用于电子邮件验证的PHP代码中存在错误
我正在尝试为我的数据库创建电子邮件验证表单,但遇到了一些问题。当我尝试运行下面的代码时,我得到一个错误:没有选择数据库 我还得到一个未定义的变量错误。我想在username字段下将用户名放入我的数据库中,但显然$name是一个未定义的变量。第xx行错误未定义变量MySQL_queryINSERT进入注册用户名、密码、电子邮件、哈希值'。mysql\u real\u escape\u字符串$name 我正在使用WAMP服务器。数据库的名称是sitememberdetails,而 表i需要输入is注册中的信息。我对这一点很陌生——有谁能告诉我如何定义变量,以及如何选择db,即使它看起来已经被选中了用于电子邮件验证的PHP代码中存在错误,php,mysql,database,email,validation,Php,Mysql,Database,Email,Validation,我正在尝试为我的数据库创建电子邮件验证表单,但遇到了一些问题。当我尝试运行下面的代码时,我得到一个错误:没有选择数据库 我还得到一个未定义的变量错误。我想在username字段下将用户名放入我的数据库中,但显然$name是一个未定义的变量。第xx行错误未定义变量MySQL_queryINSERT进入注册用户名、密码、电子邮件、哈希值'。mysql\u real\u escape\u字符串$name 我正在使用WAMP服务器。数据库的名称是sitememberdetails,而 表i需要输入is注
<?php
$host = "localhost";
$username = "";
$password = "";
$databasename = "sitememberdetails";
$email="xxxxxx@xxxxxxxx.xxx";
$connection = mysql_connect($host,$username,$password) or die
("Error: ".mysql_error());
mysql_select_db($databasename);("sitememberdetails") or
die(mysql_error());
if(isset($_POST['name']) && !empty($_POST['name']) AND
isset($_POST['email']) && !empty($_POST['email'])){
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']); }
if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-
z0-9-]+)*(\.[a-z]{2,3})$/i", $email)){
$msg = 'The email you have entered is invalid, please try again.';
}else{
$msg = 'Your account has been made, <br /> please verify it
by clicking the activation link that has been send to
your email.';
}
$hash = md5( rand(0,1000) );
$password = rand(1000,5000);
mysql_query("INSERT INTO registrations (username, password,
email, hash) VALUES(
'". mysql_real_escape_string($name) ."',
'". mysql_real_escape_string(md5($password)) ."',
'". mysql_real_escape_string($email) ."',
'". mysql_real_escape_string($hash) ."') ") or
die(mysql_error());
$to = $email; // Send email to our user
$subject = 'Signup | Verification'; // Give the email a subject
$message = '
Thanks for signing up!
Your account has been created, you can login with the following
credentials after you have activated your account by pressing
the url below.
Username: '.$name.'
Password: '.$password.'
Please click this link to activate your account:
http://www.yourwebsite.com/verify.php?email='.$email.'&
hash='.$hash.'
';
$headers = 'From:noreply@yourwebsite.com' . "\r\n"; // Set from
headers
mail($to, $subject, $message, $headers); // Send our email
?>
尝试更改此代码
mysql_select_db($databasename);("sitememberdetails") or
die(mysql_error());
对此
mysql_select_db($databasename) or die(mysql_error());
下线
似乎$name值未过帐到表单中。如果name变量已设置且不为空,则将对其进行转义,但是如果name变量根本未设置,会发生什么情况?没有对此进行检查,因此它将继续,直到到达INSERT语句并导致错误为止
请看示例1以选择数据库。$databasename后面有一个分号;这没有意义。这里有一些修改过的代码,使用PDO而不是mysql。让我知道这一个是否有效,我们可以从那里解决任何问题
<?php
$host = 'localhost';
$dbname = 'sitememberdetails';
$user = '';
$pass = '';
try
{
$DB = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
if(isset($_POST['name']) && !empty($_POST['name']) AND isset($_POST['email']) && !empty($_POST['email']))
{
$name = $_POST['name'];
$email = $_POST['email'];
}
else
{
$name = 'No Name';
$email = 'No Email';
}
if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email))
{
$msg = 'The email you have entered is invalid, please try again.';
}else{
$msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been send to your email.';
}
$hash = md5( rand(0,1000) );
$password = rand(1000,5000);
$query = "INSERT INTO registrations (username, password, email, hash) VALUES('?', '?', '?', '?')";
$sth = $DB->prepare($query);
//By using ?'s and prepare/execute, PDO will prevent SQL Injection for you!
$sth->execute(array($name, md5($password), $email, $hash));
$to = $email; // Send email to our user
$subject = 'Signup | Verification'; // Give the email a subject
$message = 'Thanks for signing up! Your account has been created,
you can login with the following credentials after you
have activated your account by pressing the url below.
Username: '.$name.'
Password: '.$password.'
Please click this link to activate your account:
http://www.yourwebsite.com/verify.php?email='.$email.'&
hash='.$hash;
$headers = 'From:noreply@yourwebsite.com' . "\r\n"; // Set from header
mail($to, $subject, $message, $headers); // Send our email
?>
查看此修改后的代码:
<?php
$host = "localhost";
$username = "";
$password = "";
$databasename = "sitememberdetails";
$email="xxxxxx@xxxxxxxx.xxx";
$connection = mysql_connect($host,$username,$password) or die ("Error: ".mysql_error());
mysql_select_db($databasename) or die(mysql_error());
$name = "";
if(isset($_POST['name']) && !empty($_POST['name']) AND
isset($_POST['email']) && !empty($_POST['email'])){
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']); }
if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email)){
$msg = 'The email you have entered is invalid, please try again.'; }
else {
$msg = 'Your account has been made, <br /> please verify it
by clicking the activation link that has been send to your email.';
}
$hash = md5( rand(0,1000) );
$password = rand(1000,5000);
mysql_query("INSERT INTO registrations (username, password,email, hash) VALUES(
'". mysql_real_escape_string($name) ."',
'". mysql_real_escape_string(md5($password)) ."',
'". mysql_real_escape_string($email) ."',
'". mysql_real_escape_string($hash) ."') ") or die(mysql_error());
$to = $email; // Send email to our user
$subject = 'Signup | Verification'; // Give the email a subject
$message = ' Thanks for signing up!
Your account has been created, you can login with the following
credentials after you have activated your account by pressing
the url below.
Username: '.$name.'
Password: '.$password.'
Please click this link to activate your account:
http://www.yourwebsite.com/verify.php?email='.$email.'&
hash='.$hash.'
';
$headers = 'From:noreply@yourwebsite.com' . "\r\n"; // Set from
mail($to, $subject, $message, $headers); // Send our email
?>
我建议您使用PDO而不是mysql_uu函数请研究使用或替代旧的mysql驱动程序。mysql驱动程序现在不受支持,并且存在一些安全问题。你应该避免使用mysql函数,因为它们会贬值。使用filter\u var$email,filter\u VALIDATE\u email而不是正则表达式。thnks Isa/dcirello-我对此非常陌生,但有一个最后期限,所以我只想尝试让代码以任何方式工作,我可以先,一旦它启动并运行,我将尝试更新不推荐使用的标签。代码运行正常,只是我不断收到拒绝用户@'localhost'访问数据库'sitememberdetails'的错误。你知道为什么会这样吗?我正在使用Wampserver。请在phpMyAdmin面板中检查您在连接中使用的用户的用户和权限。祝你好运。山姆干杯-我在网上都遇到了两个错误:$sth=$DB->prepare$query。错误是未定义的变量:C:\wamp\www\Root\siginuppage.php中的DB&致命错误:对C:\wamp\www\Root\siginuppage.php中的非对象调用成员函数prepare。@Danielokeeffe我认为这是与数据库连接有关的问题。试着把$DB=1;下面是catch语句中的echo,看看这是否“删除”了第一个错误,如果是,则表示您的初始数据库连接失败。感谢Delta解决了这个问题。除了我现在还有一个1!修复此错误意味着现在选择了一个数据库,但现在表示用户@“localhost”对数据库“sitememberdetails”的访问被拒绝!!数据库名称正确,如果用户名和密码为空,是否应允许我访问?我没有在phpmyadmin中更改它们。我认为wamp服务器默认的mysql用户名是root。但我不确定,因为我没有使用它。这是最后一个问题的谷歌搜索结果,我保证-将用户名指定为root,现在它声明警告:邮件:无法连接到本地主机端口25的mailserver,请在php.ini中验证SMTP和SMTP端口设置,或者在第90行使用C:\wamp\www\root\siginuppage.php中的ini\u设置。这是邮件$to、$subject、$message、$headers;。好像解决的问题越多,出现的问题就越多!这是否与站点目前不处于活动状态有关?您必须在计算机上设置smtp服务器,或者在实际服务器上尝试此代码。几乎所有托管公司都在其web服务器上设置smtp服务器。
<?php
$host = "localhost";
$username = "";
$password = "";
$databasename = "sitememberdetails";
$email="xxxxxx@xxxxxxxx.xxx";
$connection = mysql_connect($host,$username,$password) or die ("Error: ".mysql_error());
mysql_select_db($databasename) or die(mysql_error());
$name = "";
if(isset($_POST['name']) && !empty($_POST['name']) AND
isset($_POST['email']) && !empty($_POST['email'])){
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']); }
if(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $email)){
$msg = 'The email you have entered is invalid, please try again.'; }
else {
$msg = 'Your account has been made, <br /> please verify it
by clicking the activation link that has been send to your email.';
}
$hash = md5( rand(0,1000) );
$password = rand(1000,5000);
mysql_query("INSERT INTO registrations (username, password,email, hash) VALUES(
'". mysql_real_escape_string($name) ."',
'". mysql_real_escape_string(md5($password)) ."',
'". mysql_real_escape_string($email) ."',
'". mysql_real_escape_string($hash) ."') ") or die(mysql_error());
$to = $email; // Send email to our user
$subject = 'Signup | Verification'; // Give the email a subject
$message = ' Thanks for signing up!
Your account has been created, you can login with the following
credentials after you have activated your account by pressing
the url below.
Username: '.$name.'
Password: '.$password.'
Please click this link to activate your account:
http://www.yourwebsite.com/verify.php?email='.$email.'&
hash='.$hash.'
';
$headers = 'From:noreply@yourwebsite.com' . "\r\n"; // Set from
mail($to, $subject, $message, $headers); // Send our email
?>