提交表格,mysql和php [英] Submitting form, mysql and php
问题描述
我是php和sql以及所有其他东西的新手,我在youtube上观看了有关php论坛的教程,想知道为什么在提交表单时此代码不回显成功".我还想知道为什么在我提交表单之前,它会回显失败.我已成功连接到数据库.
I'm new to php and sql and all that stuff, and I was watching a tutorial on youtube about forums in php and wonder why this code doesn't echo "Success" when submitting the form. I also wonder why it echo out Failure before I have submitted the form. I have connected successfully to the database.
<!DOCTYPE HTML>
<html>
<head>
<title>Register</title>
</head>
<body>
<form action="register.php" method="POST">
Username: <input type="text" name="username">
<br/>
Password: <input type="password" name="password">
<br/>
Confirm Password: <input type="password" name="confirmPassword">
<br/>
Email: <input type="text" name="email">
<br/>
<input type="submit" name="submit" value="Register"> or <a href="login.php">Log in</a>
</form>
</body>
</html>
<?php
require('connect.php');
$username = $_POST['username'];
$password = $_POST['password'];
$confirmPassword = $_POST['confirmPassword'];
$email = $_POST['email'];
if(isset($_POST["submit"])){
if($query = mysql_query("INSERT INTO users ('id', 'username', 'password', 'email') VALUES('', '".$username."', '".$password."', '".$email."')")){
echo "Success";
}else{
echo "Failure" . mysql_error();
}
}
?>
Connect.php
Connect.php
<?php
$connect = mysqli_connect("localhost", "root", "") or die("Could not connect to server!");
mysqli_select_db($connect, "php_forum") or die("Could not connect to database!");
?>
推荐答案
这里有些错误.
您使用了错误的 标识符 作为您的栏目(并用引号引起来):
You're using the wrong identifiers for your columns in (and being quotes):
('id', 'username', 'password', 'email')
删除它们
(id, username, password, email)
或使用反引号
(`id`, `username`, `password`, `email`)
mysql_error()应该向您抛出一个错误,但这不是因为:
mysql_error() should have thrown you an error, but it didn't because of:
- 您要混合使用MySQL API和
mysqli_进行连接,然后在查询中使用mysql_.
- You're mixing MySQL APIs with
mysqli_to connect with, thenmysql_in your query.
这两个不同的API不会相互混合.
Those two different APIs do not intermix with each other.
仅使用mysqli_并将您当前的查询更改为:
Use mysqli_ exclusively and change your present query to:
if($query = mysqli_query($connect, "INSERT...
,然后将mysql_error()更改为mysqli_error($connect)
作为该块的重写:
if(isset($_POST["submit"])){
if($query = mysqli_query($connect,"INSERT INTO users ('id', 'username', 'password', 'email') VALUES('', '".$username."', '".$password."', '".$email."')")){
echo "Success";
}else{
echo "Failure" . mysqli_error($connect);
}
}
只是为了测试错误, 就像我上面概述的那样进行更改,同时使列中的引号保持现在的样子.然后,您将看到MySQL将引发的错误.然后,您可以按照上面已经概述的方法进行操作,并删除列名周围的引号,或将其替换为反引号.
Just to test the error, make the changes as I outlined just above, while keeping the quotes around your columns the way you have it now. You will then see the error that MySQL will throw. You can then do as I've already outlined above and remove the quotes around the column names, or replace them with backticks.
您看到的教程可能很好地使用了反引号,但可能并没有足够的区分度,以至于您不能说出它们确实是反引号而不是单引号.
The tutorial you saw may very well used backticks, but were probably not distinguishable enough for you to tell that they were indeed backticks and not single quotes.
但是,您当前的代码对 SQL注入 开放.使用 mysqli具有准备好的语句 或 带有准备好的语句的PDO ,它们更加安全.
However, your present code is open to SQL injection. Use mysqli with prepared statements, or PDO with prepared statements, they're much safer.
我注意到您可能以纯文本形式存储密码.如果是这种情况,则极力劝阻.
I noticed you may be storing passwords in plain text. If this is the case, it is highly discouraged.
我建议您使用 CRYPT_BLOWFISH 或PHP 5.5的 password_hash() compatibility pack .
I recommend you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.
此外,不要这样做:
$connect = mysqli_connect("localhost", "root", "") or die("Could not connect to server!");
mysqli_select_db($connect, "php_forum") or die("Could not connect to database!");
您应该像在手册中指出的那样检查错误
You should be checking for errors instead, just as the manual states
$link = mysqli_connect("myhost","myuser","mypassw","mybd")
or die("Error " . mysqli_error($link));
- http://php.net/manual/en/function.mysqli -connect.php
- http://php.net/manual/en/function.mysqli-connect.php
所以在您的情况下:
$connect = mysqli_connect("localhost", "root", "","php_forum")
or die("Error " . mysqli_error($connect));
,由于您在同一页面中使用整个代码,因此我将action="register.php"更改为action="".
and I changed action="register.php" to action="" since you're using the entire code inside the same page.
<!DOCTYPE HTML>
<html>
<head>
<title>Register</title>
</head>
<body>
<form action="" method="POST">
Username: <input type="text" name="username">
<br/>
Password: <input type="password" name="password">
<br/>
Confirm Password: <input type="password" name="confirmPassword">
<br/>
Email: <input type="text" name="email">
<br/>
<input type="submit" name="submit" value="Register"> or <a href="login.php">Log in</a>
</form>
</body>
</html>
<?php
require('connect.php');
$username = $_POST['username'];
$password = $_POST['password'];
$confirmPassword = $_POST['confirmPassword'];
$email = $_POST['email'];
if(isset($_POST["submit"])){
if($query = mysqli_query($connect,"INSERT INTO users (`id`, `username`, `password`, `email`) VALUES ('', '".$username."', '".$password."', '".$email."')")){
echo "Success";
}else{
echo "Failure" . mysqli_error($connect);
}
}
?>
这篇关于提交表格,mysql和php的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
