谁能告诉我什么';我的代码怎么了?PHP、MySQL、HTML
有人能解释一下我的注册页面有什么问题吗?数据库连接很好,但当我检查表时,没有任何新用户 我的HTML谁能告诉我什么';我的代码怎么了?PHP、MySQL、HTML,php,html,mysql,forms,user-registration,Php,Html,Mysql,Forms,User Registration,有人能解释一下我的注册页面有什么问题吗?数据库连接很好,但当我检查表时,没有任何新用户 我的HTML <form action="register.php" method="post"> <input type="text" name="username" placeholder="username"><br/> <input type="password" name="password" placeholder="password"><br
<form action="register.php" method="post">
<input type="text" name="username" placeholder="username"><br/>
<input type="password" name="password" placeholder="password"><br/>
<input type="text" name="email" placeholder="E-mail"><br/>
<input type="submit" value="Submit">
</form>
<?php
$user_name = "mah user name";
$password = "mah password";
$database = "Peoples";
$server = "mysql6.000webhost.com";
$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);
$username = test_input($_POST["username"]);
$email = test_input($_POST["email"]);
$password = $_POST["password"];
$registered=0;
if ($db_found) {
$SQL = "INSERT INTO users (username,password,email,registered) VALUES ($username, $password, $email,$registered)";
$result = mysql_query($SQL);
mysql_close($db_handle);
print "Records added to the database";
}
else {
print "Database NOT Found ";
mysql_close($db_handle);
}
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
尝试将功能测试数据放在值之前
<?php
$user_name = "mah user name";
$password = "mah password";
$database = "Peoples";
$server = "mysql6.000webhost.com";
$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);
function test_input($data){
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$username = test_input($_POST["username"]);
$email = test_input($_POST["email"]);
$password = $_POST["password"];
$registered=0;
/* or you could use PHP built in filters
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
*/
$SQL = "INSERT INTO users (username,password,email,registered) VALUES ('$username','$password','$email','$registered')";
$result = mysql_query($SQL) or die(mysql_error());
if($result) {
echo 'Registration was successfull.';
}
else {
echo 'Registration was not successfull';
}
mysql_close($db_handle);
?>
我以前遇到过这些问题,通常需要使用一点,因为MySQL错误不会显示为PHP错误,因此不会打印到页面上。就我个人而言,我会将MySQLi与PHP结合使用,因为它对一些事情有更大的支持,如果你想了解细节,只需进行谷歌搜索,有时SQL只需要在查询中使用`字符(windows键盘上1个键的左边)包装表名和数据库名
请尝试改用以下代码:
<?php
// Init databse connection
$db_handle = new mysqli("mysql6.000webhost.com","username","password","Peoples") or die("Database connection error");
// check connection
if ($db_handle->connect_errno) {
printf("Connect failed: %s\n", $mysqli->connect_error);
exit();
}
// Strip function for query string
function test_input($data){
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$username = test_input($_POST["username"]);
$email = test_input($_POST["email"]);
$password = $_POST["password"];
$registered=0;
// Try insert query, sometimes wrapping the table name in ` characters solves the issue - only use on database and table names not values
if($result = $db_handle->query("INSERT INTO `users` (username,password,email,registered) VALUES ('$username','$password','$email','$registered');")) {
echo 'Records added to the database';
// free result set
$result->close();
}
else {
echo 'Database NOT Found';
}
$db_handle->close();
?>
并存储该字符串,或您喜欢的任何其他哈希变量-sha256恰好是我喜欢使用的。当用户尝试登录时,您应该再次散列他们提供的密码,并对照存储在数据库中的散列进行检查
最后,如果一些用户在线输入密码,他们可能更希望您对域使用SSL加密,如果您不熟悉,请再次进行谷歌搜索,我将尽可能回答更多问题:)错误日志告诉您什么?它显示了什么错误?您在values()
子句中缺少所有字符串值的引号。它是否打印“添加到数据库的记录”?您不应该在test\u input
中调用htmlspecialchars
,但是您应该调用mysql\u real\u escape\u string
。我没有收到任何错误,我试着用引号括起来,但仍然不起作用。列名上没有引号,只有值。我使用PDO,如果您愿意,我可以向您发送我的注册scipt…这仍然需要正确的SQL转义。很糟糕。需要很多东西,但……那是另一种情况;)服务器端哈希太晚,密码可能已被拦截。使用客户端散列并发送已经编码的密码,这样如果窃贼被截获,他将一无所获。我不一定说需要对客户端进行散列,除非你出于某种原因不信任服务器,正如我所说的,尽管你应该使用HTTPS隧道(SSL),如果你想变得真正技术化,你甚至不应该存储整个散列,而只是使用盐,但是关于web开发中安全性的争论永远不会停止
$password = hash('sha256',$_POST['password']);