1. 首页
  2. 问答
  3. SQL插入在PHP不工作

SQL插入在PHP不工作

2016-11-30 70 views
1

我很新的PHP和试图获得注册和工作,我的代码在分钟只是加载用户名到数据库中,没有别的。虽然它,如果我把它们硬编码到SQL INSERT值输入到数据库中的其他领域和不使用SQL插入在PHP不工作

$users_Password

等。顺便说一句,我知道这是可怕的代码和密码应该复述等,但香港专业教育学院真的只是撕毁这个代码分开,因为这不会工作,并在这之后整理出来的欢呼声加上后面的一切,这是我的代码

形式

<form id = "Register_form" action="Register.php" method="post"> 
      Username: <input type="text" name="Username"><br> 
      Password: <input type="password" name="Password"><br> 
      Confirm Password: <input type="password" name="ConfirmPassword"><br> 
      First Name: <input type="text" name="FirstName"><br> 
      Surname: <input type="text" name="Surname"><br> 
      Address Line 1: <input type="text" name="AddressLine1"><br> 
      Address Line 2: <input type="text" name="AddressLine2"><br> 
      City: <input type="text" name="City"><br> 
      Telephone: <input type="text" name="Telephone"><br> 
      Mobile: <input type="text" name="Mobile"><br></br> 
      <input type="submit">

然后在Register.php文件

<?php 
       // create connection 
       $con=mysqli_connect("localhost","root","","book"); 
       // check connection 
       if(mysqli_connect_errno($con)){ 
        echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
       } 

       $users_Username = $_POST['Username']; 
       $users_Password = $_POST['Password']; 
       $users_ConfirmPassword = $_POST['ConfirmPassword']; 
       $users_FirstName = $_POST['FirstName']; 
       $users_Surname = $_POST['Surname']; 
       $users_AddressLine1 = $_POST['AddressLine1']; 
       $users_AddressLine2 = $_POST['AddressLine2']; 
       $users_City = $_POST['City']; 
       $users_Telephone = $_POST['Telephone']; 
       $users_Mobile = $_POST['Mobile']; 
       //Multiple Error checkings such as 
       if ($users_Username == "") 
       { 
        echo "Please enter a username"; 
        echo "<script>setTimeout(\"location.href = 'http://localhost/webD/Assignment/Register_Form.php';\",1500);</script>"; 
       } 
       else if ($users_Password = "") 
       { 
        echo "Please enter a password"; 
        echo "<script>setTimeout(\"location.href = 'http://localhost/webD/Assignment/Register_Form.php';\",1500);</script>"; 
       } 
       else if ($users_ConfirmPassword == $users_Password) 
       { 
        if (strlen($users_Password)<=6) 
        { 
         $sql = "INSERT INTO users VALUES ('$users_Username', '$users_Password', '$users_FirstName', '$users_Surname','$users_AddressLine1','$users_AddressLine2','$users_City','$users_Telephone','$users_Mobile')"; 

         if($con->query($sql) === TRUE) 
         { 
          echo "User succesfully registered"; 
          echo "<script>setTimeout(\"location.href = 'http://localhost/webD/Assignment/Log_In_Screen.php';\",1500);</script>"; 


         } 
         else 
         { 
          echo "Unable to register user, Please try again"; 
          echo "<script>setTimeout(\"location.href = 'http://localhost/webD/Assignment/Register_Form.php';\",1500);</script>"; 
         } 

         //echo "<pre>\n$sql\n</pre>\n"; 
         mysql_query($sql); 
        } 
        else 
        { 
         echo "The password you entered is too long, max characters is 6"; 
         echo "<script>setTimeout(\"location.href = 'http://localhost/webD/Assignment/Register_Form.php';\",1500);</script>"; 
        } 
       } 
       else 
       { 
        echo "Passwords do not match, Please try again"; 
        echo "<script>setTimeout(\"location.href = 'http://localhost/webD/Assignment/Register_Form.php';\",1500);</script>"; 
       } 

       mysqli_close($con); 

     ?>

似乎没有什么会插入数据库除了用户名,任何人都有办法解决这个问题? 干杯

来源

2016-11-30 Andrew Owens

+0

你能告诉我们你的用户表的架构吗?有一个ID字段? – tanaydin

+0

另外,他不应该使用'mysql'的扩展名...已过时和过时...他也应该使用查询参数... – Hackerman

+0

没有保护SQL注入...没有验证,如果用户名已被采取......我在这里想想,在问他解决问题的过程中,还有很多其他事情出错了。 – Twinfriends

回答

-2

什么内容落在你的数据库中?

尝试在适当的行:

"INSERT INTO users VALUES ('".$users_Username."', '".$users_Password."', '".$users_FirstName."', '".$users_Surname."','".$users_AddressLine1."','".$users_AddressLine2."','".$users_City."','".$users_Telephone."','".$users_Mobile."')";

PHP PARAMS不能在“”,所以你必须使用字符串连接进行评估。

来源

2016-11-30 15:31:02 Micha

+0

字符串本身用双引号引起来,所以是的,它会被评估。单引号位于双引号字符串内,因此不是处理的一部分。 – aynber

0

你有东西到处都是,并混合mysqlmysqli更何况你让自己开放SQL注入。使用您使用的脚本我坚持使用mysqli使用prepared statements并将您的验证和持久性分开。有评论,这将解释一些

<?php 
    $users_Username = $_POST['Username']; 
    $users_Password = $_POST['Password']; 
    $users_ConfirmPassword = $_POST['ConfirmPassword']; 
    $users_FirstName = $_POST['FirstName']; 
    $users_Surname = $_POST['Surname']; 
    $users_AddressLine1 = $_POST['AddressLine1']; 
    $users_AddressLine2 = $_POST['AddressLine2']; 
    $users_City = $_POST['City']; 
    $users_Telephone = $_POST['Telephone']; 
    $users_Mobile = $_POST['Mobile']; 

    //LETS JUST DO ERROR CHECKING ONLY 
    $valid = true; //Used to verify that user input is as expected. 
    //All the validation as before just as ifs and will set the 
    //$valid flag to false when validation fails. 
    if ($users_Username == "") 
    { 
     $valid = false; 
     echo "Please enter a username"; 
     echo "<script>setTimeout(\"location.href = 'http://localhost/webD/Assignment/Register_Form.php';\",1500);</script>"; 
    } 
    if ($users_Password = "") 
    { 
     $valid = false; 
     echo "Please enter a password"; 
     echo "<script>setTimeout(\"location.href = 'http://localhost/webD/Assignment/Register_Form.php';\",1500);</script>"; 
    } 
    if (strlen($users_Password)>6) 
    { 
     $valid = false; 
     echo "The password you entered is too long, max characters is 6"; 
     echo "<script>setTimeout(\"location.href = 'http://localhost/webD/Assignment/Register_Form.php';\",1500);</script>"; 
    } 

    if ($users_ConfirmPassword != $users_Password) 
    { 
     $valid = false; 
     echo "Passwords do not match, Please try again"; 
     echo "<script>setTimeout(\"location.href = 'http://localhost/webD/Assignment/Register_Form.php';\",1500);</script>"; 
    } 

    //Separating validation and persistence mean you only 
    //open a connection and persist when needed. 
    if($valid) 
    { 
     //NOW WE ONLY CONNECT WHEN YOU NEED TO!     
     $con=mysqli_connect("localhost","root","","book"); 

     // check connection 
     if(!$con) 
     { 
      echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
     } 
     //YOU MAY NEED TO SPECIFY THE COLUMNS YOU ENTER 
     $stmt = mysqli_prepare($con, "INSERT INTO users VALUES (?,?,?,?,?,?,?,?,?)"); 
     //ASSUMING ALL 9 PARAMETERS ARE STRINGS hence the sssssssss 
     mysqli_stmt_bind_param($stmt, 'sssssssss', $users_Username,$users_Password,$users_FirstName,$users_Surname,$users_AddressLine1,$users_AddressLine2,$users_City,$users_Telephone,$users_Mobile); 

     if(mysqli_stmt_execute($stmt)) 
     { 
      echo "User succesfully registered"; 
      echo "<script>setTimeout(\"location.href = 'http://localhost/webD/Assignment/Log_In_Screen.php';\",1500);</script>"; 
     } 

     mysqli_close($con); 
    } 
?>

来源

2016-11-30 16:03:12 nerdlyist

相关问题

 相关问题