PHP SQL注册表格
我正在尝试将数据保存到sql数据库的注册表单。我还没有进行表单验证,因为最让我感到困扰的是将这些东西放到sql上。我会很感激任何建议!PHP SQL注册表格
我有一个form.php文件,应该在努力工作。当我提交我的表单时,在这一点上,我得到一个空白屏幕,并没有加载到数据库中。
<?php
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$password = $_POST['password'];
$email = $_POST['email'];
$cell = $_POST['cell'];
$experience = $_POST['experience'];
$ip = $_POST['ip'];
$password = md5($_POST['password']);
$connection = msql_connect(localhost, USERNAME, PASSWORD);
$db = mysql_select_db(registration,$connection);
mysql_query("INSERT INTO userTable (fname,lname,password,email,cell,experience,ip) VALUES ('$fname', '$lname', '$password', '$email', '$cell', '$experience', '$ip')")
or die (mysql_error());
echo "Thank you for your registration";
?>
而且我有一个包含这个HTML文件:
<form method = "post" action = "form.php">
<h2>User Information</h2>
<div><label>First Name:</label>
<input type = "text" name = "fname"></div>
<div><label>Last Name:</label>
<input type = "text" name = "lname"></div>
<div><label>Password:</label>
<input type = "password" name = "password"></div>
<div><label>Email:</label>
<input type="text" name="email"></div>
<div><label>Cellphone:</label>
<input type="text" name="cell"></div>
<input type="hidden" name="ip" value='<?php echo $IP ?>'/>
<h2>What Is Your Experience Mountain Biking?</h2>
<p><input type="radio" name="experience" value="n00b"
checked>n00b
<input type="radio" name="experience" value="intermediate">Intermediate
<input type="radio" name="experience" value="extreme">Extreme
</p>
<p><input type="submit" name="submit" value="Register"></p>
</form>
最后,我有一个SQL数据库(我在本地运行的XAMPP)被称为“注册” 我创建的表被称为“userTable”,它包含8个字段,包括ID(自动递增)和其他7个我已经包含在顶部的值。任何想法我做错了什么?
Solved my own problem
<?php
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$password = $_POST['password'];
$email = $_POST['email'];
$cell = $_POST['cell'];
$experience = $_POST['experience'];
$ip = $_POST['ip'];
$fname = mysql_real_escape_string($fname);
$lname = mysql_real_escape_string($lname);
$email = mysql_real_escape_string($email);
$password = md5($_POST['password']);
$servername="localhost";
$username="user";
$conn= mysql_connect($servername,$username, password)or die(mysql_error());
mysql_select_db("registration",$conn);
$sql="insert into userTable (fname,lname,password,email,cell,experience,ip) VALUES ('$fname', '$lname', '$password', '$email', '$cell', '$experience', '$ip')";
$result=mysql_query($sql,$conn) or die(mysql_error());
print "<h1>you have registered sucessfully</h1>";
echo "Thank you for your registration to the ";
mysql_close($connection);
>
$ fname = mysql_real_escape_string($ _ POST ['fname']),你可以保存一些行。 – 2013-01-18 15:54:06
问题是什么?
1)问题在于,每次加载此页面时都会执行INSERT查询 - 意味着每次插入空值时都会执行INSERT查询。为什么?
仅仅是因为没有条件,如果各个领域已经公布,检查,所以不是:
<?php
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$password = $_POST['password'];
$email = $_POST['email'];
$cell = $_POST['cell'];
$experience = $_POST['experience'];
$ip = $_POST['ip'];
您应该检查是否$_POST
超级全局有一些按键。 所以做任何查询之前 - 所有检查的第一,如果$_POST
不为空
<?php
//This means that user did submit the form
if (!empty($_POST)){
//all your stuff goes here
}
?>
<html>
.....
</html>
2)你确定你在你的代码的控制?显然不是。
你必须检查一些函数是否返回TRUE
,然后根据它做出以下操作。
例如,你确定mysql_query("your sql query")
成功吗?
3)允许使用error_reporting到E_ALL,所以只是把error_reporting(E_ALL)
在你的页面的顶部,这样的:
<?php
error_reporting(E_ALL);
所以,你总是可以调试脚本 “飞”
4)你正在尽一切努力使这些代码难以维护,为什么? 看看这个:
<?php
//Debug mode:
error_reporting(E_ALL);
//Sure you want to show some error if smth went wrong:
$errors = array();
/**
*
* @return TRUE if connection established
* FALSE on error
*/
function connect(){
$connection = mysql_connect(localhost, USERNAME, PASSWORD);
$db = mysql_select_db(registration,$connection);
if (!$connection || !$db){
return false;
} else {
return true;
}
}
//So this code will run if user did submit the form:
if (!empty($_POST)){
//Connect sql server:
if (!connect()){
$errors[] = "Can't establish link to MySQL server";
}
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$password = $_POST['password'];
$email = $_POST['email'];
$cell = $_POST['cell'];
$experience = $_POST['experience'];
//Why post ip? not smth like $_SERVER['REMOTE_ADDR']...
$ip = $_POST['ip'];
$password = md5($_POST['password']);
//No error at this point - means that it successfully connected to SQL server:
if (empty($errors)){
//let's prevent sql injection:
$fname = mysql_real_escape_string($fname);
//Please do this for all of them..
}
//Now we should try to INSERT the vals:
$query = "INSERT INTO `userTable` (`fname`,`lname`,`password`,`email`,`cell`,`experience`,`ip`) VALUES ('$fname', '$lname', '$password', '$email', '$cell', '$experience', '$ip')";
//So try it:
if (!mysql_query($query)){
//
//die (mysql_error());
$errors[] = "Can't insert the vals";
} else {
//Or on success:
print ("Thank you for your registration");
//or you can do redirect to some page, like this:
//header('location: /thanks.php');
}
}
?>
<form method="post">
<h2>User Information</h2>
<div><label>First Name:</label>
<input type = "text" name = "fname"></div>
<div><label>Last Name:</label>
<input type = "text" name = "lname"></div>
<div><label>Password:</label>
<input type = "password" name = "password"></div>
<div><label>Email:</label>
<input type="text" name="email"></div>
<div><label>Cellphone:</label>
<input type="text" name="cell"></div>
<input type="hidden" name="ip" value='<?php echo $IP ?>'/>
<h2>What Is Your Experience Mountain Biking?</h2>
<p><input type="radio" name="experience" value="n00b"
checked>n00b
<input type="radio" name="experience" value="intermediate">Intermediate
<input type="radio" name="experience" value="extreme">Extreme
</p>
<?php if (!empty($errors)) : ?>
<?php foreach($errors as $error): ?>
<p><b><?php echo $error; ?></b></p>
<?php endforeach; ?>
<?php endif; ?>
<p><input type="submit" name="submit" value="Register"></p>
</form>
我喜欢你设置它的方式,我可能会在将来使用它。 – 2012-08-03 03:08:51
为什么这么多的问题仍然指向'mysql_'功能?你为什么不使用'mysqli_'函数?还有'$ connection = msql_connect(localhost,USERNAME,PASSWORD);'是一个错字。没有'msql_connect()'函数。更不用说sql注入攻击了! – 2012-08-03 00:29:32
死亡白屏=错误显示关闭。打开它,看看你得到了什么 – 2012-08-03 00:30:08
我建议添加error_reporting(E_ALL);到脚本的顶部以确保报告所有错误和问题。一旦完成,我们可以进一步了解为什么事情没有起作用。 – 2012-08-03 00:31:56