1. 首頁
  2. 問答
  3. 爲什麼這個插入查詢不起作用?

爲什麼這個插入查詢不起作用?

2017-05-21 47 views
0 
<!DOCTYPE html> 
    <html> 
    <head> 
     <title>User Registration</title> 
    </head> 
    <body> 
    <!--Design area--> 
    <a href="register.php">Register</a><=====><a href="login.php">Login</a> 
    <h3>Registration Form</h3> 
    <form action="" method="post"> 
     <input type="text" name="username"> 
     <input type="password" name="password"> 
     <input type="submit" name="register" value="Register"> 
    </form> 

<!--End design area--> 
<!--PHP Section--> 
<?php 
if(isset($_POST['register'])){ 
    $username=$_POST['username']; 
    $password=$_POST['password']; 
    $con=mysqli_connect('localhost','root','','log') or die("Connection failure"); 
    $query="SELECT * FROM log_data WHERE username='".$username."'";//Validation query 
    $run_query=mysqli_query($con,$query); 
    $row_count=mysqli_num_rows($run_query);

直到現在一切正常。但是,當我給行計數條件,然後編寫插入查詢,那時瀏覽器說帳戶沒有創建。這意味着我的查詢沒有運行。爲什麼?爲什麼這個插入查詢不起作用?

if($row_count==0){ 
     $query="INSERT INTO log_data(username,password) VALUES('$username','$password')";//insert query 
     $run_query=mysqli_query($con,$query); 
     if($run_query){//if inserted 
    echo "Account Successfully Created"; 
    } else { 
    echo "Account not created"; 
    } 

}else{ 
    echo "This username already exits"; 
} 
} 

?> 
<!--End Php Section--> 
</body> 
</html>

來源

2017-05-21 Shuvro Jyoti

+2

您的代碼容易受到SQL注入。請學習使用[預先準備的語句](https://www.youtube.com/watch?v=nLinqtCfhKY)。另外,將密碼存儲爲純文本字符串是一個糟糕的主意。 –

+0

mysqli_num_rows($ query); –

+0

$ row_count = $ query-> num_rows; ('$ username','$ password')「; //插入查詢 $ run_query = mysqli_query($ con,$ query)或者死(mysqli_error) –

回答

-1

您可能需要採取一些預防措施來防止SQL注入,因此此代碼很容易受到攻擊。

$stmt = mysqli->prepare("SELECT col1 FROM t1 WHERE col2 = ?"); 
$stmt->bind_param("s", $username); 

$stmt->execute();

這應該有幫助,確保你使用'?'任何用戶定義的輸入變量的佔位符。

來源

2017-05-21 11:55:29

-1

試試這個..

<?php 

$con=mysqli_connect("localhost","root","","log"); 
// Check connection 

if (mysqli_connect_errno()) 
    { 
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
    } 


if(isset($_POST['register'])){ 

    $username=$_POST['username']; 
    $password=$_POST['password']; 

    $query="SELECT * FROM log_data WHERE username='".$username."'"; //Validation query 


    if ($result=mysqli_query($con,$query)){ 

    $rowcount=mysqli_num_rows($result); 
    //$row_count = $query->num_rows; 

    if($rowcount==0){ 

     $sql="INSERT INTO log_data(username,password) VALUES('$username','$password')"; //insert query 

     $run_query=mysqli_query($con,$sql); 

     if($run_query){ //if inserted 

      echo "Account Successfully Created"; 
     } 

     else { 

     echo "Account not created"; 

     } 

    } 
    else{ 

    echo "This username already exits"; 

    } 
} 

} 

?>

來源

2017-05-21 12:03:49

相關問題

 相關問題