註冊過程未插入數據庫

Question

我的register.inc.php未成功將用戶信息插入到數據庫中。但它會將我重定向到register_success.php。

我錯過了添加到插入數據的內容嗎？

register.inc.php：

include_once 'config.php'; 
include_once 'db_connect.php'; 

$error_msg = ""; 

if (isset($_POST['username'], 
     $_POST['firstname'], 
     $_POST['lastname'], 
     $_POST['home_address1'], 
     $_POST['home_address2'], 
     $_POST['home_city'], 
     $_POST['home_state'], 
     $_POST['home_zipcode'], 
     $_POST['email'], 
     $_POST['p'])) { 
// Sanitize and validate the data passed in 
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING); 
$firstname = filter_input(INPUT_POST, 'firstname', FILTER_SANITIZE_STRINGS); 
$lastname = filter_input(INPUT_POST, 'lastname', FILTER_SANITIZE_STRINGS); 
$home_address1 = filter_input(INPUT_POST, 'home_address1', FILTER_SANITIZE_STRINGS); 
$home_address2 = filter_input(INPUT_POST, 'home_address2', FILTER_SANITIZE_STRINGS); 
$home_city = filter_input(INPUT_POST, 'home_city', FILTER_SANITIZE_STRINGS); 
$home_state = filter_input(INPUT_POST, 'home_state', FILTER_SANITIZE_STRINGS); 
$home_zipcode = filter_input(INPUT_POST, 'home_zipcode', FILTER_SANITIZE_STRINGS); 
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL); 
$email = filter_var($email, FILTER_VALIDATE_EMAIL); 
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { 
    // Not a valid email 
    $error_msg .= '<p class="error">The email address you entered is not valid</p>'; 
} 

$password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING); 
if (strlen($password) != 128) { 
    // The hashed pwd should be 128 characters long. 
    // If it's not, something really odd has happened 
    $error_msg .= '<p class="error">Invalid password configuration.</p>'; 
} 

// Username validity and password validity have been checked client side. 
// This should should be adequate as nobody gains any advantage from 
// breaking these rules. 
// 

$prep_stmt = "SELECT user_id FROM users WHERE email = ? LIMIT 1"; 
$stmt = $mysqli->prepare($prep_stmt); 

// check existing email 
if ($stmt) { 
    $stmt->bind_param('s', $email); 
    $stmt->execute(); 
    $stmt->store_result(); 

    if ($stmt->num_rows == 1) { 
     // A user with this email address already exists 
     $error_msg .= '<p class="error">A user with this email address already exists.</p>'; 
        $stmt->close(); 
    } 
      $stmt->close(); 
} else { 
    $error_msg .= '<p class="error">Database error Line 39</p>'; 
      $stmt->close(); 
} 

// check existing username 
$prep_stmt = "SELECT user_id FROM users WHERE username = ? LIMIT 1"; 
$stmt = $mysqli->prepare($prep_stmt); 

if ($stmt) { 
    $stmt->bind_param('s', $username); 
    $stmt->execute(); 
    $stmt->store_result(); 

      if ($stmt->num_rows == 1) { 
        // A user with this username already exists 
        $error_msg .= '<p class="error">A user with this username already    exists</p>'; 
        $stmt->close(); 
      } 
      $stmt->close(); 
    } else { 
      $error_msg .= '<p class="error">Database error line 55</p>'; 
      $stmt->close(); 
    } 

// TODO: 
// We'll also have to account for the situation where the user doesn't have 
// rights to do registration, by checking what type of user is attempting to 
// perform the operation. 

if (empty($error_msg)) { 
    // Create a random salt 
    //$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE)); // Did not work 
    $random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true)); 

    // Create salted password 
    $password = hash('sha512', $password . $random_salt); 

    // Insert the new user into the database 
    if ($insert_stmt = $mysqli->prepare("INSERT INTO users (username, 
                  firstname, 
                  lastname, 
                  home_address1, 
                  home_address2, 
                  home_city, 
                  home_state, 
                  home_zipcode, 
                  email, 
                  password, 
                  salt) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) { 
     $insert_stmt->bind_param('sssssssssss', $username, $firstname, $lastname, $home_address1, $home_address2, $home_city, $home_state, $home_zipcode, $email, $password, $random_salt); 
     // Execute the prepared query. 
     if (! $insert_stmt->execute()) { 
      header('Location: ./error.php?err=Registration failure: INSERT'); 
     } 
    } 
    header('Location: ./register_success.php'); 
    } 
} 

Answer 1

您使用有不確定的常數filter_input功能，FILTER_SANITIZE_STRINGS的第三PARAM。

正確的是最後沒有「s」，FILTER_SANITIZE_STRING。

$home_zipcode = filter_input(INPUT_POST, 'home_zipcode', FILTER_SANITIZE_STRING); 
//                   ^
etc. 

Answer 2

試試這個：

if (empty($error_msg)) { 
    // Create a random salt 
    //$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE)); // Did not work 
    $random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true)); 

    // Create salted password 
    $password = hash('sha512', $password . $random_salt); 

    // Insert the new user into the database 
    if ($insert_stmt = $mysqli->prepare("INSERT INTO users (username, 
                  firstname, 
                  lastname, 
                  home_address1, 
                  home_address2, 
                  home_city, 
                  home_state, 
                  home_zipcode, 
                  email, 
                  password, 
                  salt) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) { 
     $insert_stmt->bind_param('sssssssssss', $username, $firstname, $lastname, $home_address1, $home_address2, $home_city, $home_state, $home_zipcode, $email, $password, $random_salt); 
     // Execute the prepared query. 
     $done=$insert_stmt->execute(); 
     $lines=mysqli_stmt_affected_rows($insert_stmt); 
     if($done && $lines==1){ 
      header('Location: ./register_success.php'); 
     } 
    } 
    header('Location: ./error.php?err=Registration failure: INSERT'); 
    } 
} 

解釋：

如果語句是UPDATE，DELETE或INSERT，受影響的行的總數可以通過使用mysqli_stmt_affected_rows確定（ ）功能。同樣，如果查詢產生結果集，則使用mysqli_stmt_fetch（）函數。

從PHP手冊中，執行函數不會確認受影響的行數。所以我只是重新檢查了受影響的行，以確保在沒有行受影響（插入）時它不會成​​功進入成功頁面。

對不起，我編輯並更改了標題代碼。