实际上,我正在使用XML处理flash网页。我想用XML制作一个唱歌的页面,使用PHP将数据插入到de MySQL数据库中,但我被卡住了。。。我的XML-PHP知识不足以胜任这项工作。
这是XML文件:
<?xml version="1.0" encoding="utf-8"?>
<data>
<title>Sing up</title>
<request field1="user" field2="email" field3="password" field4="other">reg.php</request>
<description><![CDATA[Please sing up!]]></description>
</data>
reg PHP文件:
<?php
function Reg()
{
if (isset($_POST['reg'])==true) {
require_once('db_conf.php');
$user = $_POST['username'];
$pass = sha1(strtoupper($user.':'.$_POST['password']));
$email = $_POST['email'];
$con = mysql_connect($dbhost, $dbuser, $dbpassword);
if (!$con)
{
die('Could not connect!');
} else {
mysql_select_db("$logondb", $con);
$sql="INSERT INTO accounts (username, sha_pass_hash, email) VALUES ('$user','$pass','$email')";
if (!mysql_query($sql,$con))
{
die('Error creating account.');
}
echo $succesmsg;
mysql_close($con);
}
} else {
?>
数据库的PHP配置文件:
<?php
$dbhost = 'localhost';
$dbuser = 'user';
$dbpassword = 'password';
// Accounts Database
$logondb = 'accounts';
$errormsg="Error creating account..";
$succesmsg="Account created!";
?>
我建议使用PDO,这是一种更通用的方法。然后,您应该使用数据绑定来减少针对SQL注入的漏洞。。。
这应该会让你更进一步:
<?php
function Reg()
{
if (isset($_POST['reg'])==true) {
require_once('./db_conf.php');
$user = $_POST['username'];
$pass = sha1(strtoupper($user.':'.$_POST['password']));
$email = $_POST['email'];
$dsn = "mysql:host=$dbhost;dbname=$logondb";
$pdo = new PDO($dsn,$dbuser,$dbpassword);
if (!$pdo)
{
die('Could not connect!');
} else {
$sql = "INSERT INTO accounts (username, sha_pass_hash,email) VALUES (:user,:pass,:email)";
$stmt = $pdo->prepare($sql);
$res = $stmt->execute(array("user"=>$user , "pass"=>$pass , "email" => $email));
if (!$res) {
echo "Error :((<pre>";
var_dump($stmt->errorInfo());
echo "</pre>";
} else
{
echo $succesmsg;
}
}
} else {
echo "reg was not set - terminating...!";
}
}
Reg(); // execute it!
?>