1. 首頁
  2. 問答
  3. 註冊不起作用

註冊不起作用

2014-10-11 75 views
1

註冊過程以重定向結束,但用戶不會被添加到數據庫。我嘗試了一切,看不到問題。如果你需要任何問題,我將編輯這篇文章的內容或解釋。註冊不起作用

<?php 
$cookie="tD2h6"; 

$jucatoru = $_POST['numeleluii']; 
$passw = $_POST['pass']; 
$email = $_POST['mail']; 

$con=mysqli_connect("xx","xx","xxx","xx"); 

if (mysqli_connect_errno()) { 
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
} 

$jucatoru = $con->real_escape_string($jucatoru); 
$passw = $con->real_escape_string($passw); 
$email = $con->real_escape_string($email); 

if(strlen($jucatoru)>1) 
{ 
    $crypt = md5($passw); 
    $result = mysqli_query($con,"INSERT INTO `users` (username,password,mail) VALUES ($jucatoru,$crypt,$email);"); 
    $data = "name=" . $jucatoru . "&pass=" . md5($passw); 
    setcookie ($cookie, $data, time()+60*60*24); 
    header("Location: http://r4ge.ro"); 
    die; 
} 



echo "<div class=\"box box-info\"> 
    <i class=\"ion-locked\"></i> 
    <h3 class=\"box-title\">Register</h3> 
    </div> 


    <form action=\"/php/register.php\" method=\"post\"> 
    <div class=\"form-group\"> 
    <input class=\"form-control\" type=\"text\" name=\"numeleluii\" value=\"\" placeholder=\"Username:\"/><br /> 
    </div> 
    <div class=\"form-group\"> 
    <input class=\"form-control\" type=\"email\" name=\"mail\" value=\"\" placeholder=\"e-mail: [email protected]\"/><br /> 
    </div> 
    <div class=\"form-group\"> 
    <input class=\"form-control\" type=\"password\" name=\"pass\" value=\"\"placeholder=\"Password:\" /><br /> 
    </div> 

    <div class=\"box-footer clearfix\"> 
     <input class=\"pull-right btn btn-default\" type=\"submit\" name=\"send\" value=\"Send\" /> 
    </div> 
     </form> 

     </div>"; 

mysqli_close($con); 
?>

來源

2014-10-11 Aron H.

+1

請不要使用md5來存儲密碼,您可能會將它們以純文本的形式存儲,以保證所有的好處。而且,轉義POST輸入不會阻止注入 - 而是使用參數化查詢。 – 2014-10-11 19:51:15

+1

這只是乞求SQL注入。無論哪種方式,查詢都是錯誤的。它應該是''INSERT INTO用戶(用戶名,密碼,郵件)VALUES('$ jucatoru','$ crypt','$ email')「;' – 2014-10-11 19:51:20

+0

你不需要'''查詢。您還應該在查詢中將變量包裝在單引號中。你應該檢查'mysqli_query()'的返回值是否有錯誤,如果你找到了'mysqli_error()',你可以看看。 (爲什麼很多人省略了基本的錯誤檢查?) – 2014-10-11 19:51:59

回答

2

語法錯誤。

$result = mysqli_query($con,"INSERT INTO `users` (username,password,mail) VALUES ($jucatoru,$crypt,$email)");

來源

2014-10-11 19:59:28

4 
if(strlen($jucatoru)>1){ 
    $crypt = md5($passw); 
    $result = mysqli_query($con,"INSERT INTO `users` (username,password,mail) VALUES ('{$jucatoru}','{$crypt}','{$email}')"); 
    if($result){ 
     echo "Data inserted"; 
    }else{ 
     echo "Error in inserting"; 
    } 
    $data = "name=" . $jucatoru . "&pass=" . md5($passw); 
    setcookie ($cookie, $data, time()+60*60*24); 
    header("Location: http://r4ge.ro"); 
    die; 
}

來源

2014-10-11 20:01:53

+1

爲什麼你認爲'{'和'}'是必需的?插入查詢中的 – 2014-10-11 20:05:34

+2

{與'相比並不那麼重要',但添加{放在更安全的地方插入該字段名稱中的特定值 – 2014-10-11 20:09:49

5

這是更好地執行你的代碼,使用PHP編寫的語句。

<?php 
$cookie="tD2h6"; 

$jucatoru = $_POST['numeleluii']; 
$passw = $_POST['pass']; 
$email = $_POST['mail']; 

if(!empty($jucatoru)){ 
    $conn = new mysqli("xx", "xx", "xx", "xx"); 
    $conn->set_charset("utf8"); 

    if ($conn->connect_errno) { 
     echo "Failed to connect to MySQL: (" . $conn->connect_errno . ") " . $conn->connect_error; 
    } 

    $sql = "INSERT INTO `users` (username,password,mail) VALUES (?,?,?)"; 
    if($stmt = $conn->prepare($sql)){ 
     $crypt = md5($passw) 
     $stmt->bind_param('sss', $jucatoru, $passw, $crypt); 
     $stmt->execute(); 

     $data = "name=" . $jucatoru . "&pass=" . md5($passw); 
     setcookie($cookie, $data, time()+60*60*24 ; 
     header("Location: http://r4ge.ro"); 
     exit(); 
    }else{ 
     echo $conn->error; 
    } 
} 

............ 

?>

來源

2014-10-11 20:15:20 maxinuss

+2

不要忘記在重定向之後使用exit()。 – 2014-10-11 20:22:21

+0

是的!你是對的。編輯! – maxinuss 2014-10-11 20:23:59

+0

非常感謝@maxinuss。如果你仍然看到這個,你能解釋$ stmt-> bind_param('sss',$ jucatoru,$ passw,$ crypt),'sss'部分嗎?那個有什麼用途? – 2014-10-13 07:08:25

相關問題

 相關問題