>我正在使用php创建简单的注册表单。我已经使用 php 完成了验证检查,它工作正常。.Select 语句可以正常工作,以检查用户名是否退出。.但是在这里我在插入数据时遇到了问题。提交 时没有任何反应。这是完整的代码..所有代码都很好,问题与插入部分有关。.请看一下..
<h3>* Required Fields<br/> </h3>
<?php
if(isset($_POST['username'])){
# connect to the database here
# search the database to see if the user name has been taken or not
include 'config.php';
$username=$_POST['username'];
$query = "SELECT * FROM account WHERE userid='$username' ";
//$sql = mysql_query($query);
//$row = mysql_fetch_array($sql);
$sql=mysql_query($query) or die($sql.">>".mysql_error());
$row=mysql_num_rows($sql);
//if($num>0){ //check if
#check too see what fields have been left empty, and if the passwords match
if($row>0|| empty($_POST['fname'])||empty($_POST['lastname'])|| empty($_POST['username'])||empty($_POST['password1'])|| empty($_POST['password2'])|| empty($_POST['day'])|| empty($_POST['Month'])|| empty($_POST['year'])|| empty($_POST['gender']) || empty($_POST['contact'])||$_POST['password1']!=$_POST['password2']|| $_POST['gender_select']='gender'|| $_POST['month_select']='month'|| $_POST['day_select']='day'|| $_POST['year_select']='year'){
# if a field is empty, or the passwords don't match make a message
$error = '<h4>';
if(empty($_POST['fname'])){
$error .= 'First Name can''t be empty<br>';
}
if(empty($_POST['lastname'])){
$error .= 'Last Name can''t be empty<br>';
}
if(empty($_POST['username'])){
$error .= 'Email can''t be empty<br>';
}
if(empty($_POST['password1'])){
$error .= 'Password can''t be empty<br>';
}
if(empty($_POST['password2'])){
$error .= 'You must re-type your password<br>';
}
if(empty($_POST['contact'])){
$error .= 'contact is not selected<br>';
}
if($_POST['password1']!=$_POST['password2']){
$error .= 'Passwords don''t match<br>';
}
if($row>0){
$error .= 'User Name already exists<br>';
}
if($_POST['gender_select'] == 'gender'){
$error.= "Please select a gender<br>";
}
if($_POST['month_select'] == 'month'){
$error.= "Please select a month<br>";
}
if($_POST['day_select'] == 'day'){
$error.= "Please select a day<br>";
}
if($_POST['year_select'] == 'year'){
$error.= "Please select a year<br>";
}
$error .= '</h4>';
}else{
$ftname=$_POST['fname'];
$lastname=$_POST['lastname'];
$gender=$_POST['gender'];
$bday=$_POST['day_select'];
$byear=$_POST['year_select'];
$bmonth=$_POST['month_select'];
$username=$_POST['username'];
$password=$_POST['password1'];
$contact=$_POST['contact'];
$query= mysql_query(" insert into Account (firstname,lastname,gender,bday,byear,bmonth,userid,password,contactno) values
('$ftname','$lastname','$gender','$bday','$byear','$bmonth','$username','$password','$contact')") or die(mysql_error());
if($query){
echo "New record was saved.";
// echo "<script>alert('Congratulation! You Create account successfully! ')</script>";
}
else
{
echo "Sorry no record saved.";
}
}
}
# echo out each variable that was set from above,
# then destroy the variable.
if(isset($error)){
echo $error;
unset($error);
}
?>
</div>
<form id="send" name="form" method="post" action="">
<p>
<label for="name">Name *</label>
<input type="text" name="fname" />
</p>
<p>
<label for="lastnamme">Father Name *</label>
<input type="text" name="lastname" />
</p>
<p>
<label for="username">Email Address *</label>
<input type="text" name="username" />
</p>
<p>
<label for="password">Password *</label>
<input type="password" name="password1" />
</p>
<p>
<label for="cpassword">Confirm Password *</label>
<input type="password" name="password2" />
</p>
<p>
<label for="dob">Date of Birth *</label>
<select name="day_select">
<option value="day" >Day </option>
<?php for($i=0;$i<=31;$i++)
{
?>
<option value="<?php echo $i; ?>"><?php echo $i."<br>"; ?></option>
<?php } ?>
</select>
<select name="month_select" >
<option value="month" >Month*</option>
<option value="January">January</option>
<option value="February">February</option>
<option value="March">March</option>
<option value="April">April</option>
<option value="May">May</option>
<option value="June">June</option>
<option value="July">July</option>
<option value="August">August</option>
<option value="September">September</option>
<option value="October">October</option>
<option value="November">November</option>
<option value="December">December</option>
<option value="unknown" >Unknown</option>
</select>
<select name="year_select" >
<option value="year" >Year </option>
<?php for($i=1920;$i<=2013;$i++)
{
?>
<option value="<?php echo $i; ?>"><?php echo $i."<br>"; ?></option>
<?php } ?>
</select>
</p>
<p>
<label for="genderr">Gender *</label>
<select name="gender_select" >
<option value="gender">Gender </option>
<option value="male">Male </option>
<option value="female">Female</option>
<option value="other">other</option>
</select>
</p>
<p>
<label for="contactno">Contact No *</label>
<input type="text" name="contact" />
</p>
<p>
<input type="submit" id="submit" name="submit" value="Sign Up" />
</p>
</form>
</div>
<!--END #signup-inner -->
</div>
<!--END #signup-form -->
</div>
</div>
</div><!-- end content -->
</div><!-- end main -->
<?php include('footer.php'); ?>
</body>
你现在应该使用MySQLi而不是MySQL。而且您肯定还需要先检查您的输入以避免SQL注入!
$ftname=mysqli_real_escape_string($con, $_POST['fname']);
$lastname=mysqli_real_escape_string($con, $_POST['lastname']);
$gender=mysqli_real_escape_string($con, $_POST['gender']);
$bday=mysqli_real_escape_string($con, $_POST['day_select']);
$byear=mysqli_real_escape_string($con, $_POST['year_select']);
$bmonth=mysqli_real_escape_string($con, $_POST['month_select']);
$username=mysqli_real_escape_string($con, $_POST['username']);
$password=mysqli_real_escape_string($con, $_POST['password1']);
$contact=mysqli_real_escape_string($con, $_POST['contact']);
mysqli_query($con, "INSERT INTO Account
(firstname,lastname,gender,bday,byear,bmonth,userid,password,contactno)
VALUES ('".$ftname."','".$lastname."','".$gender."','".$bday."','".$byear."','".$bmonth."','".$username."','".$password."','".$contact."')")
or die(mysqli_error($con));
但是,您需要在脚本的开头定义$con。这是与 MySQL 数据库的连接 -
$con=mysqli_connect("localhost","username","password","databasename");
希望对:)有所帮助
您没有在插入语句中正确连接值。应该是
mysql_query(" 插入帐户 (名字,姓氏,性别,bday,byear,bmonth,userID,密码,联系人编号) 值 (".$ftname.",".$lastname.",".$gender.",".$bday.",".$byear.",".$bmonth.",".$username.",".$password.",".$contact.")")或死亡(mysql_error());
但是要小心,您的方法容易出现SQL注入。不应将源自公共窗体的值直接连接到 sql 查询。您需要小心转义这些值,或者将预准备语句与 PDO 一起使用。