为什么不想检查然后插入

时间:2014-01-07 06:44:05

标签: php mysqli sql-insert

对于学校我必须制作一个有工作登录和注册系统的投资组合,登录部分有点工作但是通过重新编写部分我有点卡住了。那么为什么在检查用户名和电子邮件已存在的数据库之后不想插入用户数据呢? (希望你不介意,但我仍然是最近开始编码的学生)

<?php
    include_once 'db_connect.php';
    include_once 'psl-config.php';

    $error_msg = "";

if (isset($_POST['username'], $_POST['email'], $_POST['p'])) {
    $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
    $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
    $email = filter_var($email, FILTER_VALIDATE_EMAIL);
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $error_msg .= '<p class="error">The email address you entered is not valid!</p>';
    }
    $password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
    if (strlen($password) != 128) {
        $error_msg .= '<p class="error">Invalid password configuration.</p>';
    }
    $query_username = "SELECT id
    FROM members
    Where username == '$username'
    LIMIT 1";
    $available_username = array();
    if ($resultUsername = mysqli_query($mysqli, $query_username)) {
        if (mysqli_num_rows($resultUsername) > 0) {
            $error_msg .= '<p class="error">A user with this username already exists!</p>';
        }
    }
    $query_email = "SELECT id
    FROM members
    Where email == '$email'
    LIMIT 1";
    $available_email = array();
    if ($resultEmail = mysqli_query($mysqli, $query_email)) {
        if (mysqli_num_rows($resultEmail) > 0) {
            $error_msg .= '<p class="error">A user with this email adress already exists!</p>';
        }
    }
    if (empty($error_msg)) {
        $ipadress = $_SERVER['REMOTE_ADDR'];
        $random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
        $password = hash('sha512', $password . $random_salt);
        if (!$tableRowEmail = 1) {
            $sqlinsert = "INSERT INTO members (username, email, ipadress, password, salt) VALUES ($username, $email, $ipadress, $password, $random_salt)";
            if (!mysqli_query($mysqli, $sqlinsert)) {
                header('Location: ../error.php?err=Registration failure: INSERT');
            }
        }
        header('Location: ./register_success.php');
    }
}
?>

2 个答案:

答案 0 :(得分:1)

只是猜测:在sql语句中使用==。我非常确定你应该只使用=

答案 1 :(得分:0)

字段值缺少单引号' 所有字段都是varchar datatype.Single引号应该用于字符串值。

$sqlinsert = "INSERT INTO members (username, email, ipadress, password, salt) VALUES ('$username', '$email', '$ipadress', '$password', '$random_salt')";
相关问题
最新问题