0
我已经写了几个包含PHP代码的文件,如下所示:创建一个登录页面并输入用户名,密码和名称,并且您的cookie被盐渍和散列你可以编辑你的cookie。输入您的详细信息后,您应该能够看到您的数据显示在“用户”表中。然而,我所得到的MySQL是“ MySQL返回的查询结果为空(即零行)(查询花费0.0000秒。)”表有,但所有的属性都丢失
我有一个名为下面的“connect2000.php”的文件:
<?php
$dbserver = "localhost";
$dbuser = "root";
$dbpassword = "";
$dbname = "tutorial";
$dbcon = mysqli_connect($dbserver, $dbuser, $dbpassword, $dbname);
if(!$dbcon) {
die("Error connecting to database: " . mysqli_error());
}
echo "You have connected successfully";
mysqli_select_db($dbcon, $dbname) or die("Unable to select database: " .
mysqli_error());
$query = "CREATE TABLE users (
Username VARCHAR(30) NOT NULL,
Password VARCHAR(100) NOT NULL,
ID INT NOT NULL,
Name VARCHAR (30) NOT NULL,
Salt VARCHAR(100) NOT NULL,
PRIMARY KEY (ID))";
$result = mysqli_query($dbcon, $query);
if(!result) die("Database access failed: " . mysqli_error());
?>
而且我有一个名为下面的“register2000.php”的文件:
<?php
require_once 'connect2000.php';
$connection = mysqli_connect("localhost", "root", "", "tutorial") or
die("Couldn't connect
to the server!");
//error reporting(0);
if(isset($_POST['register'])){
if(isset($_POST['username']) && isset($_POST['password'])) {
$username = mysqli_real_escape_string($_POST['username']);
$password = mysqli_real_escape_string(hash("sha512",
$_POST['password']));
$name = "";
if(isset($_POST['name'])) {
$name = mysqli_real_escape_string(strip_tags($_POST['name']));
}
$check = mysqli_fetch_array(mysqli_query("SELECT * FROM `users` WHERE
`username` = '$username'"));
if($check != '0') {
die("That username already exists! Try <i>$username" .rand(1, 50).
"</i> instead
<a href = 'register2000.php'>← Back</a>");
}
if(!ctype_alnum($username)) {
die("Username contains special characters! Only numbers and letters
are permitted!
<a href = 'register.php'>← Back</a>");
}
if(strlen($username)>20) {
die("Username must not contain more than 20 characters! <a href =
'register2000.php'>← Back</a>");
}
$salt = hash("sha512", rand().rand().rand());
mysqli_query("INSERT INTO `users` (`username`, `password`, `name`,
`salt`) VALUES ('$username',
'$password', '$name', '$salt')");
setcookie("c_user", hash("sha512", $username), time() + 24 * 60 * 60,
"/");
setcookie("c_salt", $salt, time() + 24 * 60 * 60, "/");
die("Your account has been created and you are now logged in.");
}
}
echo "
<body style = 'font-family : verdana, sans-serif'>
<div style = 'width: 80%; padding: 5px 15px 5px; border: 1px solid
#e3e3e3;
background-color: #fff; color: #000; margin-left: auto;>
<h1>Register<h1>
<br />
<form action = '' method = 'post'>
<table>
<tr>
<td>
<b>Username:</b>
</td>
<td>
<input type = 'text' name = 'username' style = 'padding: 4px;'
/>
</td>
</tr>
<tr>
<td>
<b>Password:</b>
</td>
<td>
<input type = 'password' name = 'password' style = 'padding:
4px;' />
</td>
</tr>
<tr>
<td>
<b>Name:</b>
</td>
<td>
<input type = 'text' name = 'name' style = 'padding: 4px;' />
</td>
</tr>
<tr>
<td>
<input type = 'submit' name = 'register' value = 'Register' />
</td>
</tr>
</table>
</form>
<br />
<h6>
No account? <a href='register2000.php'>Register!</a>
</h6>
</div>
</body>
";
还有其他两个文件,“index2000.php”和逃逸盐渍饼干另一个文件。这两个文件与本次讨论毫不相干,methinks。我的问题是,请问您能告诉我为什么我没有看到我的数据出现在我的数据库中?表“用户”已创建,但没有任何属性。
'mysqli_real_escape_string()'需要传递数据库参数。 http://php.net/manual/en/mysqli.real-escape-string.php - “mysqli_query()”也是这样http://php.net/manual/en/mysqli.query.php - 你是否曾经检查错误http://php.net/manual/en/mysqli.error.php,将完全避免这个问题。 – 2015-02-24 16:46:05
^^^那就是你的答案^^^ – 2015-02-24 16:55:37
哦,亲爱的,你说得对,弗雷德。我没有插入适当的参数。非常感谢您向我指出 - 这可能是一个明显的疏忽,但我只是没有看到它。 – 2015-02-24 17:06:15