我有一个小问题。脚本没有插入数据[MySQL/PHP]
我做了一个PHP脚本,该脚本应该将数据插入到我的数据库中,但可悲的是,它不起作用,它已经工作过。我现在正在主机上运行我的脚本,这可能是问题..但我不认为它是。
代码:
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<?php
$usernameErr = $emailErr = $passwordErr = $password_valErr = "";
$username = $email = $password = $password_val = "";
if($_SERVER['REQUEST_METHOD'] == 'POST') {
if(empty($_POST['username'])) {
$usernameErr = "Name is required";
} else {
$username = validate_input($_POST['username']);
if(strlen($username) <= 3) {
$usernameErr = "Username must be 4 characters or longer.";
}
if(strlen($username) > 26) {
$usernameErr = "Username can't be longer as 26 characters.";
}
if(!preg_match("/^[a-zA-Z ]*$/", $username)) {
$usernameErr = "Only letters and white space allowed.";
}
}
if(empty($_POST['email'])) {
$emailErr = "Email is required";
} else {
$email = validate_input($_POST['email']);
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format.";
}
}
if(empty($_POST['password'])) {
$passwordErr = "Password is required";
} else {
$password = validate_input($_POST['password']);
if(strlen($password) <= 5) {
$passwordErr = "Password must be 6 characters or longer.";
}
if(strlen($password) > 26) {
$passwordErr = "Password can't be longer as 26 characters.";
}
if(!preg_match("#[0-9]+#", $password)) {
$passwordErr = "Password must contain atleast 1 number.";
}
}
if(empty($_POST['password_val'])) {
$password_valErr = "Password_val is required";
} else {
$password_val = validate_input($_POST['password_val']);
if($password_val != $password) {
$password_valErr = "Password_val must be equal to password.";
}
}
if($usernameErr == '' && $emailErr == '' && $passwordErr == '' && $password_valErr == '') {
$check_user = mysqli_query($conn, "SELECT * FROM users WHERE username='".trim($username)."'");
$check_mail = mysqli_query($conn, "SELECT * FROM users WHERE email='".trim($email)."'");
if(mysqli_num_rows($check_user) > 0) {
echo 'This username allready exists';
} elseif(mysqli_num_rows($check_mail) > 0) {
echo 'This email address is already registered.';
} else {
$username = mysql_real_escape_string(trim($username));
$email = mysql_real_escape_string(trim($email));
$password = mysql_real_escape_string(trim($password));
$rand_salt = randString();
/*$final_pass = password_hash($password_val, PASSWORD_DEFAULT)."\n";*/
$final_pass = sha1($password.PASSWORD_SALT.$rand_salt);
$privileges = 0;
$sql = "INSERT INTO users (username,password,salt,email)
VALUES ('".$username."','".$final_pass."','".$rand_salt."','".$email."')";
if($conn->query($sql) === TRUE) {
echo "User registered.";
} else {
echo 'Error: ' . $sql . '<br>' . $conn->error;
}
}
}
}
?>
<table border="1">
<tr>
<td><label>Username</label><?=' <b>' . $usernameErr . '</b>';?></td>
<td><input type="text" name="username" value="<?=$username;?>" placeholder="Enter your desired username..." /></td>
</tr>
<tr>
<td><label>E-mail</label><?=' <b>' . $emailErr . '</b>';?></td>
<td><input type="text" name="email" value="<?=$email;?>" placeholder="Enter your email address..." /></td>
</tr>
<tr>
<td><label>Password<?=' <b>' . $passwordErr . '</b>';?></label></td>
<td><input type="password" name="password" placeholder="Enter your desired password..." /></td>
</tr>
<tr>
<td><label>Repeat Password<?=' <b>' . $password_valErr . '</b>';?></label></td>
<td><input type="password" name="password_val" placeholder="Repeat your chosen password.." /></td>
</tr>
<tr>
<td><input type="submit" name="register" value="Register" /></td>
</tr>
</table>
</form>
此代码应工作,但第一个问题是:
action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
此代码将不得不送我去同一个页面,register.php在这种情况下, ,但不知何故,它将我发送到index.php页面。所以,如果我删除此代码,并保留采取行动空或刚进入register.php在那里,得到的数据插入除用户名和电子邮件这两者都是VARCHAR处理..
我希望有人能帮助我,
谢谢!
你在混合MySQL API /函数。不能这样做。 –
你也可以做'action =“”''和“self”一样。 –
你也很容易受到[sql注入攻击](http://bobby-tables.com)的攻击。 –