我正试图向sql表中添加一条记录,但遇到了问题。
我有一个注册页面,它将接收用户的用户名、密码和电子邮件,并将它们传递给一个小的php脚本,该脚本从一个较大的php文件中调用函数。
当我尝试按下注册按钮时,页面会刷新,并且不会向表中添加任何内容。
欢迎提出任何建议。
html:
<body>
<div class="body"></div>
<div class="grad"></div>
<div class="header">
</div>
<br>
<div class="signup">
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
<script type = "text/javascript" src="js/js_functions.js"></script>
<form method="post" action ="signup_script.php" onsubmit = "return checkEmailandPassword(this);" method = "post" >
<input type="text" placeholder="username" name="username" required = "required" maxlength = "15"><br>
<input type ="email" placeholder = "email" name = "email" required = "required" maxlength = "50"><br>
<input type ="email" placeholder = "re-enter email" name = "reemail" required = "required" maxlength = "50"><br>
<input type="password" placeholder="password" name="password" required = "required" pattern = "(?=.*'d)(?=.*[A-Z]).{10,}"><br>
<input type="password" placeholder="re-enter password"name="repassword" required = "required"><br>
<p class = "passwordreq">Password must:</p>
<ol class = "passwordreq">
<li>Have 10 characters</li>
<li>Have one number</li>
<li>Have one uppercase letter</li>
</ol>
<input type="submit" value="sign up"> <input type="button" value="go back" onclick="window.location='index.html'">
</form>
</body>
</html>
php小文件:
include_once('profile_Functions.php');
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
createUser($username,$password,$email);
大型php文件:
<?php
extract($_GET);
extract($_POST);
extract($_SERVER);
function setup(){
extract($_GET);
extract($_POST);
extract($_SERVER);
$host="localhost";
$user="root";
$passwd="";
$connect=mysql_connect($host,$user,$passwd) or die("error connecting mysql server");
mysql_select_db('oddjob',$connect) or die("error accessing db");
}
function createUser($name, $pass, $email){
setup();
$hashed_password = password_hash($pass, PASSWORD_DEFAULT);
$sql = "insert into profiles (UserName, Password, Email) values ($name, $hashed_password, $email); ";
$res = mysql_query($sql);
} ?>
您的insert
语句失败。您应该用引号将values
部分中的字符值括起来:
$sql = "insert into profiles (UserName, Password, Email)
values ('$name', '$hashed_password', '$email'); ";
在执行mysql_query
之后实际检查$res
不是false
将是有益的。
请注意,将用户输入值直接注入SQL语句是不安全的。阅读有关SQL注入攻击以及如何保护数据库免受攻击的信息。