1. 首頁
  2. 問答
  3. 註冊PHP/SQL不會插入長文本字段

註冊PHP/SQL不會插入長文本字段

2012-03-02 57 views
0

好吧,讓我的註冊系統正確地將用戶名,密碼和電子郵件插入到我的數據庫中,但沒有任何其他字段。我首先嚐試將值直接放入SQL查詢中,然後將它們作爲隱藏文本字段放在窗體中。直接值給出了SQL語法錯誤,隱藏文本不會插入任何東西,但會成功添加用戶,傳遞和電子郵件。所有MYSQL字段類型都是LONGTEXT。這是代碼。註冊PHP/SQL不會插入長文本字段

Register.php

<form name="register" method="post" action="register2.php"><br /> 

Username<br><input name="username" type="text" size="20" /><br /><br /> 

Password<br><input name="password" type="password" size="20" /><br /><br /> 

E-mail<br><input name="email" type="text" size="20" /><br /><br /> 

<input="hidden" id="status" type="text" value=Waiting for a request size="100" /> 
<input="hidden" id="request" type="text" value="None sent" size="100" /> 
<input="hidden" id="paid" type="text" value="Please pay for an instant spot" size="100" /> 
<input="hidden" id="priority" type="text" value="To be determined by your web designer" size="100" /> 
<input="hidden" id="files" type="text" value="None" size="100" /> 
<input="hidden" id="filespass" type="text" value=None" size="100" /><div id="captcha2"> 
<img id="captcha" src="securimage/securimage_show.php" alt="CAPTCHA Image" /><br><br>Please re-write the security code below<br><input type="text" name="captcha_code" size="10" maxlength="6" size="20"/></div> 

<br> 
<input type="submit" name="submit" value="Register" /><br><br> 
<a href='forgot.php'>Forgot</a> your password?<br> 

</form>

Register2.php

<?php 
include_once 'securimage/securimage.php'; 
$securimage = new Securimage(); 
if ($securimage->check($_POST['captcha_code']) == false) { 
// the code was incorrect 
// you should handle the error so that the form processor doesn't continue 

// or you can use the following code if there is no validation or you do not know how 
echo "The security code entered was incorrect.<br /><br />"; 
echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again."; 
exit; 
}else{ 

$con = mysql_connect(secret); 
if (!$con) 
{ 
die('Could not connect: ' . mysql_error()); 
} 

mysql_select_db("dylanmediagroup", $con); 

$username = htmlspecialchars($_POST['username']); 
$password = htmlspecialchars($_POST['password']); 
$email = htmlspecialchars($_POST['email']); 
$status = htmlspecialchars($_POST['status']); 
$priority = htmlspecialchars($_POST['priority']); 
$paid = htmlspecialchars($_POST['paid']); 
$files = htmlspecialchars($_POST['files']); 
$filespass = htmlspecialchars($_POST['filespass']); 

$checkuser = mysql_query("SELECT * FROM users WHERE username ='$username'"); 
$checkemail = mysql_query("SELECT * FROM users WHERE email='$password'"); 

if(mysql_num_rows($checkuser) > 0) { //check if there is already an entry for that username 

echo "<img src='http://www.myhealthguardian.com/wp-content/uploads/2010/01/sad-face.gif' width='25%' height='21%'><br><br>Account already registered.<br> <a href='forgot.php'>Forgot</a> your password?<br><br>"; 

} else { 

$sql="INSERT INTO `users` (username, password, email, status, priority, paid, files, filespass) VALUES ('$username', '$password', '$email', '$status', '$priority', '$paid', '$files', '$filespass')"; 

} 

if (!mysql_query($sql,$con)) 
    { 

    }else{ 

echo "<img src='http://3.bp.blogspot.com/-vpsc13PCfc0/TaLCGaq2SjI/AAAAAAAACTA/hw2MDzTk6mg/s1600/smiley-face.jpg' height='21%' width='25%'><br><br>Your registration was successful, please <a href='login.php'>login</a> to continue."; 

} 
} 

mysql_close($con) 
?>

來源

2012-03-02 user1189903

+0

在插入之前嘗試'var_dump($ sql)'來查看查詢的樣子。另外,我會重新考慮使用所有'LONGTEXT'類型,因爲我認爲您不需要大多數這些列中的所有存儲。請考慮'VARCHAR'。 – drew010 2012-03-02 20:12:18

+0

你不應該使用'htmlspecialchars'來消毒你的輸入。改用'mysql_real_escape_string'。 – 2012-03-02 20:17:06

回答

1

您使用的ID而不是名稱爲您隱藏的投入。 並請使用此語法:

<input type="hidden" name="name" value="value" />

你的價值觀也似乎一個打破字符串,因爲它有引號的。

來源

2012-03-02 20:16:58 Kisaro

相關問題

 相關問題