Server.php
<?php
session_start();
// initializing variables
$fname = "";
$lname = "";
$email = "";
$join = "";
$vatsim = "";
$how = "";
$pass = "";
$errors = array();
// connect to the database
$conn = mysqli_connect('XXXXXXXXXXXXXXX', 'XXXXXXXXXX', 'XXXXXXX', 'XXXXXXXXX');
// REGISTER USER
$fname = mysqli_real_escape_string($db, $_POST['fname']);
$lname = mysqli_real_escape_string($db, $_POST['lname']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$pass = mysqli_real_escape_string($db, $_POST['passwd']);
$vatsim = mysqli_real_escape_string($db, $_POST['vatsim']);
$how = mysqli_real_escape_string($db, $_POST['how']);
$join = mysqli_real_escape_string($db, $_POST['join']);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO users (fname, lname, email, password, vatsim, how, why)
VALUES ('$fname', '$lname', '$email', '$pass', '$vatsim', '$how', '$join')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
echo $query;
$conn->close();
// LOGIN USER
if (isset($_POST['login_user'])) {
$TOM = mysqli_real_escape_string($db, $_POST['TOM']);
$pass = mysqli_real_escape_string($db, $_POST['passwd']);
}
if(empty($TOM)) {
array_push($errors, "TOM Number is required");
}
if (empty($pass)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$pass = md5($pass);
$query = "SELECT * FROM users WHERE TOM='$TOM' AND password='$pass'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $TOM;
$_SESSION['success'] = "You are now logged in";
header('location: pilot');
}else {
array_push($errors, "Username or Password Incorrect");
}
}
?>
join.php(表单部分)
<?php
require('server.php');
?>
<form action="" method="post">
<div class="container">
<input type="text" placeholder="First Name *" name="fname" value="<? print_r($fname)?>" required>
<br>
<input type="text" placeholder="Last Name *" name="lname" required>
<br>
<input type="text" placeholder="Email *" name="email" required>
<br>
<input type="password" placeholder="Password *" name="passwd" required>
<br>
<input type="password" placeholder="Confirm Password *" name="passwdconf" required>
<br>
<input type="text" placeholder="VATSIM CID (If Applicable)" name="vatsim" >
<br>
<input type="text" placeholder="How did you hear about us? *" name="how" required>
<br>
<input type="text" placeholder="Why do you want to join? *" name="join" required>
<br>
<br>
<p class="req">* Required Field</p>
<br>
<button type="submit" class="registerbtn" name="reg_user">Register</button>
</div>
</form>
[当用户注册数据库行为空时,我们可以直接从phpmyadmin输入用户帐户并将其登录到系统中,但我不知道为什么此代码只是将空行输入到表中
对此问题的任何帮助,将不胜感激,
非常感谢哈维
首先使用准备好的语句来防止SQL注入,并使用php password_hash
而不是md5
在这里查看更多:https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php
在同一页面上登录和注册的示例。
注册表格:
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
<input type="text" placeholder="Last Name *" name="lname" required>
<br>
<input type="text" placeholder="Email *" name="email" required>
<button type="submit" class="registerbtn" name="reg_user">Register</button>
</form>
登录表格:
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
<input type="text" placeholder="Last Name *" name="username" required>
<br>
<input type="password" placeholder="pass *" name="password" required>
<button type="submit" class="registerbtn" name="login_user">Login</button>
</form>
如果存在,必须输入PHP代码注册代码
if (isset($_POST['registerbtn'])) {
//write your register codes here
// You can log in users after registration success
}
如果有密码,则必须输入登录代码
if (isset($_POST['login_user'])) {
//write your Login codes here
}