-1
我沒有錯誤,但查詢不會在數據庫中插入數據。 首先查詢工作第二次查詢的工作也不過$卡爾納查詢好好嘗試一下插入INSERT查詢不會插入任何錯誤
的$卡爾納查詢的問題。
代碼:
<form method="POST" name="loginform">
<input type="text" placeholder="Naam" id="nane" name="name" required=""/>
<input type="text" placeholder="Gebruikersnaam" id="username" name="username" required=""/>
<input type="password" placeholder="Wachtwoord" id="password" name="password" required=""/>
<button type="submit">Registreren</button><br><br>
<button type="button" onclick="location.href='adminreg.php';">Admin Registreren</button><br><br>
<button type="button" onclick="location.href='overzicht.php';">Terug</button>
</form>
<?php
include("dbconfig.php");
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password received from loginform
$username=mysqli_real_escape_string($dbconfig,$_POST['username']);
$password=mysqli_real_escape_string($dbconfig,$_POST['password']);
$name=mysqli_real_escape_string($dbconfig,$_POST['name']);
$password = password_hash($password, PASSWORD_BCRYPT);
$sql_query="INSERT INTO gebruikers (gebruikerscode, wachtwoord, naam) VALUES ('$username', '$password', '$name')";
$bericht = mysqli_query($dbconfig, $sql_query);
$haalop_query="SELECT id FROM gebruikers WHERE gebruikerscode = '$username' and wachtwoord = '$password'";
$ophalen = mysqli_query($dbconfig, $haalop_query);
$fetch = mysqli_fetch_assoc($ophalen);
$id = $fetch["id"];
$carna = "INSERT INTO carnavalvakantie (user_id) VALUES ($id)";
$test = mysqli_query($dbconfig, $carna);
print_r($test);
if($bericht == true) {
echo '<br><div class="container"><div class="alert alert-succes" role="alert">
<b>Gelukt!</b> Gebruiker is aangemaakt.
</div></div>';
}
}
?>
希望你們能幫助我。 在此先感謝。
PDO版本:
$pdo = new PDO("mysql:host=localhost;dbname=btt; charset-utf8","root", "");
if (isset($_POST['submit']))
{
$username=$_POST['username'];
$password=$_POST['password'];
$name=$_POST['name'];
$password = password_hash($password, PASSWORD_BCRYPT);
$query = $pdo->prepare("INSERT INTO gebruikers (gebruikerscode, wachtwoord, naam) VALUES (:user, :pass, :name)");
$query->execute(array(
':user' => $username,
':pass' => $password,
':name' => $name
));
$ophalen = $pdo->prepare("SELECT id FROM gebruikers WHERE gebruikerscode = :user and wachtwoord = :pass");
$ophalen->execute(array(
':user' => $username,
':pass' => $password,
));
$opslaan = $ophalen->fetch(PDO::FETCH_ASSOC);
print_r($opslaan);
$id = $opslaan["id"];
$carnaval = $pdo->prepare("INSERT INTO carnavalvakantie (user_id) VALUES (:id)");
$carnaval->execute(array(
':id' => "test"
));
}
請確保你*** [不要逃避密碼](http://stackoverflow.com/q/36628418/1011527)***或在哈希之前使用其他任何清理機制。這樣做*更改密碼並導致不必要的附加編碼。 –
[Little Bobby](http://bobby-tables.com/)說*** [你的腳本存在SQL注入攻擊風險。](http://stackoverflow.com/questions/60174/how-can- ***)瞭解[MySQLi](http://php.net/manual)[準備](http://en.wikipedia.org/wiki/Prepared_statement)聲明/en/mysqli.quickstart.prepared-statements.php)。即使[轉義字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! [不要相信它?](http://stackoverflow.com/q/38297105/1011527) –
它因爲這個'$ haalop_query =「選擇id從gebruikers在哪裏gebruikerscode ='$ username'和wachtwoord ='$ password '「;' –