信息未插入数据库(我的代码有什么问题?)
Information is not inserting in Database (What's wrong with my code?)
我正在尝试制作一个带有验证的注册表单。我在 html 和 css 代码中添加了一些 php 代码。一切都是好的。它验证用户或电子邮件是否已经存在。如果验证通过,则数据将保存在数据库中,但它不起作用。不知道是什么问题
这是我的代码:
<?php
if (isset($_POST['submit'])) {
require 'connect.php';
$username = ($_POST['username']);
$email = ($_POST['email']);
$password = ($_POST['password']);
$passwordconf = ($_POST['passwordconf']);
$errorfields = "<p class='errormsg'>Please fill out all the fields!</p>";
if (empty($username) || empty($email) || empty($password) ||
empty($passwordconf))
{
echo "$errorfields";
}
$check = mysqli_query($con, "SELECT username FROM users WHERE
username='$username' ");
if (mysqli_num_rows($check) >= 1) {
echo "username already exists"."</br>". "</br>";
}
$erroremail = "<p class='errormsg'>Email is not in name@domain format! </p>";
$regex = "/^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+.[a-z]{2,}$/i";
if(!preg_match($regex, $email))
{
echo "$erroremail";
}
$errorpassword = "<p class='errormsg'>You passwords do not match!</p>";
if ($password != $passwordconf)
{
echo "$errorpassword";
}
$check = mysqli_query($con, "SELECT email FROM users WHERE email='$email' ");
if (mysqli_num_rows($check) >= 1) {
echo "email already exists";
}
} else {
$con = mysqli_connect('localhost' , 'root', '');
if(!$con) {
echo "not connected";
}
if (!mysqli_select_db($con, "new accounts")) {
echo "database not selected";
}
$username= (isset($_POST['username']));
$email= (isset($_POST['email']));
$password= (isset($_POST['password']));
mysqli_query($con, "INSERT INTO users (username, email, password) VALUE ('$username', '$email', '$password')") or die ( "cannot insert in databse");
}
?>
首先,我写了$username = ($_POST['username'])
然后它显示错误,所以我将其更改为此。它没有向我显示错误,但它没有在数据库中插入任何内容。有人可以告诉我如何解决这个问题吗?谢谢
简短的回答是:
您的代码正在插入来自 isset() 的布尔结果值,这当然不是您的意图。删除 isset() 调用并声明提交的值。
但是,您的代码还有很多问题需要解决。
对于有这么多问题的代码块,这是我愿意慷慨的慷慨:
<?php
if (isset($_POST['submit']) {
if (empty($_POST['username']) || empty($_POST['email']) || empty($_POST['password']) || empty($_POST['passwordconf'])) {
$error = "<p class='errormsg'>Please fill out all the fields!</p>";
} elseif ($_POST['password'] !== $_POST['passwordconf']) {
$error = "<p class='errormsg'>You passwords do not match!</p>";
} elseif (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
$error = "<p class='errormsg'>Email is not in name@domain format!</p>";
} else {
require 'connect.php'; // implement object-oriented $con variable
if ($stmt=$con->prepare("SELECT * FROM users WHERE username=?")) {
if ($stmt->bind_param('s', $_POST['username']) && $stmt->execute() && $stmt->store_result()) {
if ($stmt->num_rows) {
$error = "<p class='errormsg'>Username already exists</p>";
}
} else {
$error = "<p class='errormsg'>Username Check Statement Error</p>"; // $stmt->error
}
$stmt->close();
} else {
$error = "<p class='errormsg'>Username Check Prepare Error</p>"; // $con->error;
}
if ($stmt=$con->prepare("SELECT * FROM users WHERE email=?")) {
if ($stmt->bind_param('s', $_POST['email']) && $stmt->execute() && $stmt->store_result()) {
if ($stmt->num_rows) {
$error = "<p class='errormsg'>Email already exists</p>";
}
} else {
$error = "<p class='errormsg'>Email Check Statement Error</p>"; // $stmt->error
}
$stmt->close();
} else {
$error = "<p class='errormsg'>Email Check Prepare Error</p>"; // $con->error;
}
}
if ($error) {
echo $error;
} else {
// Perform your insert with $_POST['username'], $_POST['email'], $_POST['password'] , but DO NOT EVER, EVER, EVER store raw passwords...
// This subject is too extensive and gathers too much scrutiny for me to dare to post any hard-fast lines of code on Whosebug
// Every minute that you spend researching this topic is time well spent.
// Not learning about cryptography and password security will lead to many, many unfortunate events for you and your users.
}
}
?>
所以,一般来说:
- 为了安全起见,使用带占位符的准备好的语句。
- 实施错误检查以便您可以快速调试问题。
- 正确地标记您的代码,以便遵循代码逻辑。
- 为了稳定性,使用电子邮件验证器而不是正则表达式。
- 在更昂贵的验证检查(如查询调用)之前执行更简单的验证检查
- 仅在必要时连接到您的数据库,并且re-use所有查询都使用相同的连接。
- 一个login/registration系统,如果操作得当,绝非易事;研究许多资源并确定适合您的 php 版本的最佳方法,并实施现有的最佳加密和存储技术。
我正在尝试制作一个带有验证的注册表单。我在 html 和 css 代码中添加了一些 php 代码。一切都是好的。它验证用户或电子邮件是否已经存在。如果验证通过,则数据将保存在数据库中,但它不起作用。不知道是什么问题
这是我的代码:
<?php
if (isset($_POST['submit'])) {
require 'connect.php';
$username = ($_POST['username']);
$email = ($_POST['email']);
$password = ($_POST['password']);
$passwordconf = ($_POST['passwordconf']);
$errorfields = "<p class='errormsg'>Please fill out all the fields!</p>";
if (empty($username) || empty($email) || empty($password) ||
empty($passwordconf))
{
echo "$errorfields";
}
$check = mysqli_query($con, "SELECT username FROM users WHERE
username='$username' ");
if (mysqli_num_rows($check) >= 1) {
echo "username already exists"."</br>". "</br>";
}
$erroremail = "<p class='errormsg'>Email is not in name@domain format! </p>";
$regex = "/^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+.[a-z]{2,}$/i";
if(!preg_match($regex, $email))
{
echo "$erroremail";
}
$errorpassword = "<p class='errormsg'>You passwords do not match!</p>";
if ($password != $passwordconf)
{
echo "$errorpassword";
}
$check = mysqli_query($con, "SELECT email FROM users WHERE email='$email' ");
if (mysqli_num_rows($check) >= 1) {
echo "email already exists";
}
} else {
$con = mysqli_connect('localhost' , 'root', '');
if(!$con) {
echo "not connected";
}
if (!mysqli_select_db($con, "new accounts")) {
echo "database not selected";
}
$username= (isset($_POST['username']));
$email= (isset($_POST['email']));
$password= (isset($_POST['password']));
mysqli_query($con, "INSERT INTO users (username, email, password) VALUE ('$username', '$email', '$password')") or die ( "cannot insert in databse");
}
?>
首先,我写了$username = ($_POST['username'])
然后它显示错误,所以我将其更改为此。它没有向我显示错误,但它没有在数据库中插入任何内容。有人可以告诉我如何解决这个问题吗?谢谢
简短的回答是:
您的代码正在插入来自 isset() 的布尔结果值,这当然不是您的意图。删除 isset() 调用并声明提交的值。
但是,您的代码还有很多问题需要解决。
对于有这么多问题的代码块,这是我愿意慷慨的慷慨:
<?php
if (isset($_POST['submit']) {
if (empty($_POST['username']) || empty($_POST['email']) || empty($_POST['password']) || empty($_POST['passwordconf'])) {
$error = "<p class='errormsg'>Please fill out all the fields!</p>";
} elseif ($_POST['password'] !== $_POST['passwordconf']) {
$error = "<p class='errormsg'>You passwords do not match!</p>";
} elseif (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
$error = "<p class='errormsg'>Email is not in name@domain format!</p>";
} else {
require 'connect.php'; // implement object-oriented $con variable
if ($stmt=$con->prepare("SELECT * FROM users WHERE username=?")) {
if ($stmt->bind_param('s', $_POST['username']) && $stmt->execute() && $stmt->store_result()) {
if ($stmt->num_rows) {
$error = "<p class='errormsg'>Username already exists</p>";
}
} else {
$error = "<p class='errormsg'>Username Check Statement Error</p>"; // $stmt->error
}
$stmt->close();
} else {
$error = "<p class='errormsg'>Username Check Prepare Error</p>"; // $con->error;
}
if ($stmt=$con->prepare("SELECT * FROM users WHERE email=?")) {
if ($stmt->bind_param('s', $_POST['email']) && $stmt->execute() && $stmt->store_result()) {
if ($stmt->num_rows) {
$error = "<p class='errormsg'>Email already exists</p>";
}
} else {
$error = "<p class='errormsg'>Email Check Statement Error</p>"; // $stmt->error
}
$stmt->close();
} else {
$error = "<p class='errormsg'>Email Check Prepare Error</p>"; // $con->error;
}
}
if ($error) {
echo $error;
} else {
// Perform your insert with $_POST['username'], $_POST['email'], $_POST['password'] , but DO NOT EVER, EVER, EVER store raw passwords...
// This subject is too extensive and gathers too much scrutiny for me to dare to post any hard-fast lines of code on Whosebug
// Every minute that you spend researching this topic is time well spent.
// Not learning about cryptography and password security will lead to many, many unfortunate events for you and your users.
}
}
?>
所以,一般来说:
- 为了安全起见,使用带占位符的准备好的语句。
- 实施错误检查以便您可以快速调试问题。
- 正确地标记您的代码,以便遵循代码逻辑。
- 为了稳定性,使用电子邮件验证器而不是正则表达式。
- 在更昂贵的验证检查(如查询调用)之前执行更简单的验证检查
- 仅在必要时连接到您的数据库,并且re-use所有查询都使用相同的连接。
- 一个login/registration系统,如果操作得当,绝非易事;研究许多资源并确定适合您的 php 版本的最佳方法,并实施现有的最佳加密和存储技术。