PHP插入发送到数据库,但没有输入任何内容,可以登录但不能注册[关闭]

问题描述 投票:0回答:1

Server.php

<?php
session_start();

// initializing variables
$fname = "";
$lname = "";
$email = "";
$join = "";
$vatsim = "";
$how = "";
$pass = "";
$errors = array();

// connect to the database
$conn = mysqli_connect('XXXXXXXXXXXXXXX', 'XXXXXXXXXX', 'XXXXXXX', 'XXXXXXXXX');



// REGISTER USER

  $fname = mysqli_real_escape_string($db, $_POST['fname']);
  $lname = mysqli_real_escape_string($db, $_POST['lname']);
  $email = mysqli_real_escape_string($db, $_POST['email']);
  $pass = mysqli_real_escape_string($db, $_POST['passwd']);
  $vatsim = mysqli_real_escape_string($db, $_POST['vatsim']);
  $how = mysqli_real_escape_string($db, $_POST['how']);
  $join = mysqli_real_escape_string($db, $_POST['join']);

  if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
  }

  $sql = "INSERT INTO users (fname, lname, email, password, vatsim, how, why)
VALUES ('$fname', '$lname', '$email', '$pass', '$vatsim', '$how', '$join')";

if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

echo $query;

$conn->close();


// LOGIN USER
if (isset($_POST['login_user'])) {
    $TOM = mysqli_real_escape_string($db, $_POST['TOM']);
    $pass = mysqli_real_escape_string($db, $_POST['passwd']);

}
    if(empty($TOM)) {
        array_push($errors, "TOM Number is required");
    }
    if (empty($pass)) {
        array_push($errors, "Password is required");
    }

    if (count($errors) == 0) {
        $pass = md5($pass);
        $query = "SELECT * FROM users WHERE TOM='$TOM' AND password='$pass'";
        $results = mysqli_query($db, $query);
        if (mysqli_num_rows($results) == 1)  {
          $_SESSION['username'] = $TOM;
          $_SESSION['success'] = "You are now logged in";
          header('location: pilot');
        }else {
            array_push($errors, "Username or Password Incorrect");
        }
    }





  ?>

join.php(表单部分)

<?php 

require('server.php');


?>
<form action="" method="post">
  <div class="container">



    <input type="text" placeholder="First Name *" name="fname" value="<? print_r($fname)?>" required>
<br>
    <input type="text" placeholder="Last Name *" name="lname" required>
    <br>
    <input type="text" placeholder="Email *" name="email" required>
    <br>
    <input type="password" placeholder="Password *" name="passwd" required>
    <br>
    <input type="password" placeholder="Confirm Password *" name="passwdconf" required>
    <br>
    <input type="text" placeholder="VATSIM CID (If Applicable)" name="vatsim" >
    <br>
    <input type="text" placeholder="How did you hear about us? *" name="how" required>
    <br>
    <input type="text" placeholder="Why do you want to join? *" name="join" required>


<br>
<br>
<p class="req">* Required Field</p>
    <br>
    <button type="submit" class="registerbtn" name="reg_user">Register</button>
  </div>

</form>

[当用户注册数据库行为空时,我们可以直接从phpmyadmin输入用户帐户并将其登录到系统中,但我不知道为什么此代码只是将空行输入到表中

对此问题的任何帮助,将不胜感激,

非常感谢哈维

php mysql forms
1个回答
0
投票

首先使用准备好的语句来防止SQL注入,并使用php password_hash而不是md5

在这里查看更多:https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php

在同一页面上登录和注册的示例。

注册表格:

<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
    <input type="text" placeholder="Last Name *" name="lname" required>
    <br>
    <input type="text" placeholder="Email *" name="email" required>
    <button type="submit" class="registerbtn" name="reg_user">Register</button>
</form>

登录表格:

<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
    <input type="text" placeholder="Last Name *" name="username" required>
    <br>
    <input type="password" placeholder="pass *" name="password" required>
    <button type="submit" class="registerbtn" name="login_user">Login</button>
</form>

如果存在,必须输入PHP代码注册代码

if (isset($_POST['registerbtn'])) {
 //write your register codes here 
 // You can log in users after registration success

}

如果有密码,则必须输入登录代码

if (isset($_POST['login_user'])) {
 //write your Login codes here 

}
© www.soinside.com 2019 - 2024. All rights reserved.