您的位置: 首页  >  技术问答  >  注册过程未插入数据库

注册过程未插入数据库

分类: 技术问答 2022-06-14 16:35:48
问题描述:

我的register.inc.php未成功将用户信息插入到数据库中。但它会将我重定向到register_success.php注册过程未插入数据库

我错过了添加到插入数据的内容吗?

register.inc.php

include_once 'config.php'; 
include_once 'db_connect.php'; 

$error_msg = ""; 

if (isset($_POST['username'], 
     $_POST['firstname'], 
     $_POST['lastname'], 
     $_POST['home_address1'], 
     $_POST['home_address2'], 
     $_POST['home_city'], 
     $_POST['home_state'], 
     $_POST['home_zipcode'], 
     $_POST['email'], 
     $_POST['p'])) { 
// Sanitize and validate the data passed in 
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING); 
$firstname = filter_input(INPUT_POST, 'firstname', FILTER_SANITIZE_STRINGS); 
$lastname = filter_input(INPUT_POST, 'lastname', FILTER_SANITIZE_STRINGS); 
$home_address1 = filter_input(INPUT_POST, 'home_address1', FILTER_SANITIZE_STRINGS); 
$home_address2 = filter_input(INPUT_POST, 'home_address2', FILTER_SANITIZE_STRINGS); 
$home_city = filter_input(INPUT_POST, 'home_city', FILTER_SANITIZE_STRINGS); 
$home_state = filter_input(INPUT_POST, 'home_state', FILTER_SANITIZE_STRINGS); 
$home_zipcode = filter_input(INPUT_POST, 'home_zipcode', FILTER_SANITIZE_STRINGS); 
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL); 
$email = filter_var($email, FILTER_VALIDATE_EMAIL); 
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { 
    // Not a valid email 
    $error_msg .= '<p class="error">The email address you entered is not valid</p>'; 
} 

$password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING); 
if (strlen($password) != 128) { 
    // The hashed pwd should be 128 characters long. 
    // If it's not, something really odd has happened 
    $error_msg .= '<p class="error">Invalid password configuration.</p>'; 
} 

// Username validity and password validity have been checked client side. 
// This should should be adequate as nobody gains any advantage from 
// breaking these rules. 
// 

$prep_stmt = "SELECT user_id FROM users WHERE email = ? LIMIT 1"; 
$stmt = $mysqli->prepare($prep_stmt); 

// check existing email 
if ($stmt) { 
    $stmt->bind_param('s', $email); 
    $stmt->execute(); 
    $stmt->store_result(); 

    if ($stmt->num_rows == 1) { 
     // A user with this email address already exists 
     $error_msg .= '<p class="error">A user with this email address already exists.</p>'; 
        $stmt->close(); 
    } 
      $stmt->close(); 
} else { 
    $error_msg .= '<p class="error">Database error Line 39</p>'; 
      $stmt->close(); 
} 

// check existing username 
$prep_stmt = "SELECT user_id FROM users WHERE username = ? LIMIT 1"; 
$stmt = $mysqli->prepare($prep_stmt); 

if ($stmt) { 
    $stmt->bind_param('s', $username); 
    $stmt->execute(); 
    $stmt->store_result(); 

      if ($stmt->num_rows == 1) { 
        // A user with this username already exists 
        $error_msg .= '<p class="error">A user with this username already    exists</p>'; 
        $stmt->close(); 
      } 
      $stmt->close(); 
    } else { 
      $error_msg .= '<p class="error">Database error line 55</p>'; 
      $stmt->close(); 
    } 

// TODO: 
// We'll also have to account for the situation where the user doesn't have 
// rights to do registration, by checking what type of user is attempting to 
// perform the operation. 

if (empty($error_msg)) { 
    // Create a random salt 
    //$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE)); // Did not work 
    $random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true)); 

    // Create salted password 
    $password = hash('sha512', $password . $random_salt); 

    // Insert the new user into the database 
    if ($insert_stmt = $mysqli->prepare("INSERT INTO users (username, 
                  firstname, 
                  lastname, 
                  home_address1, 
                  home_address2, 
                  home_city, 
                  home_state, 
                  home_zipcode, 
                  email, 
                  password, 
                  salt) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) { 
     $insert_stmt->bind_param('sssssssssss', $username, $firstname, $lastname, $home_address1, $home_address2, $home_city, $home_state, $home_zipcode, $email, $password, $random_salt); 
     // Execute the prepared query. 
     if (! $insert_stmt->execute()) { 
      header('Location: ./error.php?err=Registration failure: INSERT'); 
     } 
    } 
    header('Location: ./register_success.php'); 
    } 
}
+1

只是一个建议,但如果你在PHP 5.3或更高版本,我会建议使用[password_hash](http://*.com/a/26534575/2370483)。让您不必另存盐分 – Machavity 2014-11-01 15:29:49

+0

您收到的错误是什么? – 2014-11-01 15:33:29

+0

对于使用mysqli和准备好的语句而言+1 +1 – khandelwaldeval 2014-11-01 15:35:10

您使用有不确定的常数filter_input功能,FILTER_SANITIZE_STRINGS的第三PARAM。

正确的是最后没有“s”,FILTER_SANITIZE_STRING

$home_zipcode = filter_input(INPUT_POST, 'home_zipcode', FILTER_SANITIZE_STRING); 
//                   ^
etc.
+0

此外,由于您正在使用准备好的语句插入,因此无需先进行消毒 – Machavity 2014-11-01 15:35:15

试试这个:

if (empty($error_msg)) { 
    // Create a random salt 
    //$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE)); // Did not work 
    $random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true)); 

    // Create salted password 
    $password = hash('sha512', $password . $random_salt); 

    // Insert the new user into the database 
    if ($insert_stmt = $mysqli->prepare("INSERT INTO users (username, 
                  firstname, 
                  lastname, 
                  home_address1, 
                  home_address2, 
                  home_city, 
                  home_state, 
                  home_zipcode, 
                  email, 
                  password, 
                  salt) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) { 
     $insert_stmt->bind_param('sssssssssss', $username, $firstname, $lastname, $home_address1, $home_address2, $home_city, $home_state, $home_zipcode, $email, $password, $random_salt); 
     // Execute the prepared query. 
     $done=$insert_stmt->execute(); 
     $lines=mysqli_stmt_affected_rows($insert_stmt); 
     if($done && $lines==1){ 
      header('Location: ./register_success.php'); 
     } 
    } 
    header('Location: ./error.php?err=Registration failure: INSERT'); 
    } 
}

解释:

如果语句是UPDATE,DELETE或INSERT,受影响的行的总数可以通过使用mysqli_stmt_affected_rows确定( )功能。同样,如果查询产生结果集,则使用mysqli_stmt_fetch()函数。

从PHP手册中,执行函数不会确认受影响的行数。所以我只是重新检查了受影响的行,以确保在没有行受影响(插入)时它不会成​​功进入成功页面。

对不起,我编辑并更改了标题代码。

+0

*“试试这个”* - 好的,请解释您做了什么来配得上赞成票。 – 2014-11-01 15:44:48

+0

嗯,我专注于这个句子,'但它将我重定向到register_success.php'。抱歉只包括这么简单的一点。 – 2014-11-01 15:58:55

+0

我已经实现了您的更改,并且它仍然标题为没有插入的成功页面。 – 2014-11-01 16:00:50

相关推荐