我有一个HTML注册表单,允许新用户注册到网站。:
<form action="register.php" method="POST" class="register-form">
<h1>Create Account</h1>
<label>
<span>First Name :</span>
<input id="firstname" type="text" name="firstname" placeholder="Your First Name" autocomplete="off" required/>
</label>
<label>
<span>Surname :</span>
<input id="surname" type="text" name="surname" placeholder="Your Surname" autocomplete="off" required/>
</label>
<label>
<span>Username :</span>
<input id="username" type="text" name="username" placeholder="Your Chosen Username" autocomplete="off" required/>
</label>
<label>
<span>Email :</span>
<input id="email" type="email" name="email" placeholder="Your Email Address" autocomplete="off" required/>
</label>
<label>
<span>Password :</span>
<input id="password" type="password" name="password" placeholder="Your Chosen Password" autocomplete="off" required/>
</label>
<hr>
<input name="action" type="hidden" value="signup" />
<input type="submit" class="btn register btn-success btn-lg" name="submit" value="Register">
</form>
进入register.php:
<?php
$connection = mysql_connect('localhost', 'root', 'password');
if (!$connection) {
die("Database Connection Failed" . mysql_error());
}
$select_db = mysql_select_db('gmaps1');
if (!$select_db) {
die("Database Selection Failed" . mysql_error());
}
// If the values are posted, insert them into the database.
if (isset($_POST['username']) && isset($_POST['password'])) {
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$query = "INSERT INTO `users` (firstname, surname, username, password, email) VALUES ('$firstname', '$surname', '$username', '$password', '$email')";
$result = mysql_query($query);
if ($result) {
header("Location: thank_you.html");
} else {
echo 'User Not Created';
}
}
?>
但当我点击"注册"按钮时,它不会保存数据,并返回"用户未创建"。使用MySQLi比MySQL更好吗?或者有更好的方法吗??
错误检查解决了我的问题-"字段'active'没有默认值"
表"Users"中有一个非活动字段。我去掉了它,效果很好。它一定是错误添加的。
- 你没有得到"数据库连接失败",所以你成功地连接到了数据库
- 最好使用MySQLi或PDO(我的选择)
- 至少使用
mysql_real_escape
,也许使用trim()
,但这只是安全性的一个起点 - 检查所有数据库字段的命名方式是否与Insert语句中的命名方式完全相同
- 做一个
echo $query
,打开phpMyAdmin(例如),将输出复制粘贴到SQL字段中并发送->您可能会得到一个可以分析的MySQL错误 -
最好存储散列后的密码。尝试插入
MD5($password)
(有更好的选择!),并在登录时进行比较:if(MD5($inputPassword)==$passwordhashFromDatabase){}