为什么这个插入查询不起作用?

时间:2017-05-21 11:46:50

标签: php mysqli 

    <!DOCTYPE html>
    <html>
    <head>
        <title>User Registration</title>
    </head>
    <body>
    <!--Design area-->
    <a href="register.php">Register</a><=====><a href="login.php">Login</a>
    <h3>Registration Form</h3>
    <form action=""  method="post">
        <input type="text" name="username">
        <input type="password" name="password">
        <input type="submit" name="register" value="Register">
    </form>

<!--End design area-->
<!--PHP Section-->
<?php 
if(isset($_POST['register'])){
    $username=$_POST['username'];
    $password=$_POST['password'];
    $con=mysqli_connect('localhost','root','','log') or die("Connection failure");
    $query="SELECT * FROM log_data WHERE username='".$username."'";//Validation query
    $run_query=mysqli_query($con,$query);
    $row_count=mysqli_num_rows($run_query);

直到现在一切正常。但是当我给出行计数条件然后写插入查询时,那时浏览器说帐户没有创建。这意味着我的查询没有运行。为什么呢?

if($row_count==0){
        $query="INSERT INTO log_data(username,password) VALUES('$username','$password')";//insert query
        $run_query=mysqli_query($con,$query);
        if($run_query){//if inserted
    echo "Account Successfully Created";
    } else {
    echo "Account not created";
    }

}else{
    echo "This username already exits";
}
}

 ?>
 <!--End Php Section-->
</body>
</html>

2 个答案:

答案 0 :(得分:-1)

您可能需要采取一些预防措施来防止SQL注入,此代码很容易受到攻击。

String delimitter = "\037"; // enough                                   
String delimitter = "\\037"; // not needed and wrong

这应该有所帮助,请确保使用&#39;?&#39;任何用户定义的输入变量的占位符。

答案 1 :(得分:-1)

试试这个.. 

<?php 

$con=mysqli_connect("localhost","root","","log");
// Check connection

if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }


if(isset($_POST['register'])){

    $username=$_POST['username'];
    $password=$_POST['password'];

    $query="SELECT * FROM log_data WHERE username='".$username."'"; //Validation query


    if ($result=mysqli_query($con,$query)){

    $rowcount=mysqli_num_rows($result);
    //$row_count = $query->num_rows;

    if($rowcount==0){

        $sql="INSERT INTO log_data(username,password) VALUES('$username','$password')"; //insert query

        $run_query=mysqli_query($con,$sql);

        if($run_query){  //if inserted

           echo "Account Successfully Created";
         } 

         else {

         echo "Account not created";

         }

     }
     else{

     echo "This username already exits";

     }
}

}

?>
相关问题
最新问题