PHP不在MySQL数据库中编写。

时间:2021-09-13 19:13:50

I have an HTML page with input fields where I'm using PHP to validate and eventually write into my MySQL Database called 'fantasymock'. If validation is successful, the user is directed to an empty page called thankyou.php (using for testing purposes), which I am being directed to. But unfortunately, the data is not being written into the database.

我有一个带有输入字段的HTML页面,我使用PHP来验证并最终写入我的MySQL数据库“fantasymock”。如果验证成功,则将用户定向到一个名为“thankyou”的空页面。php(用于测试目的),我将被引导到。但不幸的是,数据并没有写入数据库。

I've looked on the web and previous SO posts and don't see a similar situation likes mines. Can someone look at it and possibly find the issue? Code is somewhat long and apologize. Thank you.

我已经看过了网络和以前的帖子,并没有看到类似的情况。有人能看到这个问题吗?代码有点长,而且很抱歉。谢谢你!

<?php
// define variables and set to empty values
$emailErr = $userErr = $passwordErr = $cpasswordErr = $firstErr = $lastErr = $teamErr = "";
$userid = $email = $username = $password = $cpassword = $firstname = $lastname = $teamname = "";

// The preg_match() function searches a string for pattern, returning true if the pattern exists, and false otherwise.
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    //Validates email
    if (empty($_POST["email"])) {
        $email = NULL;
        $emailErr = "You Forgot to Enter Your Email!";
    } else {
        $email = test_input($_POST["email"]);
        // check if e-mail address syntax is valid
        if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) {
            $email = NULL;
            $emailErr = "You Entered An Invalid Email Format"; 
        }
    }
    //Validates Username
    if (empty($_POST["username"])) {
        $username = NULL;
        $userErr = "You Forgot to Enter Your Username!";
    } else {
        $username = test_input($_POST["username"]);
        }
    //Validates password & confirm passwords.
    if (empty($_POST["cpassword"])) {
        $password = NULL;
        $cpassword = NULL;
        $passwordErr = "You Forgot To Enter Your Password!";
        }
    if(!empty($_POST["password"]) && ($_POST["password"] == $_POST["cpassword"])) {
        $password = test_input($_POST["password"]);
        $cpassword = test_input($_POST["cpassword"]);
        if (strlen($_POST["password"]) < '7') {
            $password = NULL;
            $passwordErr = "Your Password Must Contain At Least 8 Characters!";
        }
        elseif(!preg_match("#[0-9]+#",$password)) {
            $password = NULL;
            $passwordErr = "Your Password Must Contain At Least 1 Number!";
        }
        elseif(!preg_match("#[A-Z]+#",$password)) {
            $password = NULL;
            $passwordErr = "Your Password Must Contain At Least 1 Capital Letter!";
        }
        elseif(!preg_match("#[a-z]+#",$password)) {
            $password = NULL;
            $passwordErr = "Your Password Must Contain At Least 1 Lowercase Letter!";
        }
    }
    elseif(!empty($_POST["password"])) {
        $password = NULL;
        $cpassword = NULL;
        $passwordErr = "Please Check You've Entered Or Confirmed Your Password Correctly!";
    }
    //Validates firstname
    if (empty($_POST["firstname"])) {
        $firstname = NULL;
        $firstErr = "You Forgot to Enter Your First Name!";
    } else {
        $firstname = test_input($_POST["firstname"]);
        //Checks if name only contains letters and whitespace
        if (!preg_match("/^[a-zA-Z ]*$/",$firstname)) {
            $firstname = NULL;
            $firstErr = "You Can Only Use Letters And Whitespaces!"; 
        }
    }
   if (empty($_POST["lastname"])) {
        $lastname = NULL;
        $lastErr = "You Forgot to Enter Your Last Name!";
    } else {
        $lastname = test_input($_POST["lastname"]);
        //Checks if name only contains letters and whitespace
        if (!preg_match("/^[a-zA-Z ]*$/",$lastname)) {
            $lastname = NULL;
            $lastErr = "You Can Only Use Letters And Whitespaces!"; 
        }
    }
    if (empty($_POST["teamname"])) {
        $teamname = NULL;
        $teamErr = "You Forgot to Enter Your Team Name!";
    } else {
        $teamname = test_input($_POST["teamname"]);
    }
    if ($email && $username && $password && $cpassword && $firstname && $lastname && $teamname) {
        mysql_connect("localhost", "root", "");
        @mysql_select_db("fantasymock") or die("Unable To Connect To the Database");

        //Variable used for the primary key in User Table in Database.
        $userid = $_POST['userid'];
        $email = $_POST['email'];
        $password = $_POST['password'];
        $cpassword = $_POST['cpassword'];
        $firstname = $_POST['firstname'];
        $lastname = $_POST['lastname'];
        $teamname = $_POST['teamname'];

        $query = "INSERT INTO user VALUES ('$userid', '$email', '$password', '$cpassword', '$firstname', '$lastname', '$teamname')";
        mysql_query($query);

        mysql_close();
        header("Location: thankyou.php");
        die();
    } else {
        echo '<p align="center"><strong>Errors on page</strong><br><br></p>';
    }
}
/*Each $_POST variable with be checked by the function*/
function test_input($data) {
     $data = trim($data);
     $data = stripslashes($data);
     $data = htmlspecialchars($data);
     return $data;
}
?>

<!--The htmlspecial() function prevents from hackers inserting specific characters in fields with malicious intent-->
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">

<table align="center" border="1" bordercolor="black" bgcolor="white" cellpadding="5" cellspacing="0" width="50%">
    <tr>
        <td>
            <table align="center" bordercolor="white" border="0" cellpadding="5" cellspacing="0">
                <tr>
                    <td align="center" colspan="2"><strong>Registration</strong></b></td>
                </tr>
                <tr>
                    <td colspan="2"><br></td>
                </tr>
                <tr>
                    <td align="right" width="20%">E-mail:</td>
                    <td align="left" width="30%"><input class="largeTextBox" type="text" name="email" maxlength="50" size="30" placeholder="&nbsp;email" value="<?php echo $email;?>"</td>
                </tr>
                <tr>
                    <td colspan="2" align="center"><span class="error"><?php echo $emailErr;?></td>
                </tr>
                <tr>
                    <td align="right" width="20%">Username:</td>
                    <td align="left" width="30%"><input class="largeTextBox" type="text" name="username" maxlength="50" size="30" placeholder="&nbsp;username" value="<?php echo $username;?>"></td>
                </tr>
                <tr>
                    <td colspan="2" align="center"><span class="error"><?php echo $userErr;?></td>
                </tr>
                <tr>
                    <td align="right" width="20%">Password:</td>
                    <td align="left" width="30%"><input class="largeTextBox" type="password" name="password" maxlength="50" size="30" placeholder="&nbsp;password" value="<?php echo $password;?>"></td>
                </tr>
                <tr>
                    <td colspan="2" align="center"><span class="error"><?php echo $passwordErr;?></td>
                </tr>
                <tr>
                    <td align="right" width="20%">Confirm Password:</td>
                    <td align="left" width="30%"><input class="largeTextBox" type="password" name="cpassword" maxlength="50" size="30" placeholder="&nbsp;confirm password" value="<?php echo $cpassword;?>"></td>
                </tr>
                <tr>
                    <td colspan="2" align="center"><span class="error"><?php echo $cpasswordErr;?></td>
                </tr>
                <tr>
                    <td align="right" width="20%">First Name:</td>
                    <td align="left" width="30%"><input class="largeTextBox" type="text" name="firstname" maxlength="50" size="30" placeholder="&nbsp;first name" value="<?php echo $firstname;?>"></td>
                </tr>
                <tr>
                    <td colspan="2" align="center"><span class="error"><?php echo $firstErr;?></td>
                </tr>
                <tr>
                    <td align="right" width="20%">Last Name:</td>
                    <td align="left"><input class="largeTextBox" type="text" name="lastname" maxlength="50" size="30" placeholder="&nbsp;last name" value="<?php echo $lastname;?>"></td>
                </tr>
                <tr>
                    <td colspan="2" align="center"><span class="error"><?php echo $lastErr;?></td>
                </tr>
                <tr>
                    <td align="right" width="20%">Team Name:</td>
                    <td align="left" width="30%"><input class="largeTextBox" type="text" name="teamname" maxlength="50" size="30" placeholder="&nbsp;team name" value="<?php echo $teamname;?>"></td>
                </tr>
                <tr>
                    <td colspan="2" align="center"><span class="error"><?php echo $teamErr;?></td>
                </tr>
                <tr>
                    <td colspan="2" align="center"><hr/></td>
                </tr>
                <tr>
                    <td colspan="2" align="center"><input class="bigButton" type="submit" name="submit" value="Submit"></td>
                </tr>
            </table>
        </td>
    </tr>
</table>
</form>

3 个解决方案

#1

2  

You should check if your query was succesfull or not. if not show the error.

您应该检查您的查询是否成功。如果不显示错误。

if (!mysql_query($query)) 
{
    die('Invalid query: ' . mysql_error());
}

And in your database, are all the columns strings(varchar) or are there also integers because if so you wont succeed .

在数据库中,所有的列都是字符串(varchar),或者也有整数,因为如果这样,就不会成功。

like this

像这样

$userid = $_POST['userid'];

i assume userid is a integer but you just assign it from post to var this var will be a string.

我假设userid是一个整数,但你只是把它从post分配到var这个var将是一个字符串。

in order to get a integer you should something like this

为了得到一个整数,你应该像这样。

$userid = $_POST['userid'];
$userid+=0;

And if your primary key is set to auto-increment you should not insert anything to that column. It will be done automaticlally

如果您的主键设置为自动递增,则不应该向该列插入任何内容。它会自动完成。

#2

0  

This probably won't solve the problem you're having but hopefully it helps.

这可能不会解决你的问题,但希望它能有所帮助。

try the query as

尽可能的查询

 "INSERT INTO user (`email`,`password`,`cpassword`,`firstname`,`lastname`,`teamname`)VALUES 
   ('$email', '$password', '$cpassword', '$firstname', '$lastname', '$teamname')"

let the db driver handle assigning the id using auto increment.

让db驱动程序使用自动增量来分配id。

You should also be aware you have some nasty sql injection vulnerabilities

您还应该知道您有一些恶意的sql注入漏洞。

#3

0  

I noticed you aren't handling MySQL errors. After you call a query, you should always have some kind of error checking. For mysql you should use mysql_error. For example:

我注意到你没有处理MySQL错误。调用查询之后,您应该总是有一些错误检查。对于mysql,您应该使用mysql_error。例如:

    $query = "INSERT INTO user VALUES ('$userid', '$email', '$password', '$cpassword', '$firstname', '$lastname', '$teamname')";
    mysql_query($query);
    echo mysql_errno($link) . ": " . mysql_error($link). "\n";

That should tell you your error.

那应该会告诉你你的错误。

#1

2  

You should check if your query was succesfull or not. if not show the error.

您应该检查您的查询是否成功。如果不显示错误。

if (!mysql_query($query)) 
{
    die('Invalid query: ' . mysql_error());
}

And in your database, are all the columns strings(varchar) or are there also integers because if so you wont succeed .

在数据库中,所有的列都是字符串(varchar),或者也有整数,因为如果这样,就不会成功。

like this

像这样

$userid = $_POST['userid'];

i assume userid is a integer but you just assign it from post to var this var will be a string.

我假设userid是一个整数,但你只是把它从post分配到var这个var将是一个字符串。

in order to get a integer you should something like this

为了得到一个整数,你应该像这样。

$userid = $_POST['userid'];
$userid+=0;

And if your primary key is set to auto-increment you should not insert anything to that column. It will be done automaticlally

如果您的主键设置为自动递增,则不应该向该列插入任何内容。它会自动完成。

#2

0  

This probably won't solve the problem you're having but hopefully it helps.

这可能不会解决你的问题,但希望它能有所帮助。

try the query as

尽可能的查询

 "INSERT INTO user (`email`,`password`,`cpassword`,`firstname`,`lastname`,`teamname`)VALUES 
   ('$email', '$password', '$cpassword', '$firstname', '$lastname', '$teamname')"

let the db driver handle assigning the id using auto increment.

让db驱动程序使用自动增量来分配id。

You should also be aware you have some nasty sql injection vulnerabilities

您还应该知道您有一些恶意的sql注入漏洞。

#3

0  

I noticed you aren't handling MySQL errors. After you call a query, you should always have some kind of error checking. For mysql you should use mysql_error. For example:

我注意到你没有处理MySQL错误。调用查询之后,您应该总是有一些错误检查。对于mysql,您应该使用mysql_error。例如:

    $query = "INSERT INTO user VALUES ('$userid', '$email', '$password', '$cpassword', '$firstname', '$lastname', '$teamname')";
    mysql_query($query);
    echo mysql_errno($link) . ": " . mysql_error($link). "\n";

That should tell you your error.

那应该会告诉你你的错误。

标签:

相关文章