我试图允许用户注册,代码回来没有任何错误,但没有显示在我的数据库。我怎么也找不出原因。我没觉得有什么不对,但你们谁能帮帮我?
这是完整的php文件:
<?php
require "includes/constants.php";
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME);
if(isset($_POST['username'])) {
$username = $_POST['username'];
$uLength = strlen($username);
}
if ($uLength >= 4 && $uLength <= 15)
{
}
else
{
die("Your username must be between 4 and 15 characters.");
}
if($username == "")
{
die("You didn't tell me what to call you! Please enter a username.");
}
if(isset($_POST['pwd'])) {
$pwd = $_POST['pwd'];
$pLength = strlen($pwd);
}
if ($pLength >= 6 && $pLength <= 41)
{
}
else
{
die("Password must be between 6 and 41 characters.");
}
if($pwd == "")
{
die("Please enter a password and verify it.");
}
if(isset($_POST['pwd_conf'])) {
$pwd_conf = $_POST['pwd_conf'];
}
if($pwd != $pwd_conf)
{
die("Ouch! Your passwords don't match! Try again.");
}
if(isset($_POST['email'])) {
$email = $_POST['email'];
$email1 = "@";
$email_check = strpos($email,$email1);
}
$user_check = "SELECT username FROM users WHERE username='$username'";
if($stmt = mysqli_prepare($conn,$user_check)) {
mysqli_stmt_execute($stmt);
if(mysqli_stmt_num_rows($stmt) > 0){
die("Username is already in use!<br>");
}
}
$query = "INSERT INTO users (username, password, email) VALUES ('$username', '$pwd', '$email')";
if(!$query)
{
die("Unfortunately, we can't sign you up because we have problems: ".mysql_error());
}
else
{
header("Location: login.php");
}
?>
你创建了一个查询字符串,但是从来没有执行过它…
1. $sql = "INSERT ..."
2. ???
3. come to SO to ask why
还要注意,你是混合mysqli和mysql调用(mysql_error调用,特别是在你定义INSERT查询之后)。这两个库不能互换,也不能相互兼容
还要注意,当你使用准备好的语句(耶!),你使用它们完全不正确(嘘嘘),容易受到SQL注入攻击。
你需要在if(!$query)之前使用mysql_query()函数别的
$result = mysql_query($query);
if(!$result){