我在與我創建(僅用於測試目的,我知道這是容易受到SQL注入)一個形式的問題PHP的形式不插入值到數據庫
基本上,形式不插入到數據庫,但它似乎在劇本上回歸真實。
的代碼如下:
form.php的
<form action="create.php" method="post">
<p>Username: <input type="text" name="username" />
</p>
<p>Password: <input type="password" name="password" />
</p>
<p><input type="submit" value="Create" name= "cre" />
</p>
</form>
create.php
<?php
session_start();
$dbname = "obsidian";
if(isset($_POST['cre'])){
$username = $_POST['username'];
$password = $_POST['password'];
$mysqli = new mysqli('localhost','admin1', 'password1','obsidian') or die('Failed to connect to DB' . $mysqli->error);
$hashed_password = password_hash($password,PASSWORD_DEFAULT);
$registerquery = "INSERT INTO users (username, hash) VALUES('$username', '$hashed_password')";
if($registerquery = true)
{
echo "<h1>Success</h1>";
echo "<p>Your account was successfully created. Please <a href=\"index.php\">click here to login</a>.</p>";
}
else
{
echo "<h1>Error</h1>";
echo "<p>Sorry, your registration failed. Please go back and try again.</p>";
}
}
?>
我得到了成功的消息,但正如我所說,價值沒有得到插入到數據庫中。
任何幫助都會很好。
永遠不會在數據庫上運行插入查詢。 – Pitchinnate 2014-12-03 19:04:45
...你很容易受到[sql注入攻擊](http://bobby-tables.com) – 2014-12-03 19:06:20
你有沒有區別=和==? – bksi 2014-12-03 19:07:48