial;font-size:0.85rem;}
label{clear:both;margin:0.25rem;padding:0.25rem;display:block;width:30%;float:left;}
input[type='submit']{margin:3rem 0;background:green;color:white;clear:both;float:left;}
input[type='text'],
input[type='email'],
input[type='password']{float:right;}
#username_status{color:red;margin:0 0 0 2rem;}
</style>
</head>
<body>
<h1>Register</h1>
<form method='post' action='reg_process.php'>
<!-- the text field needs an id for the ajax function to glom onto -->
<label for='cus_username'>UserName: <input type='text' name='cus_username' id='username' /><span id='username_status'></span></label>
<label for='firstname'>First Name: <input type='text' name='firstname' /></label>
<label for='lastname'>Last Name: <input type='text' name='lastname' /></label>
<label for='email'>Email Id: <input type='email' name='email' /></label>
<label for='password'>Password: <input type='password' name='password' /></label>
<!--
various spans removed for testing
and slight rearrangement using `label`
-->
<input type='submit' />
</form>
<!--
rather than sending an ajax request with each character typed
I updated this to check for a minimal length before sending the
request and also changed the event listener to listen for blur events
so there should only be one request when the user moves to the next
field in the form
-->
<script type='text/javascript'>
$('#username').blur( function(e) {
var status=$('#username_status');
status.text( 'Searching...' );
if( $( this ).val() !== '' && $( this ).val().length > 3 ) {
$.post('php/username_check.php', { username: $(this).val() }, function(data) {
status.text( data );
});
} else {
status.text('');
}
});
</script>
</body>
</html>
<?php
/*
username_check.php
*/
if( $_SERVER['REQUEST_METHOD']=='POST' && !empty( $_POST['username'] ) ){
$dbhost = 'localhost';
$dbuser = 'root';
$dbpwd = 'xxx';
$dbname = 'xxx';
$db = new mysqli( $dbhost, $dbuser, $dbpwd, $dbname );
$rows=0;
/*
sql prepared statement using `LIKE` operator
*/
$sql='select * from `users` where `username` like ?';
$stmt = $db->prepare( $sql );
if( $stmt ){
/* Bind the placeholder to an as yet undefined variable - $username */
$stmt->bind_param( 's', $username );
/* Generate the $username variable with trailing % */
$username = $_POST['username']."%";
/* Query the db */
$result = $stmt->execute();
if( $result ){
/* If the query succeeded, get the row count */
$stmt->store_result();
$rows=$stmt->num_rows;
}
/* tidy up */
$stmt->free_result();
$stmt->close();
}
$db->close();
/* Send response back to javascript callback */
exit( $rows > 0 ? "Username already exists" : "Username doesn't exist" );
}
?>
<?php
/*
reg_process.php
*/
if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['cus_username'], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $_POST['password'] ) ){
$dbhost = 'localhost';
$dbuser = 'root';
$dbpwd = 'xxx';
$dbname = 'xxx';
$db = new mysqli( $dbhost, $dbuser, $dbpwd, $dbname );
$sql = 'insert into `users` (`cus_username`, `firstname`, `lastname`, `email`, `password`) values (?,?,?,?,?);';
$stmt = $db->prepare( $sql );
if( $stmt ){
$username=!empty($_POST['cus_username']) ? $_POST['cus_username'] : false;
$firstname=!empty($_POST['firstname']) ? $_POST['firstname'] : false;
$lastname=!empty($_POST['lastname']) ? $_POST['lastname'] : false;
$email=!empty($_POST['email']) ? $_POST['email'] : false;
$password=!empty($_POST['password']) ? $_POST['password'] : false;
$errors=array();
if( !$username )$errors[]='Please enter a username';
if( !$password )$errors[]='Please enter your password';
if( !$email )$errors[]='Please enter your email';
if( !$firstname )$errors[]='Your firstname is required';
if( !$lastname )$errors[]='Your lastname is required';
if( empty( $errors ) ){
/* bind the variables and execute the sql statement */
$stmt->bind_param('sssss', $username, $firstname, $lastname, $email, $password );
$result = $stmt->execute();
echo $result ? 'Success' : 'Failed';
} else {
foreach( $errors as $error ){
echo $error . '<br />';
}
}
$stmt->close();
$db->close();
}
}
?>
添加用户
html,html*{字体系列:calibri,verdana,arial;字体大小:0.85rem;}
标签{清除:两个;边距:0.25rem;填充:0.25rem;显示:块;宽度:30%;浮动:左;}
输入[type='submit']{margin:3rem 0;背景:绿色;颜色:白色;清除:两者;float:left;}
输入[type='text'],
输入[type='email'],
输入[type='password']{float:right;}
#用户名\状态{颜色:红色;边距:02rem;}
登记
用户名:
名字:
姓氏:
电子邮件Id:
密码:
$('#username').blur(函数(e){
变量状态=$(“#用户名_状态”);
status.text('search…');
如果($(this.val()!=''&$(this.val().length>3){
$.post('php/username_check.php',{username:$(this.val()},函数(数据){
状态.文本(数据);
});
}否则{
状态。文本(“”);
}
});
我按照javascript函数和表单目标建议的目录结构创建了这三个页面,更改了db细节以适应开发环境,并假设一个名为users
的表—运行页面并完成表单。已成功添加新用户。js或php中有任何错误吗?不建议混合使用mysql
和mysqli
,这很可能解释了用户名检查失败的原因。尽管有
sanitize
functionOK,但代码容易受到sql注入的攻击。我在username\u check.php文件中编辑了msqli部分。将其转换为mysql。但仍然不起作用。我没有在用户名检查上添加消毒功能。需要吗?另外,清理功能对于sql注入来说还不够好吗?那么您的建议是什么呢?js或php中没有错误,只是警告,不要直接使用超级全局变量。如果您希望避免SQL注入带来令人不快的意外,请将mysqli
或PDO
与准备好的语句一起使用。mysql的mysql
扩展已被弃用,并已从PHP7+中删除。Hi使用您的代码尝试了它,但它不起作用。数据仍然没有添加到mysql数据库中。我在MariaDB类型的服务器上使用XAMPP。这就是它不起作用的原因吗?抱歉,我是PHP编码新手。PHP错误日志中是否有与此相关的错误?没有错误只是警告,不要直接使用超级全局变量使用NetBeans。我对数据库连接有疑问,因此我创建了一个单独的conn.PHP文件,仅包含连接代码。这给了我以下错误:警告:mysqli::mysqli():php\u network\u getaddresses:getaddrinfo失败:没有已知的主机。在第7行的C:\xampp\htdocs\mimiphp\conn.php中,警告:mysqli::mysqli():(HY000/2002):php\u network\u getaddresses:getaddrinfo失败:未知此类主机。在第7行的C:\xampp\htdocs\mimiphp\conn.php中成功连接。是否确实编辑了代码并插入了正确的数据库连接详细信息和表名?检查\u用户名
脚本有效吗?尝试在代码中的不同点使用调试断点,以查看逻辑的位置-如果在任何点失败,等等
<?php
/*
register.php
*/
if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['cus_username'], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $_POST['password'] ) ){
$dbhost = 'localhost';
$dbuser = 'root';
$dbpwd = 'xxx';
$dbname = 'xxx';
$db = new mysqli( $dbhost, $dbuser, $dbpwd, $dbname );
$sql = 'insert into `TABLE` (`cus_username`, `firstname`, `lastname`, `email`, `password`) values (?,?,?,?,?);';
$stmt = $db->prepare( $sql );
if( $stmt ){
$username=!empty($_POST['cus_username']) ? $_POST['cus_username'] : false;
$firstname=!empty($_POST['firstname']) ? $_POST['firstname'] : false;
$lastname=!empty($_POST['lastname']) ? $_POST['lastname'] : false;
$email=!empty($_POST['email']) ? $_POST['email'] : false;
$password=!empty($_POST['password']) ? $_POST['password'] : false;
$errors=array();
if( !$username )$errors[]='Please enter a username';
if( !$password )$errors[]='Please enter your password';
if( !$email )$errors[]='Please enter your email';
if( !$firstname )$errors[]='Your firstname is required';
if( !$lastname )$errors[]='Your lastname is required';
if( empty( $errors ) ){
/* bind the variables and execute the sql statement */
$stmt->bind_param('sssss',$username,$firstname,$lastname,$email,$password);
$result = $stmt->execute();
echo $result ? 'Success' : 'Failed';
} else {
foreach( $errors as $error ){
echo $error . '<br />';
}
}
$stmt->close();
$db->close();
}
}
?>
<?php
?>
<!doctype html>
<html>
<head>
<meta charset='utf-8' />
<title>Add a user</title>
<script src='//code.jquery.com/jquery-latest.js' type='text/javascript'></script>
<style>
html, html *{font-family:calibri,verdana,arial;font-size:0.85rem;}
label{clear:both;margin:0.25rem;padding:0.25rem;display:block;width:30%;float:left;}
input[type='submit']{margin:3rem 0;background:green;color:white;clear:both;float:left;}
input[type='text'],
input[type='email'],
input[type='password']{float:right;}
#username_status{color:red;margin:0 0 0 2rem;}
</style>
</head>
<body>
<h1>Register</h1>
<form method='post' action='reg_process.php'>
<!-- the text field needs an id for the ajax function to glom onto -->
<label for='cus_username'>UserName: <input type='text' name='cus_username' id='username' /><span id='username_status'></span></label>
<label for='firstname'>First Name: <input type='text' name='firstname' /></label>
<label for='lastname'>Last Name: <input type='text' name='lastname' /></label>
<label for='email'>Email Id: <input type='email' name='email' /></label>
<label for='password'>Password: <input type='password' name='password' /></label>
<!--
various spans removed for testing
and slight rearrangement using `label`
-->
<input type='submit' />
</form>
<!--
rather than sending an ajax request with each character typed
I updated this to check for a minimal length before sending the
request and also changed the event listener to listen for blur events
so there should only be one request when the user moves to the next
field in the form
-->
<script type='text/javascript'>
$('#username').blur( function(e) {
var status=$('#username_status');
status.text( 'Searching...' );
if( $( this ).val() !== '' && $( this ).val().length > 3 ) {
$.post('php/username_check.php', { username: $(this).val() }, function(data) {
status.text( data );
});
} else {
status.text('');
}
});
</script>
</body>
</html>
<?php
/*
username_check.php
*/
if( $_SERVER['REQUEST_METHOD']=='POST' && !empty( $_POST['username'] ) ){
$dbhost = 'localhost';
$dbuser = 'root';
$dbpwd = 'xxx';
$dbname = 'xxx';
$db = new mysqli( $dbhost, $dbuser, $dbpwd, $dbname );
$rows=0;
/*
sql prepared statement using `LIKE` operator
*/
$sql='select * from `users` where `username` like ?';
$stmt = $db->prepare( $sql );
if( $stmt ){
/* Bind the placeholder to an as yet undefined variable - $username */
$stmt->bind_param( 's', $username );
/* Generate the $username variable with trailing % */
$username = $_POST['username']."%";
/* Query the db */
$result = $stmt->execute();
if( $result ){
/* If the query succeeded, get the row count */
$stmt->store_result();
$rows=$stmt->num_rows;
}
/* tidy up */
$stmt->free_result();
$stmt->close();
}
$db->close();
/* Send response back to javascript callback */
exit( $rows > 0 ? "Username already exists" : "Username doesn't exist" );
}
?>
<?php
/*
reg_process.php
*/
if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['cus_username'], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $_POST['password'] ) ){
$dbhost = 'localhost';
$dbuser = 'root';
$dbpwd = 'xxx';
$dbname = 'xxx';
$db = new mysqli( $dbhost, $dbuser, $dbpwd, $dbname );
$sql = 'insert into `users` (`cus_username`, `firstname`, `lastname`, `email`, `password`) values (?,?,?,?,?);';
$stmt = $db->prepare( $sql );
if( $stmt ){
$username=!empty($_POST['cus_username']) ? $_POST['cus_username'] : false;
$firstname=!empty($_POST['firstname']) ? $_POST['firstname'] : false;
$lastname=!empty($_POST['lastname']) ? $_POST['lastname'] : false;
$email=!empty($_POST['email']) ? $_POST['email'] : false;
$password=!empty($_POST['password']) ? $_POST['password'] : false;
$errors=array();
if( !$username )$errors[]='Please enter a username';
if( !$password )$errors[]='Please enter your password';
if( !$email )$errors[]='Please enter your email';
if( !$firstname )$errors[]='Your firstname is required';
if( !$lastname )$errors[]='Your lastname is required';
if( empty( $errors ) ){
/* bind the variables and execute the sql statement */
$stmt->bind_param('sssss', $username, $firstname, $lastname, $email, $password );
$result = $stmt->execute();
echo $result ? 'Success' : 'Failed';
} else {
foreach( $errors as $error ){
echo $error . '<br />';
}
}
$stmt->close();
$db->close();
}
}
?>