我创建了一个数据库,它包含以下内容:
desc users;
+--------------+--------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+--------------+--------------+------+-----+---------+----------------+
| UserID | int(25) | NO | PRI | NULL | auto_increment |
| Username | varchar(65) | YES | | NULL | |
| Fname | varchar(65) | YES | | NULL | |
| Lname | varchar(65) | YES | | NULL | |
| Password | varchar(32) | YES | | NULL | |
| Password1 | varchar(32) | YES | | NULL | |
| EmailAddress | varchar(255) | YES | | NULL | |
+--------------+--------------+------+-----+---------+----------------+
7 rows in set (0.00 sec)
但是,当我运行此代码时
if($email_exists == false && $Password == $Password1)
{
$sql="INSERT INTO users(u_Username, u_Fname, u_Lname, u_EmailAddress, u_Password)
VALUES('$_POST[$Username]', '$_POST[$Fname]', '$_POST[$Lname]', '$_POST[$EmailAddress]', '$_POST[$Password]')";
echo "<pre>"; print_r($sql); exit;
if(!mysqli_query($link, $sql))
{
#$query = mysqli_query($myConnection, $sqlCommand);
#die (mysqli_error($myConnection));
die('Error: ' . mysqli_error($link));
}
header("location: login.php");
}
我收到此错误:
INSERT INTO users(u_Username, u_Fname, u_Lname, u_EmailAddress, u_Password)
VALUES('', '', '', '', '')
这里的错误是什么?我正在使用php和mysqli。我是新手,但我正在尝试让我的寄存器.php文件接受并添加到我的数据库中。
编辑这里是完整的代码
<?php
session_start();
require_once('connect.php');
require_once "utils.php";
if(isset($_POST['submit']))
{
//CHECK EMPTY FORM DATA and SANITIZE
if(!empty($_POST['Username'])&&
!empty($_POST['Fname'])&&
!empty($_POST['Lname'])&&
!empty($_POST['EmailAddress'])&&
!empty($_POST['Password'])&&
!empty($_POST['Password1']))
{
$Username = mysqli_real_escape_string($link,htmlentities($_POST['Username']));
$Fname = mysqli_real_escape_string($link,htmlentities($_POST['Fname']));
$Lname = mysqli_real_escape_string($link,htmlentities($_POST['Lname']));
$Password = mysqli_real_escape_string($link,htmlentities($_POST['Password']));
$Password1 = mysqli_real_escape_string($link,htmlentities($_POST['Password1']));
$EmailAddress = mysqli_real_escape_string($link,htmlentities($_POST['EmailAddress']));
}
else { header("Location: register.php");exit(); }
if(isset($EmailAddress) && !empty($EmailAddress) &&
isset($Password) && !empty($Password))
{
$email_exists = false;
$sql="SELECT * FROM users WHERE EmailAddress='$EmailAddress'";
if($result = mysqli_query($link, $sql))
{
while($record = mysqli_fetch_row($result))
{
if($record = $EmailAddress)
{
$email_exists = true;
}
if($email_exists = true)
{
echo "<div id='reg_error1'>* The Email Used Already Exists! <br></div>";
}
}
}
if($Password != $Password1)
{
echo "<div id='reg_error2'>* Your Password Does Not Match!<br></div>";
}
if($email_exists == false && $Password == $Password1)
{
$sql="INSERT INTO users(Username, Fname, Lname, EmailAddress, Password)
VALUES('{$_POST['$Username']}', '{$_POST['$Fname']}', '{$_POST['$Lname']}', '{$_POST['$EmailAddress']}', '{$_POST['$Password']}')";
echo "<pre>"; print_r($sql); exit;
if(!mysqli_query($link, $sql))
{
#$query = mysqli_query($myConnection, $sqlCommand);
#die (mysqli_error($myConnection));
die('Error: ' . mysqli_error($link));
}
header("location: login.php");
}
echo "<hr>";
}
}
$sql="INSERT INTO users(Username, Fname, Lname, EmailAddress, Password)
VALUES('{$_POST['$Username']}', '{$_POST['$Fname']}', '{$_POST['$Lname']}', '{$_POST['$EmailAddress']}', '{$_POST['$Password']}')";
???
您已经将 POST 变量提取到这些本地变量中,那么为什么要尝试将它们用作 post 数组上的索引参数呢?
$sql="INSERT INTO users(Username, Fname, Lname, EmailAddress, Password)
VALUES('{$Username'}', '{$Fname}', '{'$Lname}', '{'$EmailAddress'}', '{$Password}')";
如果我对您的代码进行了错误的编辑,例如在错误的地方引用,那就是因为我永远不会编写这样的查询。PDO和准备好的语句或存储过程是我一直在使用sonce 2003的,我相信任何不这样做的人都只是在自找麻烦。
您已经在变量中存储了 $_POST 值,例如
$Username = mysqli_real_escape_string($link,htmlentities($_POST['Username']));
因此,请在查询中使用这些变量。
INSERT INTO users(Username, Fname, Lname, EmailAddress, Password)
VALUES('$Username'', '$Fname', '$Lname', '$EmailAddress', '$Password')
您可以在处理像这样的小表时插入它。这是一些短手,但效果很好。
$sql="INSERT INTO users VALUES('', '$_POST[Username]', '$_POST[Fname]', '$_POST[Lname]', '$_POST[EmailAddress]', '$_POST[Password]')";
''...未指定,因为它是自动生成的。 在表中,因为 ID 是这里的主键,我希望你把它放在自动增量上,我只是用一个值或''留空它......未指定,因为它是自动生成的。
另外,我不建议您在不进行任何服务器端验证的情况下直接插入用户的值。