1. 首页
  2. 问答
  3. 试图将数据从一个形式存储到数据库中使用PHP

试图将数据从一个形式存储到数据库中使用PHP

2016-11-30 57 views
0

嘿并在此先感谢,我试图从表单中获取数据,并将其输入到数据库中。我下面就如何做到这一点的指导,但是对于任何指导犯规帐户不工作........试图将数据从一个形式存储到数据库中使用PHP

我刚开始用PHP,所以我的技能是相当有限的,然而,我理解我写的所有代码,但它不起作用! PHP脚本不会移动过去的if语句下面,我想不通为什么:

// Check for existing user with the new id 
$sql = "SELECT COUNT(*) FROM sessions.users WHERE userid = '$_POST[newid]'"; 
$result = mysqli_query($cxn, $sql); 
if (!$result) { 
error('A database error occurred in processing your '. 
'submission.\nIf this error persists, please '. 
'contact [email protected] This is from error 1');

整个代码:

signup.php

<?php //signup.php 
     include 'common.php'; 
     include 'db.php'; 

     if(!isset($_POST['submitok'])): 
     // display user signup form 

     ?> 


    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 

    <html xmlns="http://www.w3.org/1999/xhtml"> 

    <head> 
     <title>New User Registration</title> 
     <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> 
    </head> 
    <body> 
     <h3>New User Registration Form</h3> 
     <p><font color="orangered" size="+1"><tt><b>*</b></tt></font> indicates a required field</p> 
     <form method="post" action="<?=$_SERVER['PHP_SELF']?>"> 
     <table border="0" cellpadding="0" cellspacing="5"> 
      <tr> 
      <td align="right"> 
       <p>User ID</p> 
      </td> 
      <td> 
       <input name="newid" type="text" maxlength="100" size="25" /> 
      <font color="orangered" size="+1"><tt><b>*</b></tt></font> 
      </td> 
     </tr> 
     <tr> 
      <td align="right"> 
      <p>Full Name</p> 
      </td> 
      <td> 
      <input name="newname" type="text" maxlength="100" size="25" /> 
      <font color="orangered" size="+1"><tt><b>*</b></tt></font> 
      </td> 
     </tr> 
     <tr> 
      <td align="right"> 
      <p>E-Mail Address</p> 
      </td> 
      <td> 
      <input name="newemail" type="text" maxlength="100" size="25" /> 
      <font color="orangered" size="+1"><tt><b>*</b></tt></font> 
      </td> 
     </tr> 
     <tr valign="top"> 
      <td align="right"> 
      <p>Other Notes</p> 
      </td> 
      <td> 
      <textarea wrap="soft" name="newnotes" rows="5" cols="30"></textarea> 
      </td> 
     </tr> 
     <tr> 
      <td align="right" colspan="2"> 
      <hr noshade="noshade" /> 
      <input type="reset" value="Reset Form" /> 
      <input type="submit" name="submitok" value=" OK " /> 
      </td> 
     </tr> 
     </table> 
    </form> 
    </body> 
    </html> 
    <?php 
     else: 
      //process sign up submission 
      dbConnect('sessions'); 

      if ($_POST['newid']=='' or $_POST['newname']=='' 
      or $_POST['newemail']=='') { 
      error('One or more required fields were left blank.\\n'. 
        'Please fill them in and try again.'); 
     } 

     // Check for existing user with the new id 
     $sql = "SELECT COUNT(*) FROM sessions.users WHERE userid = '$_POST[newid]'"; 
     $result = mysqli_query($cxn, $sql); 
     if (!$result) { 
     error('A database error occurred in processing your '. 
     'submission.\nIf this error persists, please '. 
     'contact [email protected] This is from error 1'); 
    } 

     if (@mysqli_result($result,0,0)>0) { 
     error('A user already exists with your chosen userid.\n'. 
     'Please try another.'); 
     } 

     $newpass = substr(md5(time()),0,6); 

     $sql = "INSERT INTO sessions.users SET 
     userid = '$_POST[newid]', 
     password = PASSWORD('$newpass'), 
     fullname = '$_POST[newname]', 
     email = '$_POST[newemail]', 
     notes = '$_POST[newnotes]'"; 
     if (!mysqli_query($sql)) 
     error('A database error occurred in processing your '. 
     'submission.\nIf this error persists, please '. 
     'contact [email protected] This is from error 2'); 

     // Email the new password to the person. 
     $message = "G'Day! 

     Your personal account for the Project Web Site 
     has been created! To log in, proceed to the 
     following address: 

      http://www.example.com/ 

     Your personal login ID and password are as 
     follows: 

      userid: $_POST[newid] 
      password: $newpass 

     You aren't stuck with this password! Your can 
     change it at any time after you have logged in. 

     If you have any problems, feel free to contact me at 
     <[email protected]>. 

     -Your Name 
     Your Site Webmaster 
     "; 

     mail($_POST['newemail'],"Your Password for the Project Website", 
      $message, "From:Your Name <[email protected]>"); 
     ?> 

     <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN" 
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
     <html xmlns="http://www.w3.org/1999/xhtml"> 
     <head> 
      <title> Registration Complete </title> 
      <meta http-equiv="Content-Type" 
      content="text/html; charset=iso-8859-1" /> 
     </head> 
     <body> 
     <p><strong>User registration successful!</strong></p> 
     <p>Your userid and password have been emailed to 
      <strong><?=$_POST['newemail']?></strong>, the email address 
      you just provided in your registration form. To log in, 
      click <a href="index.php">here</a> to return to the login 
      page, and enter your new personal userid and password.</p> 
     </body> 
     </html> 
     <?php 
     endif; 
     ?>

db.php中

<?php // db.php 

    $dbhost = 'localhost'; 
    $dbuser = 'root'; 
    $dbpass = ''; 

    function dbConnect($db='') { 
     global $dbhost, $dbuser, $dbpass; 

     $cxn = mysqli_connect($dbhost,$dbuser,$dbpass); 

     mysqli_select_db($cxn,$db) 
     or die ("Couldn’t select database."); 


     return $cxn; 
    } 
    ?>

common.php

<?php // common.php 

    function error($msg) { 
    ?> 
    <html> 
    <head> 
     <script language="JavaScript"> 
     <!-- 
     alert("<?=$msg?>"); 
     history.back(); 
     //--> 
     </script> 
    </head> 
    <body> 
    </body> 
    </html> 
    <?php 
    exit; 
    } 
    ?>

任何帮助,为什么这个if语句总是产生错误将是盛大的 - 谢谢。

来源

2016-11-30 DCWD

+0

如果您收到一个错误,你应该在你的问题的错误 –

+0

对不起我的措辞有点过,PHP脚本不会搬过去: //检查现有用户使用新的ID $ SQL =“SELECT COUNT(*)FROM sessions.users WHERE userid ='$ _POST [newid]'”; $ result = mysqli_query($ cxn,$ sql); if(!$ result){ 错误('处理' '提交时发生数据库错误。\ n如果此错误仍然存​​在,请' '与[email protected]联系。 ; – DCWD

回答

0

你没有在可用范围内分配你的数据库连接。你从你的dbConnect()函数返回它,你只是没有做任何与返回的值。

dbConnect('sessions');应该$cxn = dbConnect('sessions');

你会被警告的问题的原因,如果你使用mysqli_error()让MySQL的告诉你它不喜欢。

最后,你应该在你的查询中使用绑定的参数,而不是直接注入用户提供的数据。搜索“mysqli bound parameters”这样的东西来学习如何做到这一点。你现在拥有的是可以攻击的。

为了您INSERT语句,可以使用约束参数:

$sql = "INSERT INTO sessions.users (userid, password, fullname, email, notes) VALUES (?, ?, ?, ?, ?)"; 

$stmt = mysqli_prepare($sql); 
mysqli_stmt_bind_param($stmt, 'issss', $newID, PASSWORD($newpass), $fullName, $email, $notes); 

if(!mysqli_stmt_execute($stmt)) 
{ 
    // use this for debugging, but do NOT leave it in production code 
    die(mysqli_error($cxn)); 
} 

mysqli_stmt_close($stmt);

以上是未经测试,因此可能你将不得不作出小的调整。至少应该给你一个很好的主意。

同时,确保PASSWORD()真的是你想要使用什么。我有一种感觉不是,但我不想假设。

来源

2016-11-30 16:10:16

+0

这工作谢谢你!然而,现在我使用下面的响应中的INSERT指令,没有任何东西被添加到数据库中,所以现在我实际上已经过去了那条IF语句,但没有任何反应。 – DCWD

+0

该答案似乎缺少字段列表和“VALUES”关键字的结尾'''之间的空格。在这里,再次,将是一个利用mysql自己的错误报告的好地方。 –

+0

对不起,是绝对的痛苦,你能给我一个我将如何使用它的例子吗? 你是我的英雄!感谢Patrick! – DCWD

相关问题

 相关问题