PHP注册系统用户信息未被存储在mysql中
问题描述:
我有一个基本的注册系统。代码如下。无法注册用户。 connect.php网站工作...登录部分工作,如果我手动添加信息到数据库。我不断收到我设置的错误消息,请参阅以下内容......“发生错误,您的帐户未创建。”PHP注册系统用户信息未被存储在mysql中
<?php
if ($_POST['registerbtn']){
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getretypepass = $_POST['retypepass'];
if ($getuser){
if ($getemail){
if ($getpass){
if ($getretypepass){
if ($getpass === $getretypepass){
if((strlen($getemail) >= 7) && (strstr($getemail,"@")) && (strstr($getemail,"."))){
require("./connect.php");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$password = md5(md5("18sde#@!".$password."@1kwe#28"));
$date = date("F d, Y");
$code = md5(rand());
mysql_query("INSERT INTO user VALUES ('', '$getuser', '$password', '$getemail', '0', '$code', '$date')");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 1){
$site = "http://localhost/test";
$webmaster = "[email protected]";
$headers = "From: $webmaster";
$subject = "Activate your account";
$message = "Thanks for registering. Click the link below to active your account.";
$message .= "$site/activate.php?user=$getuser&code=$code";
$message .= "You must activate your account to login.";
if (mail($getemail, $subject, $message, $headers)){
$errormsg = "You have been registered. You must activate your account using your email $getemail";
$getusr = "";
$getemail = "";
}
else
$errormsg = "An error has occurred. Your activation email was not sent.";
}
else
$errormsg = "An error has occurred. Your account was not created.";
}
else
$errormsg ="There is already a email with that email.";
}
else
$errormsg ="There is already a user with that username.";
mysql_close();
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "Your passwords did not match";
}
else
$errormsg = "You must retype your password to register.";
}
else
$errormsg = "You must enter your password to register.";
}
else
$errormsg = "You must enter your email to register.";
}
else
$errormsg = "You must enter your username to register.";
}
$form = "<form action='./register.php' method='post'>
<table>
<tr>
<td></td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value'$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value'$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value'' /></td>
</tr>
<tr>
<td>Retype Password:</td>
<td><input type='password' name='retypepass' value'' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='registerbtn' value'Register' /></td>
</tr>
</table>
</form>";
echo $form;
?>
答
不是解决办法,但一些解决方法,使您的代码更简单,更好:
不要使用
mysql_
功能,使用mysqli
或PDO
。 mysql_已被弃用。-
不要单独验证输入(添加大量必要条件和嵌套)。像这样的更简单:
$ createUser = true;
if(!$ getuser){$ errorMsg ='Your error msg'; $ createUser = false; } if(!$ getemail){$ errorMsg ='Your error msg'; $ createUser = false;如果(!$ getpass){$ errorMsg ='Your error msg';} $ createUser = false; }
如果($的createUser){ ...创建用户... }
与
real_escape_string
(找对的mysqli和PDO实现)最后净化你的投入,添一些调试。例如,使用INSERT查询创建一个
$sql
var,并使用echo
创建var,以查看查询是否正确形成。
答
你正在做的INSERT
到user
-
mysql_query("INSERT INTO user VALUES ('', '$getuser', '$password', '$getemail', '0', '$code', '$date')");
----
但users
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
-----
做你SELECT
所以你永远不会INSERT
插入一行供以后选择。
注意:您已开放SQL注入。至少可以净化你的$_POST
数据。或者移至mysqli_
或PDO
并使用准备好的语句。
请尝试去掉你的示例代码到相关部分 - 现在看起来你正在将代码倾倒在这里让其他人为你调试它,这不在本站的范围之内。 –
永远不要认为'mysql_query()'成功。总是检查结果(你可以使用'mysql_error()'来确定错误,如果没有错误,你的'SELECT'查询就不会返回行。 –