1. 首頁
  2. 問答
  3. 試圖將數據從一個形式存儲到數據庫中使用PHP

試圖將數據從一個形式存儲到數據庫中使用PHP

2016-11-30 55 views
0

嘿並在此先感謝,我試圖從表單中獲取數據,並將其輸入到數據庫中。我下面就如何做到這一點的指導,但是對於任何指導犯規帳戶不工作........試圖將數據從一個形式存儲到數據庫中使用PHP

我剛開始用PHP,所以我的技能是相當有限的,然而,我理解我寫的所有代碼,但它不起作用! PHP腳本不會移動過去的if語句下面,我想不通爲什麼:

// Check for existing user with the new id 
$sql = "SELECT COUNT(*) FROM sessions.users WHERE userid = '$_POST[newid]'"; 
$result = mysqli_query($cxn, $sql); 
if (!$result) { 
error('A database error occurred in processing your '. 
'submission.\nIf this error persists, please '. 
'contact [email protected] This is from error 1');

整個代碼:

signup.php

<?php //signup.php 
     include 'common.php'; 
     include 'db.php'; 

     if(!isset($_POST['submitok'])): 
     // display user signup form 

     ?> 


    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 

    <html xmlns="http://www.w3.org/1999/xhtml"> 

    <head> 
     <title>New User Registration</title> 
     <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> 
    </head> 
    <body> 
     <h3>New User Registration Form</h3> 
     <p><font color="orangered" size="+1"><tt><b>*</b></tt></font> indicates a required field</p> 
     <form method="post" action="<?=$_SERVER['PHP_SELF']?>"> 
     <table border="0" cellpadding="0" cellspacing="5"> 
      <tr> 
      <td align="right"> 
       <p>User ID</p> 
      </td> 
      <td> 
       <input name="newid" type="text" maxlength="100" size="25" /> 
      <font color="orangered" size="+1"><tt><b>*</b></tt></font> 
      </td> 
     </tr> 
     <tr> 
      <td align="right"> 
      <p>Full Name</p> 
      </td> 
      <td> 
      <input name="newname" type="text" maxlength="100" size="25" /> 
      <font color="orangered" size="+1"><tt><b>*</b></tt></font> 
      </td> 
     </tr> 
     <tr> 
      <td align="right"> 
      <p>E-Mail Address</p> 
      </td> 
      <td> 
      <input name="newemail" type="text" maxlength="100" size="25" /> 
      <font color="orangered" size="+1"><tt><b>*</b></tt></font> 
      </td> 
     </tr> 
     <tr valign="top"> 
      <td align="right"> 
      <p>Other Notes</p> 
      </td> 
      <td> 
      <textarea wrap="soft" name="newnotes" rows="5" cols="30"></textarea> 
      </td> 
     </tr> 
     <tr> 
      <td align="right" colspan="2"> 
      <hr noshade="noshade" /> 
      <input type="reset" value="Reset Form" /> 
      <input type="submit" name="submitok" value=" OK " /> 
      </td> 
     </tr> 
     </table> 
    </form> 
    </body> 
    </html> 
    <?php 
     else: 
      //process sign up submission 
      dbConnect('sessions'); 

      if ($_POST['newid']=='' or $_POST['newname']=='' 
      or $_POST['newemail']=='') { 
      error('One or more required fields were left blank.\\n'. 
        'Please fill them in and try again.'); 
     } 

     // Check for existing user with the new id 
     $sql = "SELECT COUNT(*) FROM sessions.users WHERE userid = '$_POST[newid]'"; 
     $result = mysqli_query($cxn, $sql); 
     if (!$result) { 
     error('A database error occurred in processing your '. 
     'submission.\nIf this error persists, please '. 
     'contact [email protected] This is from error 1'); 
    } 

     if (@mysqli_result($result,0,0)>0) { 
     error('A user already exists with your chosen userid.\n'. 
     'Please try another.'); 
     } 

     $newpass = substr(md5(time()),0,6); 

     $sql = "INSERT INTO sessions.users SET 
     userid = '$_POST[newid]', 
     password = PASSWORD('$newpass'), 
     fullname = '$_POST[newname]', 
     email = '$_POST[newemail]', 
     notes = '$_POST[newnotes]'"; 
     if (!mysqli_query($sql)) 
     error('A database error occurred in processing your '. 
     'submission.\nIf this error persists, please '. 
     'contact [email protected] This is from error 2'); 

     // Email the new password to the person. 
     $message = "G'Day! 

     Your personal account for the Project Web Site 
     has been created! To log in, proceed to the 
     following address: 

      http://www.example.com/ 

     Your personal login ID and password are as 
     follows: 

      userid: $_POST[newid] 
      password: $newpass 

     You aren't stuck with this password! Your can 
     change it at any time after you have logged in. 

     If you have any problems, feel free to contact me at 
     <[email protected]>. 

     -Your Name 
     Your Site Webmaster 
     "; 

     mail($_POST['newemail'],"Your Password for the Project Website", 
      $message, "From:Your Name <[email protected]>"); 
     ?> 

     <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN" 
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
     <html xmlns="http://www.w3.org/1999/xhtml"> 
     <head> 
      <title> Registration Complete </title> 
      <meta http-equiv="Content-Type" 
      content="text/html; charset=iso-8859-1" /> 
     </head> 
     <body> 
     <p><strong>User registration successful!</strong></p> 
     <p>Your userid and password have been emailed to 
      <strong><?=$_POST['newemail']?></strong>, the email address 
      you just provided in your registration form. To log in, 
      click <a href="index.php">here</a> to return to the login 
      page, and enter your new personal userid and password.</p> 
     </body> 
     </html> 
     <?php 
     endif; 
     ?>

db.php中

<?php // db.php 

    $dbhost = 'localhost'; 
    $dbuser = 'root'; 
    $dbpass = ''; 

    function dbConnect($db='') { 
     global $dbhost, $dbuser, $dbpass; 

     $cxn = mysqli_connect($dbhost,$dbuser,$dbpass); 

     mysqli_select_db($cxn,$db) 
     or die ("Couldn’t select database."); 


     return $cxn; 
    } 
    ?>

common.php

<?php // common.php 

    function error($msg) { 
    ?> 
    <html> 
    <head> 
     <script language="JavaScript"> 
     <!-- 
     alert("<?=$msg?>"); 
     history.back(); 
     //--> 
     </script> 
    </head> 
    <body> 
    </body> 
    </html> 
    <?php 
    exit; 
    } 
    ?>

任何幫助,爲什麼這個if語句總是產生錯誤將是盛大的 - 謝謝。

來源

2016-11-30 DCWD

+0

如果您收到一個錯誤,你應該在你的問題的錯誤 –

+0

對不起我的措辭有點過,PHP腳本不會搬過去: //檢查現有用戶使用新的ID $ SQL =「SELECT COUNT(*)FROM sessions.users WHERE userid ='$ _POST [newid]'」; $ result = mysqli_query($ cxn,$ sql); if(!$ result){ 錯誤('處理' '提交時發生數據庫錯誤。\ n如果此錯誤仍然存​​在,請' '與[email protected]聯繫。 ; – DCWD

回答

0

你沒有在可用範圍內分配你的數據庫連接。你從你的dbConnect()函數返回它,你只是沒有做任何與返回的值。

dbConnect('sessions');應該$cxn = dbConnect('sessions');

你會被警告的問題的原因,如果你使用mysqli_error()讓MySQL的告訴你它不喜歡。

最後,你應該在你的查詢中使用綁定的參數,而不是直接注入用戶提供的數據。搜索「mysqli bound parameters」這樣的東西來學習如何做到這一點。你現在擁有的是可以攻擊的。

爲了您INSERT語句,可以使用約束參數:

$sql = "INSERT INTO sessions.users (userid, password, fullname, email, notes) VALUES (?, ?, ?, ?, ?)"; 

$stmt = mysqli_prepare($sql); 
mysqli_stmt_bind_param($stmt, 'issss', $newID, PASSWORD($newpass), $fullName, $email, $notes); 

if(!mysqli_stmt_execute($stmt)) 
{ 
    // use this for debugging, but do NOT leave it in production code 
    die(mysqli_error($cxn)); 
} 

mysqli_stmt_close($stmt);

以上是未經測試,因此可能你將不得不作出小的調整。至少應該給你一個很好的主意。

同時,確保PASSWORD()真的是你想要使用什麼。我有一種感覺不是,但我不想假設。

來源

2016-11-30 16:10:16

+0

這工作謝謝你!然而,現在我使用下面的響應中的INSERT指令,沒有任何東西被添加到數據庫中,所以現在我實際上已經過去了那條IF語句,但沒有任何反應。 – DCWD

+0

該答案似乎缺少字段列表和「VALUES」關鍵字的結尾'''之間的空格。在這裏,再次,將是一個利用mysql自己的錯誤報告的好地方。 –

+0

對不起,是絕對的痛苦,你能給我一個我將如何使用它的例子嗎? 你是我的英雄!感謝Patrick! – DCWD

相關問題

 相關問題