0
好吧,讓我的註冊系統正確地將用戶名,密碼和電子郵件插入到我的數據庫中,但沒有任何其他字段。我首先嚐試將值直接放入SQL查詢中,然後將它們作爲隱藏文本字段放在窗體中。直接值給出了SQL語法錯誤,隱藏文本不會插入任何東西,但會成功添加用戶,傳遞和電子郵件。所有MYSQL字段類型都是LONGTEXT。這是代碼。註冊PHP/SQL不會插入長文本字段
Register.php
<form name="register" method="post" action="register2.php"><br />
Username<br><input name="username" type="text" size="20" /><br /><br />
Password<br><input name="password" type="password" size="20" /><br /><br />
E-mail<br><input name="email" type="text" size="20" /><br /><br />
<input="hidden" id="status" type="text" value=Waiting for a request size="100" />
<input="hidden" id="request" type="text" value="None sent" size="100" />
<input="hidden" id="paid" type="text" value="Please pay for an instant spot" size="100" />
<input="hidden" id="priority" type="text" value="To be determined by your web designer" size="100" />
<input="hidden" id="files" type="text" value="None" size="100" />
<input="hidden" id="filespass" type="text" value=None" size="100" /><div id="captcha2">
<img id="captcha" src="securimage/securimage_show.php" alt="CAPTCHA Image" /><br><br>Please re-write the security code below<br><input type="text" name="captcha_code" size="10" maxlength="6" size="20"/></div>
<br>
<input type="submit" name="submit" value="Register" /><br><br>
<a href='forgot.php'>Forgot</a> your password?<br>
</form>
Register2.php
<?php
include_once 'securimage/securimage.php';
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']) == false) {
// the code was incorrect
// you should handle the error so that the form processor doesn't continue
// or you can use the following code if there is no validation or you do not know how
echo "The security code entered was incorrect.<br /><br />";
echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
exit;
}else{
$con = mysql_connect(secret);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("dylanmediagroup", $con);
$username = htmlspecialchars($_POST['username']);
$password = htmlspecialchars($_POST['password']);
$email = htmlspecialchars($_POST['email']);
$status = htmlspecialchars($_POST['status']);
$priority = htmlspecialchars($_POST['priority']);
$paid = htmlspecialchars($_POST['paid']);
$files = htmlspecialchars($_POST['files']);
$filespass = htmlspecialchars($_POST['filespass']);
$checkuser = mysql_query("SELECT * FROM users WHERE username ='$username'");
$checkemail = mysql_query("SELECT * FROM users WHERE email='$password'");
if(mysql_num_rows($checkuser) > 0) { //check if there is already an entry for that username
echo "<img src='http://www.myhealthguardian.com/wp-content/uploads/2010/01/sad-face.gif' width='25%' height='21%'><br><br>Account already registered.<br> <a href='forgot.php'>Forgot</a> your password?<br><br>";
} else {
$sql="INSERT INTO `users` (username, password, email, status, priority, paid, files, filespass) VALUES ('$username', '$password', '$email', '$status', '$priority', '$paid', '$files', '$filespass')";
}
if (!mysql_query($sql,$con))
{
}else{
echo "<img src='http://3.bp.blogspot.com/-vpsc13PCfc0/TaLCGaq2SjI/AAAAAAAACTA/hw2MDzTk6mg/s1600/smiley-face.jpg' height='21%' width='25%'><br><br>Your registration was successful, please <a href='login.php'>login</a> to continue.";
}
}
mysql_close($con)
?>
在插入之前嘗試'var_dump($ sql)'來查看查詢的樣子。另外,我會重新考慮使用所有'LONGTEXT'類型,因爲我認爲您不需要大多數這些列中的所有存儲。請考慮'VARCHAR'。 – drew010 2012-03-02 20:12:18
你不應該使用'htmlspecialchars'來消毒你的輸入。改用'mysql_real_escape_string'。 – 2012-03-02 20:17:06