1. 首页
  2. 问答
  3. PHP SQL注册表格

PHP SQL注册表格

2012-08-03 101 views
0

我正在尝试将数据保存到sql数据库的注册表单。我还没有进行表单验证,因为最让我感到困扰的是将这些东西放到sql上。我会很感激任何建议!PHP SQL注册表格

我有一个form.php文件,应该在努力工作。当我提交我的表单时,在这一点上,我得到一个空白屏幕,并没有加载到数据库中。

<?php 
$fname = $_POST['fname']; 
$lname = $_POST['lname']; 
$password = $_POST['password']; 
$email = $_POST['email']; 
$cell = $_POST['cell']; 
$experience = $_POST['experience']; 
$ip = $_POST['ip']; 

$password = md5($_POST['password']); 

$connection = msql_connect(localhost, USERNAME, PASSWORD); 
$db = mysql_select_db(registration,$connection);  

mysql_query("INSERT INTO userTable (fname,lname,password,email,cell,experience,ip) VALUES ('$fname', '$lname', '$password', '$email', '$cell', '$experience', '$ip')") 
    or die (mysql_error()); 

echo "Thank you for your registration"; 


?>

而且我有一个包含这个HTML文件:

  <form method = "post" action = "form.php"> 
      <h2>User Information</h2> 

      <div><label>First Name:</label> 
       <input type = "text" name = "fname"></div> 
      <div><label>Last Name:</label> 
       <input type = "text" name = "lname"></div> 
      <div><label>Password:</label> 
       <input type = "password" name = "password"></div> 
      <div><label>Email:</label> 
       <input type="text" name="email"></div> 
      <div><label>Cellphone:</label> 
       <input type="text" name="cell"></div> 
       <input type="hidden" name="ip" value='<?php echo $IP ?>'/> 
      <h2>What Is Your Experience Mountain Biking?</h2> 
      <p><input type="radio" name="experience" value="n00b" 
       checked>n00b 
       <input type="radio" name="experience" value="intermediate">Intermediate 
       <input type="radio" name="experience" value="extreme">Extreme     
       </p> 
      <p><input type="submit" name="submit" value="Register"></p> 
     </form>

最后,我有一个SQL数据库(我在本地运行的XAMPP)被称为“注册” 我创建的表被称为“userTable”,它包含8个字段,包括ID(自动递增)和其他7个我已经包含在顶部的值。任何想法我做错了什么?

来源

2012-08-03 jackie

+3

为什么这么多的问题仍然指向'mysql_'功能?你为什么不使用'mysqli_'函数?还有'$ connection = msql_connect(localhost,USERNAME,PASSWORD);'是一个错字。没有'msql_connect()'函数。更不用说sql注入攻击了! – 2012-08-03 00:29:32

+4

死亡白屏=错误显示关闭。打开它,看看你得到了什么 – 2012-08-03 00:30:08

+0

我建议添加error_reporting(E_ALL);到脚本的顶部以确保报告所有错误和问题。一旦完成,我们可以进一步了解为什么事情没有起作用。 – 2012-08-03 00:31:56

回答

-1 
Solved my own problem 


<?php 
$fname = $_POST['fname']; 
$lname = $_POST['lname']; 
$password = $_POST['password']; 
$email = $_POST['email']; 
$cell = $_POST['cell']; 
$experience = $_POST['experience']; 
$ip = $_POST['ip']; 

$fname = mysql_real_escape_string($fname); 
$lname = mysql_real_escape_string($lname); 
$email = mysql_real_escape_string($email); 
$password = md5($_POST['password']); 

$servername="localhost"; 
$username="user"; 
$conn= mysql_connect($servername,$username, password)or die(mysql_error()); 
mysql_select_db("registration",$conn); 
$sql="insert into userTable (fname,lname,password,email,cell,experience,ip) VALUES ('$fname', '$lname', '$password', '$email', '$cell', '$experience', '$ip')"; 

$result=mysql_query($sql,$conn) or die(mysql_error());   
print "<h1>you have registered sucessfully</h1>"; 


echo "Thank you for your registration to the "; 

mysql_close($connection);

>

来源

2012-08-03 01:59:11 jackie

+0

$ fname = mysql_real_escape_string($ _ POST ['fname']),你可以保存一些行。 – 2013-01-18 15:54:06

2

问题是什么?

1)问题在于,每次加载此页面时都会执行INSERT查询 - 意味着每次插入空值时都会执行INSERT查询。为什么?

仅仅是因为没有条件,如果各个领域已经公布,检查,所以不是:

<?php 

$fname = $_POST['fname']; 
$lname = $_POST['lname']; 
$password = $_POST['password']; 
$email = $_POST['email']; 
$cell = $_POST['cell']; 
$experience = $_POST['experience']; 
$ip = $_POST['ip'];

您应该检查是否$_POST超级全局有一些按键。 所以做任何查询之前 - 所有检查的第一,如果$_POST不为空

<?php 

//This means that user did submit the form 
if (!empty($_POST)){ 

    //all your stuff goes here 
} 

?> 
<html> 
..... 
</html>

2)你确定你在你的代码的控制?显然不是。

你必须检查一些函数是否返回TRUE,然后根据它做出以下操作。

例如,你确定mysql_query("your sql query")成功吗?

3)允许使用error_reporting到E_ALL,所以只是把error_reporting(E_ALL)在你的页面的顶部,这样的:

<?php 

error_reporting(E_ALL);

所以,你总是可以调试脚本 “飞”

4)你正在尽一切努力使这些代码难以维护,为什么? 看看这个:

<?php 

//Debug mode: 
error_reporting(E_ALL); 

//Sure you want to show some error if smth went wrong: 
$errors = array(); 

/** 
* 
* @return TRUE if connection established 
* FALSE on error 
*/ 
function connect(){ 

$connection = mysql_connect(localhost, USERNAME, PASSWORD); 
$db = mysql_select_db(registration,$connection);  

if (!$connection || !$db){ 
    return false; 
} else { 
    return true; 
} 
} 


//So this code will run if user did submit the form: 
if (!empty($_POST)){ 

//Connect sql server: 
if (!connect()){ 
    $errors[] = "Can't establish link to MySQL server"; 
} 

$fname = $_POST['fname']; 
$lname = $_POST['lname']; 
$password = $_POST['password']; 
$email = $_POST['email']; 
$cell = $_POST['cell']; 
$experience = $_POST['experience']; 
//Why post ip? not smth like $_SERVER['REMOTE_ADDR']... 
$ip = $_POST['ip']; 

$password = md5($_POST['password']); 

//No error at this point - means that it successfully connected to SQL server: 
if (empty($errors)){ 

    //let's prevent sql injection: 

    $fname = mysql_real_escape_string($fname); 
    //Please do this for all of them.. 
} 



//Now we should try to INSERT the vals: 

$query = "INSERT INTO `userTable` (`fname`,`lname`,`password`,`email`,`cell`,`experience`,`ip`) VALUES ('$fname', '$lname', '$password', '$email', '$cell', '$experience', '$ip')"; 

//So try it: 
if (!mysql_query($query)){ 
    // 
    //die (mysql_error()); 
    $errors[] = "Can't insert the vals"; 
} else { 
    //Or on success: 
    print ("Thank you for your registration"); 
    //or you can do redirect to some page, like this: 

    //header('location: /thanks.php'); 
} 


} 

?> 

<form method="post"> 
      <h2>User Information</h2> 

      <div><label>First Name:</label> 
       <input type = "text" name = "fname"></div> 
      <div><label>Last Name:</label> 
       <input type = "text" name = "lname"></div> 
      <div><label>Password:</label> 
       <input type = "password" name = "password"></div> 
      <div><label>Email:</label> 
       <input type="text" name="email"></div> 
      <div><label>Cellphone:</label> 
       <input type="text" name="cell"></div> 
       <input type="hidden" name="ip" value='<?php echo $IP ?>'/> 
      <h2>What Is Your Experience Mountain Biking?</h2> 
      <p><input type="radio" name="experience" value="n00b" 
       checked>n00b 
       <input type="radio" name="experience" value="intermediate">Intermediate 
       <input type="radio" name="experience" value="extreme">Extreme     
       </p> 

      <?php if (!empty($errors)) : ?> 

      <?php foreach($errors as $error): ?> 
      <p><b><?php echo $error; ?></b></p> 
      <?php endforeach; ?> 
      <?php endif; ?> 


      <p><input type="submit" name="submit" value="Register"></p> 
     </form>

来源

2012-08-03 01:45:54 Yang

+0

我喜欢你设置它的方式,我可能会在将来使用它。 – 2012-08-03 03:08:51

相关问题

 相关问题