Php 不会将数据保存到数据库
嗨,我的测试网站不会在数据库中保存任何类型的数据,所以当我注册时,它不会保存到数据库中,所以我不能登录。有人能解释一下代码的错误并告诉我如何修复它吗?谢谢! heres代码 注册码:Php 不会将数据保存到数据库,php,mysql,sql,database,Php,Mysql,Sql,Database,嗨,我的测试网站不会在数据库中保存任何类型的数据,所以当我注册时,它不会保存到数据库中,所以我不能登录。有人能解释一下代码的错误并告诉我如何修复它吗?谢谢! heres代码 注册码: $reg = @$_POST['reg']; //declaring variables to prevent errors $fn = ""; //First Name $ln = ""; //Last Name $un = ""; //Username $em = ""; //Email $em2 = "";
$reg = @$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; // Password 2
$d = ""; // Sign up Date
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(@$_POST['fname']);
$ln = strip_tags(@$_POST['lname']);
$un = strip_tags(@$_POST['username']);
$em = strip_tags(@$_POST['email']);
$em2 = strip_tags(@$_POST['email2']);
$pswd = strip_tags(@$_POST['password']);
$pswd2 = strip_tags(@$_POST['password2']);
$d = date("Y-m-d"); // Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
// Count the amount of rows where username = $un
$check = mysql_num_rows($u_check);
//Check whether Email already exists in the database
$e_check = mysql_query("SELECT email FROM users WHERE email='$em'");
//Count the number of rows returned
$email_check = mysql_num_rows($e_check);
if ($check == 0) {
if ($email_check == 0) {
//check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>30||strlen($fn)>30||strlen($ln)>30) {
echo "The maximum limit for username/first name/last name is 30 characters!";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0','Write something about yourself.','','','no')");
die("<h2>Welcome to test</h2>Login to your account to get started");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
echo "Sorry, but it looks like someone has already used that email!";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}
<?php
mysql_connect("localhost","root","") or die ("Cant Connect To DataBase!");
mysql_select_db("test") or die ("Cant Select DataBase");
?>
and the tabel
CREATE TABLE IF NOT EXISTS `users` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(255) NOT NULL,
`first_name` varchar(255) NOT NULL,
`last_name` varchar(255) NOT NULL,
`email` varchar(255) NOT NULL,
`password` varchar(32) NOT NULL,
`sign_up_date` date NOT NULL,
`activated` enum('0','1') NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
希望这对您的测试有所帮助。首先,删除帖子中的所有@符号。不要用md5来存储密码,它不再被认为是安全的。@Fred ii-我应该用什么来代替md5让我们看看。。。大范围开放的sql注入攻击漏洞,完全缺乏错误处理,使用@error suppression,深度嵌套的if结构,没有任何缩进。简而言之:代码是一个彻底的灾难,您可以使用PHP的函数。另一种方法是使用mysqli_*而不是mysql_*函数来准备语句或PDO。使用您当前的系统,将给您带来一些麻烦。@Fred ii-在帖子中删除了每一个$,现在我得到了这个错误解析错误:语法错误,在C:\xampp\htdocs\test\index.php的第3行$reg=_post['reg')中意外出现“[”;
<?php
// CHECK IF THE FORM HAS BEEN SUBMITTED
if (isset($_POST['REG'])) {
/* these are the columns to be filled
username
first_name
last_name
email
password
sign_up_date
activated
*/
// GATHER VARIABLES, as we are sure the form has been requested via $_POST there is no need to 'declare' variables
$first_name = trim($_POST['first_name']);
$last_name = trim($_POST['last_name']);
$username = trim($_POST['username']);
// JUST USING ONE EMAIL VARIABLE, BOTH EMAILS BEING THE SAME SHOULD BE CLIENT-VALIDATED
$email = trim($_POST['email']);
// THE SAME AS ABOVE WITH PASS
$password = trim($_POST['password']);
$date = trim($_POST['date']);
$acive = trim($_POST['acive']);
// THIS FUNCTION TESTS FOR EMPTY STRINGS, SELECTS SET TO 0 AND EMPTY ARRAYS
function test_valid() {
$args = func_get_args();
foreach ($args as $value) {
if ($value === 0 || $value == '' || empty($value)) {
return false;
} else {
$foo = true;
}
}
return $foo;
}
// MAKE THE TEST
if (test_valid($first_name, $last_name, $username, $email)) {
// CONTINUE TO THE DATABASE
// CONNECT TO THE DATABASE USING PDO
$conn = new PDO('mysql:host=YOURHOST;dbname=YOURDBNAME', 'YOURUSER', 'YOURPASS');
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// PREPARE THE STATEMENT TO CHECK THE VALUES IN THE DATABASE
$stmt = $conn->prepare("SELECT id, username, email FROM users WHERE username = :username OR email = :email ORDER BY id DESC LIMIT 1");
// BIND THE PARAMETERS TO THE :thingy's
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
//get an array containing arrays<- these ones being the rows of the query
$result = $stmt->fetchAll();
if (empty($result)) {
$password = crypt($password, $username);
$stmt = $conn->prepare("INSERT INTO users VALUES ('', :username , :first_name , :last_name , :email , :password , NOW(), 0)");
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->bindParam(':first_name', $first_name, PDO::PARAM_STR);
$stmt->bindParam(':last_name', $last_name, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->bindParam(':password', $password, PDO::PARAM_STR);
$stmt->execute();
} else {
//there were matching rows, therefore the username or the e-mail were already registered
}
} else {
//there were invalid parameters in the form
}
} else {
// form was not submitted
}
?>