Php 表存在,但缺少所有属性
我写了几个包含PHP代码的文件,如下所示:创建一个登录页面,输入用户名、密码和名称,然后对cookie进行腌制和哈希处理,这样就没有人可以编辑cookie。输入详细信息后,您应该能够在“用户”表中看到您的数据。然而,我在MySQL中得到的是“MySQL返回了一个空的结果集(即零行)。(查询耗时0.0000秒)。” 我将下面的文件命名为“connect2000.php”:Php 表存在,但缺少所有属性,php,mysql,cookies,Php,Mysql,Cookies,我写了几个包含PHP代码的文件,如下所示:创建一个登录页面,输入用户名、密码和名称,然后对cookie进行腌制和哈希处理,这样就没有人可以编辑cookie。输入详细信息后,您应该能够在“用户”表中看到您的数据。然而,我在MySQL中得到的是“MySQL返回了一个空的结果集(即零行)。(查询耗时0.0000秒)。” 我将下面的文件命名为“connect2000.php”: 我将下面的文件命名为“register2000.php”: 代码的问题是mysqli\u real\u escape\u
我将下面的文件命名为“register2000.php”:
代码的问题是mysqli\u real\u escape\u string()
需要在该函数中传递DB connection参数
请参阅手册:
mysqli\u query()
函数也是如此
检查错误会发出以下信号:
脚注:
- 考虑使用,否则,它们会更安全
mysqli\u real\u escape\u string()
要求传递DB参数。-mysqli\u query()
-如果你一直在检查错误,就会完全避免这个问题。^^^^^^这是你的答案^^^^^哦,天哪,你完全正确,弗雷德。我未能插入适当的参数。非常感谢你向我指出这一点——这可能是一个明显的疏忽,但我就是没看到。不客气,阿诺德。我认为问题解决了?警告:当使用mysqli
时,您应该使用参数化查询,并将用户数据添加到查询中。不要使用字符串插值来完成此操作,因为这样会创建严重的错误。
<?php
$dbserver = "localhost";
$dbuser = "root";
$dbpassword = "";
$dbname = "tutorial";
$dbcon = mysqli_connect($dbserver, $dbuser, $dbpassword, $dbname);
if(!$dbcon) {
die("Error connecting to database: " . mysqli_error());
}
echo "You have connected successfully";
mysqli_select_db($dbcon, $dbname) or die("Unable to select database: " .
mysqli_error());
$query = "CREATE TABLE users (
Username VARCHAR(30) NOT NULL,
Password VARCHAR(100) NOT NULL,
ID INT NOT NULL,
Name VARCHAR (30) NOT NULL,
Salt VARCHAR(100) NOT NULL,
PRIMARY KEY (ID))";
$result = mysqli_query($dbcon, $query);
if(!result) die("Database access failed: " . mysqli_error());
?>
<?php
require_once 'connect2000.php';
$connection = mysqli_connect("localhost", "root", "", "tutorial") or
die("Couldn't connect
to the server!");
//error reporting(0);
if(isset($_POST['register'])){
if(isset($_POST['username']) && isset($_POST['password'])) {
$username = mysqli_real_escape_string($_POST['username']);
$password = mysqli_real_escape_string(hash("sha512",
$_POST['password']));
$name = "";
if(isset($_POST['name'])) {
$name = mysqli_real_escape_string(strip_tags($_POST['name']));
}
$check = mysqli_fetch_array(mysqli_query("SELECT * FROM `users` WHERE
`username` = '$username'"));
if($check != '0') {
die("That username already exists! Try <i>$username" .rand(1, 50).
"</i> instead
<a href = 'register2000.php'>← Back</a>");
}
if(!ctype_alnum($username)) {
die("Username contains special characters! Only numbers and letters
are permitted!
<a href = 'register.php'>← Back</a>");
}
if(strlen($username)>20) {
die("Username must not contain more than 20 characters! <a href =
'register2000.php'>← Back</a>");
}
$salt = hash("sha512", rand().rand().rand());
mysqli_query("INSERT INTO `users` (`username`, `password`, `name`,
`salt`) VALUES ('$username',
'$password', '$name', '$salt')");
setcookie("c_user", hash("sha512", $username), time() + 24 * 60 * 60,
"/");
setcookie("c_salt", $salt, time() + 24 * 60 * 60, "/");
die("Your account has been created and you are now logged in.");
}
}
echo "
<body style = 'font-family : verdana, sans-serif'>
<div style = 'width: 80%; padding: 5px 15px 5px; border: 1px solid
#e3e3e3;
background-color: #fff; color: #000; margin-left: auto;>
<h1>Register<h1>
<br />
<form action = '' method = 'post'>
<table>
<tr>
<td>
<b>Username:</b>
</td>
<td>
<input type = 'text' name = 'username' style = 'padding: 4px;'
/>
</td>
</tr>
<tr>
<td>
<b>Password:</b>
</td>
<td>
<input type = 'password' name = 'password' style = 'padding:
4px;' />
</td>
</tr>
<tr>
<td>
<b>Name:</b>
</td>
<td>
<input type = 'text' name = 'name' style = 'padding: 4px;' />
</td>
</tr>
<tr>
<td>
<input type = 'submit' name = 'register' value = 'Register' />
</td>
</tr>
</table>
</form>
<br />
<h6>
No account? <a href='register2000.php'>Register!</a>
</h6>
</div>
</body>
";