我正在尝试将表单数据插入mysql数据库,但它没有插入到表中,并且没有错误!
这是我的代码
<?php
$con = mysqli_connect('localhost', 'root', '', 'register');
if (isset($_POST['submit'])) {
$shop = $_POST['shopname'];
$name = $_POST['name'];
$user = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$repassword = $_POST['repassword'];
$phone = $_POST['phone'];
$sql = "INSERT INTO registration (shop_name,name,username,email,password,repassword,phone) VALUES ('$shop','$name''$user','$email','$password','$repassword','$phone')";
if (mysqli_query($con, $sql)) {
echo "Signup Sucessfull";
} else {
echo mysqli_error();
}
}
?>
我该如何解决这个问题?
原来你忘了在名字后面加逗号。
'$name''$user' // Missing comma in between
此外,它应该是mysqli_error($con(,而不是mysqli_error((
尝试一些调试:
$sql = "INSERT INTO registration (shop_name,name,username,email,password,repassword,phone) VALUES ('".$shop."','".$name."', '".$user."','".$email."','".$password."','".$repassword."','".$phone."')";
mysqli_query($con, $sql) or die(mysqli_error($con));
您似乎错过了插入值之间的","。此代码将正常工作。
<?php
$con = mysqli_connect('localhost', 'root', '', 'register');
if (isset($_POST['submit'])) {
$shop = $_POST['shopname'];
$name = $_POST['name'];
$user = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$repassword = $_POST['repassword'];
$phone = $_POST['phone'];
$sql = "INSERT INTO registration (shop_name,name,username,email,password,repassword,phone) VALUES ('".$shop."','".$name."','".$user."','".$email."','".$password."','".$repassword."','".$phone."')";
if (mysqli_query($con, $sql)) {
echo "Signup Sucessfull";
} else {
die(mysqli_error($con));
}
}
?>
是的,正如@ObjectManipulator已经指出了你愚蠢的错误CCD_ 1附近。
我强烈建议您使用mysqli_prepare来避免SQL注入。
<?php
$con = mysqli_connect('localhost', 'root', '', 'register');
if (isset($_POST['submit'])) {
$stmt = mysqli_prepare($con, "INSERT INTO registration (shop_name,name,username,email,password,repassword,phone) VALUES (?, ?, ?, ?,?, ?, ?)");
mysqli_stmt_bind_param($stmt, 'sssssss',$_POST['shopname'],$_POST['name'],$_POST['username'],$_POST['email'],$_POST['password'],$_POST['repassword'],$_POST['phone']);
if (mysqli_stmt_execute($stmt)) {
echo "Signup Sucessfull";
} else {
echo mysqli_error($con);
}
}
?>
而且,正如@JonStirling建议不要以纯文本形式存储密码并使用任何密码API加密密码。
有很多方法可以加密您的密码。使用它们中的任何一个。现在,我用md5((进行了说明。
以及为什么要将password
和repassword
存储在数据库表中。在将用户数据存储到数据库表中时,请检查是否有密码&repassword是否匹配。
只是一个建议。这取决于你的选择。
<?php
$con = mysqli_connect('localhost', 'root', '', 'register');
if (isset($_POST['submit'])) {
if(isset($_POST['password']) && isset($_POST['repassword']) && ($_POST['password'] == $_POST['repassword'])){
$stmt = mysqli_prepare($con, "INSERT INTO registration (shop_name,name,username,email,password,phone) VALUES (?, ?, ?, ?, ?, ?)");
mysqli_stmt_bind_param($stmt, 'ssssss',$_POST['shopname'],$_POST['name'],$_POST['username'],$_POST['email'],md5($_POST['password']),$_POST['phone']);
if (mysqli_stmt_execute($stmt)) {
echo "Signup Sucessfull";
} else {
echo mysqli_error();
}
} else {
echo "Password must match.";
}
}
?>
else {
echo mysqli_error($con);
}
问题解决了。您忘记了MySQL错误输出的连接详细信息$con
。这将从查询中正确输出MySQL语法错误。
其他注意事项:
- 将Prepared语句用于MySQLi(链接(
- 使用适当的密码哈希算法,如
Password_hash
。不要使用MD5(速度太快,冲突太多(,NEVER将密码存储为明文 - 使用POSTed变量上的各种
filter_Var
来清除它们,并确保捕获到任何无效数据(例如不正确的电子邮件地址(
在sql查询中放入逗号,如下
$sql = "INSERT INTO registration (shop_name,name,username,email,password,repassword,phone)VALUES
('$shop','$name','$user','$email','$password','$repassword','$phone')";