PHP注册脚本 - 插入数据
问题描述:
这可能是有史以来最简单的错误,但我写了一个注册脚本..我会说,看起来好吧..唯一的问题是,它不会插入数据...它仍然打印一条消息说注册成功,但没有实际的数据进入数据库......看到下面的代码:PHP注册脚本 - 插入数据
<?php
include("dbconfig.php");
if(isset($_POST['register'])){
if(empty($_POST['first-name']) or empty($_POST['last-name']) or empty($_POST['email-address']) or empty($_POST['reg-username']) or empty($_POST['reg-pass'])){
header("location:index-login-page.php?msg0=Please complete the required fields.");
}
else {
$fname = $_POST['first-name'];
$lname = $_POST['last-name'];
$email = $_POST['email-address'];
$username = $_POST['reg-username'];
$pass = $_POST['reg-pass'];
$checkusername = mysql_query("SELECT username FROM users WHERE username = '$username'");
$checkemail = mysql_query("SELECT email FROM users WHERE email = '$email'");
$resultusername = mysql_num_rows($checkusername);
$resultemail = mysql_num_rows($checkemail);
if((($resultusername) ==1) or ($resultemail)==1){
header("location:index-login-page.php?msg1= Username or email address already exists.");
}
elseif((($resultusername) == 0) && ($resultemail) ==0) {
$insertquery =("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
header("location:index-login-page.php?msg1= Registration successful, please login.");
}
}
}
?>
请不要让我知道是什么错误(如果有的话),因为我似乎无法找到它。谢谢。
苏海尔。
答
$insertquery = ("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
应该是:
$insertquery = mysql_query("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$fname','$lname','$email','$username','$pass'");
我不得不虽然警告你:这被认为是不好的做法,你需要清理你的数据库输入
现在我会尝试这一点,但你是什么“净化”意味着什么? –
请阅读:http://*.com/questions/60174/how-can-i-prevent-sql-injection-in-php/1669109#1669109 – JorisK
谢谢先生,我看了看,我可以向你保证,我将考虑未来的发展。现在,我只是在修改我的记忆,因为我已经做了7个月的编码。谢谢。 –