注册过程未插入数据库
我的register.inc.php
未成功将用户信息插入到数据库中。但它会将我重定向到register_success.php
。注册过程未插入数据库
我错过了添加到插入数据的内容吗?
register.inc.php:
include_once 'config.php';
include_once 'db_connect.php';
$error_msg = "";
if (isset($_POST['username'],
$_POST['firstname'],
$_POST['lastname'],
$_POST['home_address1'],
$_POST['home_address2'],
$_POST['home_city'],
$_POST['home_state'],
$_POST['home_zipcode'],
$_POST['email'],
$_POST['p'])) {
// Sanitize and validate the data passed in
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$firstname = filter_input(INPUT_POST, 'firstname', FILTER_SANITIZE_STRINGS);
$lastname = filter_input(INPUT_POST, 'lastname', FILTER_SANITIZE_STRINGS);
$home_address1 = filter_input(INPUT_POST, 'home_address1', FILTER_SANITIZE_STRINGS);
$home_address2 = filter_input(INPUT_POST, 'home_address2', FILTER_SANITIZE_STRINGS);
$home_city = filter_input(INPUT_POST, 'home_city', FILTER_SANITIZE_STRINGS);
$home_state = filter_input(INPUT_POST, 'home_state', FILTER_SANITIZE_STRINGS);
$home_zipcode = filter_input(INPUT_POST, 'home_zipcode', FILTER_SANITIZE_STRINGS);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Not a valid email
$error_msg .= '<p class="error">The email address you entered is not valid</p>';
}
$password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
if (strlen($password) != 128) {
// The hashed pwd should be 128 characters long.
// If it's not, something really odd has happened
$error_msg .= '<p class="error">Invalid password configuration.</p>';
}
// Username validity and password validity have been checked client side.
// This should should be adequate as nobody gains any advantage from
// breaking these rules.
//
$prep_stmt = "SELECT user_id FROM users WHERE email = ? LIMIT 1";
$stmt = $mysqli->prepare($prep_stmt);
// check existing email
if ($stmt) {
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
// A user with this email address already exists
$error_msg .= '<p class="error">A user with this email address already exists.</p>';
$stmt->close();
}
$stmt->close();
} else {
$error_msg .= '<p class="error">Database error Line 39</p>';
$stmt->close();
}
// check existing username
$prep_stmt = "SELECT user_id FROM users WHERE username = ? LIMIT 1";
$stmt = $mysqli->prepare($prep_stmt);
if ($stmt) {
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
// A user with this username already exists
$error_msg .= '<p class="error">A user with this username already exists</p>';
$stmt->close();
}
$stmt->close();
} else {
$error_msg .= '<p class="error">Database error line 55</p>';
$stmt->close();
}
// TODO:
// We'll also have to account for the situation where the user doesn't have
// rights to do registration, by checking what type of user is attempting to
// perform the operation.
if (empty($error_msg)) {
// Create a random salt
//$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE)); // Did not work
$random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
// Create salted password
$password = hash('sha512', $password . $random_salt);
// Insert the new user into the database
if ($insert_stmt = $mysqli->prepare("INSERT INTO users (username,
firstname,
lastname,
home_address1,
home_address2,
home_city,
home_state,
home_zipcode,
email,
password,
salt) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) {
$insert_stmt->bind_param('sssssssssss', $username, $firstname, $lastname, $home_address1, $home_address2, $home_city, $home_state, $home_zipcode, $email, $password, $random_salt);
// Execute the prepared query.
if (! $insert_stmt->execute()) {
header('Location: ./error.php?err=Registration failure: INSERT');
}
}
header('Location: ./register_success.php');
}
}
您使用有不确定的常数filter_input
功能,FILTER_SANITIZE_STRINGS
的第三PARAM。
正确的是最后没有“s”,FILTER_SANITIZE_STRING
。
$home_zipcode = filter_input(INPUT_POST, 'home_zipcode', FILTER_SANITIZE_STRING);
// ^
etc.
此外,由于您正在使用准备好的语句插入,因此无需先进行消毒 – Machavity 2014-11-01 15:35:15
试试这个:
if (empty($error_msg)) {
// Create a random salt
//$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE)); // Did not work
$random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
// Create salted password
$password = hash('sha512', $password . $random_salt);
// Insert the new user into the database
if ($insert_stmt = $mysqli->prepare("INSERT INTO users (username,
firstname,
lastname,
home_address1,
home_address2,
home_city,
home_state,
home_zipcode,
email,
password,
salt) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) {
$insert_stmt->bind_param('sssssssssss', $username, $firstname, $lastname, $home_address1, $home_address2, $home_city, $home_state, $home_zipcode, $email, $password, $random_salt);
// Execute the prepared query.
$done=$insert_stmt->execute();
$lines=mysqli_stmt_affected_rows($insert_stmt);
if($done && $lines==1){
header('Location: ./register_success.php');
}
}
header('Location: ./error.php?err=Registration failure: INSERT');
}
}
解释:
如果语句是UPDATE,DELETE或INSERT,受影响的行的总数可以通过使用mysqli_stmt_affected_rows确定( )功能。同样,如果查询产生结果集,则使用mysqli_stmt_fetch()函数。
从PHP手册中,执行函数不会确认受影响的行数。所以我只是重新检查了受影响的行,以确保在没有行受影响(插入)时它不会成功进入成功页面。
对不起,我编辑并更改了标题代码。
*“试试这个”* - 好的,请解释您做了什么来配得上赞成票。 – 2014-11-01 15:44:48
嗯,我专注于这个句子,'但它将我重定向到register_success.php'。抱歉只包括这么简单的一点。 – 2014-11-01 15:58:55
我已经实现了您的更改,并且它仍然标题为没有插入的成功页面。 – 2014-11-01 16:00:50
只是一个建议,但如果你在PHP 5.3或更高版本,我会建议使用[password_hash](http://*.com/a/26534575/2370483)。让您不必另存盐分 – Machavity 2014-11-01 15:29:49
您收到的错误是什么? – 2014-11-01 15:33:29
对于使用mysqli和准备好的语句而言+1 +1 – khandelwaldeval 2014-11-01 15:35:10