Php 注册页面不再插入我的数据库
我从一个在线来源获得了这段代码,它工作正常,但当我今天尝试使用它时,它会将用户登录到网站,但不会在表中插入任何内容。因此,如果我注销了新创建的帐户,然后尝试登录它将无法工作 我的数据连接页面是server.php。注册页面是register.phpPhp 注册页面不再插入我的数据库,php,html,mysql,Php,Html,Mysql,我从一个在线来源获得了这段代码,它工作正常,但当我今天尝试使用它时,它会将用户登录到网站,但不会在表中插入任何内容。因此,如果我注销了新创建的帐户,然后尝试登录它将无法工作 我的数据连接页面是server.php。注册页面是register.php <!DOCTYPE html> <html> <head> <title>Registration system PHP and MySQL</title> <link rel
<!DOCTYPE html>
<html>
<head>
<title>Registration system PHP and MySQL</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="header">
<h2>Register</h2>
</div>
<form method="post" action="register.php">
<?php include('errors.php'); ?>
<div class="input-group">
<label>Username</label>
<input type="text" name="username" value="<?php echo $username; ?>">
</div>
<div class="input-group">
<label>Email</label>
<input type="email" name="email" value="<?php echo $email; ?>">
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password_1">
</div>
<div class="input-group">
<label>Confirm password</label>
<input type="password" name="password_2">
</div>
<div class="input-group">
<button type="submit" class="btn" name="reg_user">Register</button>
</div>
<p>
Already a member? <a href="login.php">Sign in</a>
</p>
</form>
</body>
</html>
我仔细检查了一下自己的错误。我甚至把在线的代码重新复制到它里面,替换为数据连接信息,并且仍然在做同样的事情。我想可能是我的server.php,但是表中的所有用户帐户仍然有效,所以它不是server.pgp页面
Register.php
<!DOCTYPE html>
<html>
<head>
<title>Registration system PHP and MySQL</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="header">
<h2>Register</h2>
</div>
<form method="post" action="register.php">
<?php include('errors.php'); ?>
<div class="input-group">
<label>Username</label>
<input type="text" name="username" value="<?php echo $username; ?>">
</div>
<div class="input-group">
<label>Email</label>
<input type="email" name="email" value="<?php echo $email; ?>">
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password_1">
</div>
<div class="input-group">
<label>Confirm password</label>
<input type="password" name="password_2">
</div>
<div class="input-group">
<button type="submit" class="btn" name="reg_user">Register</button>
</div>
<p>
Already a member? <a href="login.php">Sign in</a>
</p>
</form>
</body>
</html>
这将导致用户被创建并自动登录,这就是它所做的。它没有像应该的那样插入到数据库中。应该插入
身份证
用户名
电子邮件
加密密码从发布的代码来看,它看起来像是
register.php
中的表单发布到了自身,而不是server.php
也许会改变
<form method="post" action="register.php">
到
[P>],明确地考虑“马格努斯-埃里克森的评论,它与问题不直接相关,但非常相关” < P>Server。PHP
// initializing variables
$username = "";
$email = "";
$errors = array();
// connect to the database
$db = mysqli_connect(REMOVED FOR PUBLIC VIEWING);
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (username, email, password)
VALUES('$username', '$email', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}
检查$error
mysqli插入时有哪些错误
下面是一个示例:
<?php
// initializing variables
$username = "";
$email = "";
$errors = array();
// connect to the database
$db = mysqli_connect('REMOVED FOR PUBLIC VIEWING');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
echo "\nThere should be no errors here\n";
var_dump($errors);
if (count($errors)) {
die('There ware errors!');
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (username, email, password)
VALUES('$username', '$email', '$password')";
if(!mysqli_query($db, $query)) {
die("Mysqli error: " . mysqli_error($db));
}
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}
警告!不要使用md5()
进行密码哈希。MD5不仅速度非常快(这是不好的),而且还发现了哈希冲突(这也是不好的)。使用PHP获得一个安全的散列,并使用它根据散列验证密码。你还应该研究使用,而不是手动转义用户数据,并像那样构建你的查询。考虑到上述问题,我猜你找到的在线资源要么已经过时,要么通常不安全。请记住,您要求人们向您提供他们的凭据(我们都知道人们喜欢在任何地方重复使用相同的凭据),因此您需要尽可能确保他们的数据的安全。这将要求您重写部分代码(因为我假设您也将开始使用准备好的语句?)所以我建议你从这个开始。在重写之前调试代码似乎是浪费时间。你甚至可以在重写时解决你的问题…[链接]怎么样!多好的一个巧合啊!我只是浏览了一下评论,看到你在底部说,一年前是多么不安全,哈@MagnUserIksontrol将其添加到register.php中,结果也是一样的。它继续处理主页上的数据,但没有插入到表中
toif(!mysqli_query($db,$query)){echo(“错误描述:”.mysqli_Error($db));}
通常,添加更多调试-使用echo
向您显示变量和die
的值,这是一种查看重定向之前发生的情况的简单方法happens@ChrisLear我推荐var\u dump()
而不是echo
,因为它也可以处理对象和数组(并将显示布尔值的适当值)@MagnusEriksson我同意。我曾试图让事情简单化,但可能我做得太过了,“并使用PDO重写了你的mysql代码”-为什么他们需要这样做?@MagnusEriksson 2019年的PDO通常比mysql/mysqli更推荐使用。有些人读过关于mysql/mysqli的文章,现在没有真正的理由坚持使用它,除非你的PHP上没有PDO(我怀疑),你说的是SQL注入(与库无关)但是,如果你使用参数化的预处理语句,mysqli和PDO一样安全。就个人而言,是的,我更喜欢PDO,但是因为OP已经在使用mysqli,所以没有理由重写所有的数据库代码。顺便说一句,你知道链接没有提到在mysqli上使用PDO,对吗?它解释了你可能会受到SQL inj的攻击即使使用PDO和准备好的语句(如果您有一些edge case配置),也可以使用分区。