-1
我想建立一个社交网络门户。我写了一个代码。但是在提交注册数据之后,它将我重定向到成功的注册页面,但不注册数据库用户。即使电子邮件地址和确认电子邮件地址不符,它也显示注册成功。一切都很好,但注册不起作用
的config.php
<?php
define("HOST","localhost");
define("DB","thinker");
define("DBUSER","root");
define("DBPASS","");
?>
connection.php
<?php
include("config.php");
$connection=mysqli_connect(HOST,DBUSER,DBPASS,DB);
if(mysqli_connect_errno($connection)){
echo "Failed to connect to Mysql Database: ".mysqli_connect_error();
}
?>
的index.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="CSS/welcome.css"/>
<title>Welcome To The Thinkers</title>
</head>
<body>
<div class="header"><div class="logo">Welcome To Thinkers</div>
</div>
<div class="reg"><p class="pfrom">Register Here</p><br/>
<form action="../thinkers/registration/registration.php" method="post" enctype="multipart/form-data" name="MaskName" class="regform">
Mask Name : <input type="text" name="maskname" /><br/>
User Name : <input type="text" name="maskname" /><br/>
First Name : <input type="text" name="maskname" /><br/>
Last Name : <input type="text" name="maskname" /><br/>
Birthday : <input type="text" name="maskname" /><br/>
Email Address : <input type="text" name="maskname" /><br/>
Confirm E-Add : <input type="text" name="maskname" /><br/>
Password : <input type="text" name="password" /><br/>
Confirm Password :<input type="text" name="confirmpassword" /><br/>
<input type="submit" value="Click Here To Register" />
</form>
</div>
<div class="footer">
<h1>This is the footer</h1>
</div>
</body>
</html>
为registration.php
<?php
require("connection.php");
if(isset ($_POST["maskname"],$_POST["username"],$_POST["firstname"],$_POST["lastname"],$_POST["dateofbirth"],$_POST["emailaddress"],$_POST["confirmemailaddress"],$_POST["password"],$_POST["confirmpassword"])){
$maskname=$_POST["maskname"];
$username=$_POST["username"];
$firstname=$_POST["firstname"];
$lastname=$_POST["lastname"];
$dateofbirth=$_POST["dateofbirth"];
$emailaddress=$_POST["maskname"];
$confirmemailaddress=$_POST["confirmemailaddress"];
$password=$_POST["password"];
$confirmpassword=$_POST["confirmpassword"];
}
if($emailaddress!=$confirmemailaddress|| $password!=$confirmpassword){
echo "Email Address and password Did not match";
}
else{$sql="INSERT INTO member (maskname, username, firstname,lastname, emailaddress, password,birthday)
VALUES ('$maskname', '$username', '$firstname','$lastname', '$emailaddress', '$password','$birthday')" && header('Location: ../registration/successfull.html');
}
if(!mysqli_query($connection,$sql)){
die('Error: ' . mysqli_error($connection));
}
mysqli_close($connection);
?>
successfull.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="../CSS/welcome.css"/>
<title>Registration Successfull</title>
</head>
<body>
<div class="header"><div class="logo">Welcome To Thinkers</div>
</div>
<div class="reg"><p class="pfrom">You Have Been Registered Successfully</p><br/>
<form action="login.php" method="post" enctype="multipart/form-data" name="MaskName" class="regform">
Email Address<br/>
<input type="text" name="emailaddress" /><br/>
Password<br/>
<input type="password" name="password" /><br/><br/>
<input type="submit" value="Click To Enter The World" />
</form>
<div class="footer">
<h1>This is the footer</h1>
</div>
</div>
被修改的HTML代码形式
<div class="reg"><p class="pfrom">Register Here</p><br/>
<form action="../thinkers/registration/registration.php" method="post" enctype="multipart/form-data" class="regform">
Mask Name : <input type="text" name="maskname" /><br/>
User Name : <input type="text" name="username" /><br/>
First Name : <input type="text" name="firstname" /><br/>
Last Name : <input type="text" name="lastname" /><br/>
Birthday : <input type="text" name="birthday" /><br/>
Email Address : <input type="text" name="emailaddress" /><br/>
Confirm E-Add : <input type="text" name="confiremailaddress" /><br/>
Password : <input type="text" name="password" /><br/>
Confirm Password :<input type="text" name="confirmpassword" /><br/>
<input type="submit" value="Click Here To Register" />
</form>
编辑PHP代码
<?php
require("connection.php");
if(isset ($_POST["maskname"],$_POST["username"],$_POST["firstname"],$_POST["lastname"],$_POST["dateofbirth"],$_POST["emailaddress"],$_POST["confirmemailaddress"],$_POST["password"],$_POST["confirmpassword"])){
$maskname=$_POST["maskname"];
$username=$_POST["username"];
$firstname=$_POST["firstname"];
$lastname=$_POST["lastname"];
$dateofbirth=$_POST["dateofbirth"];
$emailaddress=$_POST["maskname"];
$confirmemailaddress=$_POST["confirmemailaddress"];
$password=$_POST["password"];
$confirmpassword=$_POST["confirmpassword"];
}
if($emailaddress!=$confirmemailaddress or $password!=$confirmpassword){
echo "Email Address and password Did not match";
}
else{$sql="INSERT INTO member (maskname, username, firstname,lastname, emailaddress, password,birthday)
VALUES ('$maskname', '$username', '$firstname','$lastname', '$emailaddress', '$password','$birthday')";
}
if(!mysqli_query($connection,$sql)){
die('Error: ' . mysqli_error($connection));
}
mysqli_close($connection);
?>
你会得到可怕的,可怕的,像这样的代码被黑客入侵。到处都有SQL注入漏洞。 [**请不要在新代码中使用'mysql_ *'函数**](http://bit.ly/phpmsql)。他们不再被维护[并且被正式弃用](http://j.mp/XqV7Lp)。看到[**红框**](http://j.mp/Te9zIL)?学习[*准备的语句*](http://j.mp/T9hLWi),并使用[PDO](http://php.net/pdo)或[MySQLi](http://php.net/ mysqli) - [这篇文章](http://j.mp/QEx8IB)将帮助你决定哪个。如果你选择PDO,[这里是一个很好的教程](http://j.mp/PoWehJ)。 – ceejayoz 2013-05-10 04:26:22