'我正在尝试从注册表将数据输入数据库,但它似乎不起作用,我认为我做了正确的编码,我不确定我哪里做错了我逐个代码阅读代码,我创建的所有数据库都遵循.
<form method='post' action='login.php'>
<table width='400' border='5' align='CENTER'>
<tr>
<td><h1>Registration</h1></td>
</tr>
<tr>
<td>User Name:</td>
<td><input type='text' name='name'/></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass'/></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email'/></td>
</tr>
<tr>
<td><input type='submit' name='register' value='register'/></td>
</tr>
</table>
</form>
<?php
$connect=mysql_connect("localhost","root","");
$db_selected = mysql_select_db("users_db", $connect);
if(isset($_POST['submit'])){
$users_name = $_POST['name'];
$users_pass = $_POST['pass'];
$users_email = $_POST['email'];
if($users_name==''){
echo "<script>alert('Please enter your Username')</script>";
exit();
}
if($users_pass==''){
echo "<script>alert('Please enter your password')</script>";
exit();
}
if($users_email==''){
echo "<script>alert('Please enter your email')</script>";
exit();
}
$check_email="select*from
users where
users_email='$users_email'";
$run =
mysql_query($check_email) or
die(mysql_error());
if(mysql_num_rows($run)>0){
echo"<script>alert('Email $users_email
is already exist in our databse, please try another
one')</script>"; exit();
}
$query = "insert into users
(users_name,users_pass,users_email) values('
$users_name','$users_pass','$users_email')";
{
$result = mysql_query($query)
or die(mysql_error());
}
echo"<script>alert
window.open('','_self')</script>";
}
?>
将初始赋值更改为:
$users_name = mysql_real_escape_string($_POST['name']);
$users_pass = mysql_real_escape_string($_POST['pass']);
$users_email = mysql_real_escape_string($_POST['email']);
以避免字段中出现特殊字符的问题,并防止 SQL 注入。
将插入查询更改为:
$query = "insert into users (users_name,users_pass,users_email)
values('$users_name','$users_pass','$users_email')";
你在$users_name之前有一个多余的换行符和空格,所以它们入到数据库中。