我正在做一个注册站点,但没有收到任何错误,但是它不会将数据插入数据库中
我已经尝试了几乎所有东西,但我只是想不通
/ 配置文件已经是必需的,我已经将它放在header.php文件中,该文件对于我制作的每个文件都是自动需要的,因此它不是配置错误 /
<?php
if(isset($_POST["signupbtn"])){
if (($_POST["firstname"])!= "" && ($_POST["lastname"])!= "" && ($_POST["email"])!= "" && ($_POST["address"])!= "" && ($_POST["city"])!= "" && ($_POST["phone"])!= "") {
$checkToInsert = $mysqli->query("SELECT id from registrations where email='".$mysqli->real_escape_string($_POST["email"])."' AND username='".$mysqli->real_escape_string($_POST["username"])."'");
$row = $checkToInsert->fetch_assoc();
$count = $checkToInsert->num_rows;
if($count < 1){
$sql = "INSERT INTO registrations (firstname, lastname, username, email, password, age, city, address, phone, gender, purpose, hash)
VALUES (?,?,?,?,?,?,?,?,?,?,?,?)";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param("ssssiissiiis", $firstname, $lastname, $username, $email, $password1, $age, $city, $address, $phone, $gender, $purpose, $hash);
$firstname = $mysqli>real_escape_string($_POST["firstname"]);
$lastname = $mysqli->real_escape_string($_POST["lastname"]);
$username = $mysqli->real_escape_string($_POST["username"]);
$email = $mysqli->real_escape_string($_POST["email"]);
$password1 = $mysqli->real_escape_string($_POST["password"]);
$age = $mysqli->real_escape_string($_POST["age"]);
$address = $mysqli->real_escape_string($_POST["address"]);
$city = $mysqli->real_escape_string($_POST["city"]);
$phone = $mysqli->real_escape_string($_POST["phone"]);
$gender = $mysqli->real_escape_string($_POST["gender"]);
$purpose = $mysqli->real_escape_string($_POST["purpose"]);
$hash = md5( rand(0,1000) );
$stmt->execute();
?>
<form action="?page=login" method="POST">
<div class="form-group">
<h1>Sign Up</h1>
<p>Please fill in this form to create an account.</p>
<hr>
<label for="firstname">Firstname</label>
<input type="text" placeholder="Enter firstname" class="form-control" name="firstname" required><br>
</div>
<div class="form-group">
<label for="lastname">Lastname</label>
<input type="text" class="form-control" placeholder="Enter lastname" name="lastname" required><br>
</div>
<div class="form-group">
<label for="username">Username</label>
<input type="text" placeholder="Enter username" class="form-control" name="username" required><br>
</div>
<div class="form-group">
<label for="email">Email</label>
<input type="email" placeholder="Enter Email" class="form-control" name="email" required><br>
</div>
<div class="form-group">
<label for="password">Password</label>
<input type="password" placeholder="Enter Password" name="password" class="form-control" required><br>
</div>
<div class="form-group">
<label for="age">Age</label>
<input type="date" placeholder="Enter age" class="form-control" name="age" required><br>
</div>
<div class="form-group">
<label for="address">Address</label>
<input type="text" placeholder="Enter address" class="form-control" name="address"><br>
</div>
<div class="form-group">
<label for="city">City</label>
<input type="text" placeholder="Enter city" class="form-control" name="city" required><br>
</div>
<div class="form-group">
<label for="phone">Phone number</label>
<input type="text" placeholder="Enter phonenumber" class="form-control" name="phone" required><br>
</div>
<div class="form-group">
<label class="form-check-label" for="gender">Gender</label><br>
<input type="radio" class="form-check-label" name="gender" value="0" required> Male<br>
<input type="radio" class="form-check-label" name="gender" value="1" required> Female<br>
<input type="radio" class="form-check-label" name="gender" value="2" required> Other<br>
</div><br>
<div class="form-group">
<label class="form-check-label" for="purpose">Why are you here?</label><br>
<input type="radio" class="form-check-label" name="purpose" value="0" required> I want to work<br>
<input type="radio" class="form-check-label" name="purpose" value="1"required> I'm an employer<br>
</div><br>
<div class="form-group">
<button type="submit" class="btn btn-primary" name="signupbtn">Sign Up</button>
</div>
</div>
</form
我想将数据插入数据库
答案 0 :(得分:1)
$sql = "INSERT INTO registrations (firstname, lastname, username, email, password, age, city, address, phone, gender, purpose, hash) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param("ssssiissiiis", $_POST["firstname"], $_POST["lastname"], $_POST["username"], $_POST["email"], $_POST["password"], $_POST["age"], $_POST["city"], $_POST["address"], $_POST["phone"], $_POST["gender"], $_POST["purpose"], md5(rand(0,1000)));
$stmt->execute();
$mysqli->real_escape_string()在这种情况下确实没有用,尤其是当参数已经绑定时;那是双重无用的。它只会给一个相当简单的脚本增加一些噪音。仍然建议使用$_POST和isset()验证!empty()。
答案 1 :(得分:0)
您不能使用未定义的变量,因此代码顺序应为:
$sql = "INSERT INTO registrations (firstname, lastname, username, email, password, age, city, address, phone, gender, purpose, hash) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)";
$stmt = $mysqli->prepare($sql);
$firstname = $mysqli>real_escape_string($_POST["firstname"]);
$lastname = $mysqli->real_escape_string($_POST["lastname"]);
$username = $mysqli->real_escape_string($_POST["username"]);
$email = $mysqli->real_escape_string($_POST["email"]);
$password1 = $mysqli->real_escape_string($_POST["password"]);
$age = $mysqli->real_escape_string($_POST["age"]);
$address = $mysqli->real_escape_string($_POST["address"]);
$city = $mysqli->real_escape_string($_POST["city"]);
$phone = $mysqli->real_escape_string($_POST["phone"]);
$gender = $mysqli->real_escape_string($_POST["gender"]);
$purpose = $mysqli->real_escape_string($_POST["purpose"]);
$hash = md5( rand(0,1000) );
$stmt->bind_param("ssssiissiiis", $firstname, $lastname, $username, $email, $password1, $age, $city, $address, $phone, $gender, $purpose, $hash);
$stmt->execute();
还要注意,准备查询时不需要real_escape_string。但是,您可以在变量前的(int)前面使用整数。您可能还需要检查变量的类型i或s。
您可以使用内置函数代替($_POST["firstname"])!= "":!empty($_POST['firstname'])