爲什麼數據不會存儲在我的數據庫中？

Question

對不起，我是PHP新手，請耐心等待。我正在創建一個用戶界面，當我註冊時說我已經註冊，但它不會將數據存儲到數據庫中。有人可以幫幫我嗎！

<?PHP 
$uname = ""; 
$pword = ""; 
$errorMessage = ""; 
$num_rows = 0; 

function quote_smart($value, $handle) { 

    if (get_magic_quotes_gpc()) { 
     $value = stripslashes($value); 
    } 

    if (!is_numeric($value)) { 
     $value = "'" . mysql_real_escape_string($value, $handle) . "'"; 
    } 
    return $value; 
} 

if ($_SERVER['REQUEST_METHOD'] == 'POST'){ 


    $uname = $_POST['username']; 
    $pword = $_POST['password']; 

    $uname = htmlspecialchars($uname); 
    $pword = htmlspecialchars($pword); 

    $uLength = strlen($uname); 
    $pLength = strlen($pword); 

    if ($uLength >= 10 && $uLength <= 20) { 
     $errorMessage = ""; 
    } 
    else { 
     $errorMessage = $errorMessage . "Username must be between 10 and 20 characters" . "<BR>"; 
    } 

    if ($pLength >= 8 && $pLength <= 16) { 
     $errorMessage = ""; 
    } 
    else { 
     $errorMessage = $errorMessage . "Password must be between 8 and 16 characters" . "<BR>"; 
    } 



    if ($errorMessage == "") { 

    $user_name = "root"; 
    $pass_word = ""; 
    $database = "user authentication"; 
    $server = "127.0.0.1"; 

    $db_handle = mysql_connect($server, $user_name, $pass_word); 
    $db_found = mysql_select_db($database, $db_handle); 

    if ($db_found) { 

     $uname = quote_smart($uname, $db_handle); 
     $pword = quote_smart($pword, $db_handle); 


     $SQL = "SELECT * FROM login WHERE USERNAME = $uname"; 
     $result = mysql_query($SQL); 
     $num_rows = mysql_num_rows($result); 

     if ($num_rows > 0) { 
      $errorMessage = "Username already taken"; 
     } 

     else { 

      $SQL = "INSERT INTO login (L1, L2) VALUES ($uname, md5($pword))"; 

      $result = mysql_query($SQL); 

      mysql_close($db_handle); 

     //================================================================================= 
     // START THE SESSION AND PUT SOMETHING INTO THE SESSION VARIABLE CALLED login 
     // SEND USER TO A DIFFERENT PAGE AFTER SIGN UP 
     //================================================================================= 

      session_start(); 
      $_SESSION['login'] = "1"; 

      header ("Location: page1.php"); 

     } 

    } 
    else { 
     $errorMessage = "Database Not Found"; 
    } 




    } 

} 


?> 

    <html> 
    <head> 
    <title>Basic Login Script</title> 


    </head> 
    <body> 


<FORM NAME ="form1" METHOD ="POST" ACTION ="signup.php"> 

Username: <INPUT TYPE = 'TEXT' Name ='username' value="<?PHP print $uname;?>" maxlength="20"> 
Password: <INPUT TYPE = 'TEXT' Name ='password' value="<?PHP print $pword;?>" maxlength="16"> 

<P> 
<INPUT TYPE = "Submit" Name = "Submit1" VALUE = "Register"> 


</FORM> 
<P> 

<?PHP print $errorMessage;?> 

    </body> 
    </html> 

Answer 1

您可能還需要而使用PDO的，那麼你就不必做用戶輸入的清理作爲PDO會照顧的，對於你。你可能想創造的是把你所有的連接細節像這樣的文件：

<?php 

      define('DB_HOST', 'localhost'); 
      define('DB_NAME', 'user authentication'); 
      define('DB_USER', 'root'); 
      define('DB_PASS', ''); 
      define('DSN', 'mysql:host='. DB_HOST . ';dbname=' . DB_NAME); 

    ?> 

然後，您可能希望創建一個類來完成，如連接到數據庫：

<?php 

    class database{ 

    public function databaseConnect(){ 
      /*Creates a new instance of the PDO called $db. 
      * NOTE: the use of DSN, DB_USER and so on. These variable live in the dbsettings file. 
      */ 
      $db = new PDO(DSN,DB_USER,DB_PASS); 
      $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
      return $db; 
     } 
    } 

?> 

這時，你可能想創建一個類來註冊您的用戶，如：

<?php 

    //Include the database class file to allow access to properties and methods within that class. 
    require_once 'class.database.php'; 


    //echo 'I am database class file now included in the users class file. <br />'; 

    //This method will be user to check if the user enter the correct username password pair. 
    class users{ 


     public function checkValidUser($username){ 
      $userExists = false; 
      try { 
       $db = database::databaseConnect(); 

       $stmt = $db->prepare('SELECT uname FROM table WHERE uname=:username'); 
       $stmt->bindParam(':uname', $username, PDO::PARAM_STR); 
       $stmt->execute(); 

       if ($stmt->rowCount() == 1){ 
        $userExists = true; 
       } 

       $db = null; 

      } catch (PDOException $e) { 
       $userExists = false; 
      } 
      return $userExists; 
     } 

     public function addUser($firstname, $lastname, $username,$password){ 
      $success = true; 
      //Connect to the database 
      try { 
       $db = database::databaseConnect(); 
       //$db->databaseConnect(); 

       $stmt = $db->prepare('INSERT INTO table (FirstName, LastName, Username, Password) VALUES (:firstname, :lastname, :username, :password)'); 
       $stmt->bindParam(':firstname', $firstname, PDO::PARAM_STR); 
       $stmt->bindParam(':lastname', $lastname, PDO::PARAM_STR); 
       $stmt->bindParam(':username', $username, PDO::PARAM_STR); 
       $stmt->bindParam(':password', $password, PDO::PARAM_STR); 
       $success = $stmt->execute(); 

       if ($success){ 

        $success = true; 
       } 

       $db = null; 

      } catch (PDOException $e) { 
       //echo 'There was an error adding a new user. Please go back and try again. If this problem persits please contact the administrator.'; 
       $success = false; 
      } 
      return $success; 
     } 


?> 

希望這可以幫助。

Answer 2

enter link description here$SQL = "INSERT INTO login (L1, L2) VALUES ($uname, md5($pword))";

你不插入值插入適當的領域，它出現。您將$uname插入L1並將md5($pword)插入到L2中，但在上面的選擇查詢中，您爲用戶名擁有不同的字段名稱，並且我認爲密碼也是相同的。

$SQL = "SELECT * FROM login WHERE USERNAME = $uname";

最有可能的，你的插入查詢應該是這樣的：

$SQL = "INSERT INTO login (USERNAME, PASSWORD) VALUES ('{$uname}', MD5('{$pword}'))";

我因爲想必他們都是字符串添加各地的用戶名和密碼單引號。另外，我在變量中添加了大括號，以便從PHP中分離什麼是SQL。

最後一兩件事，我會檢查與這樣PDO爲Willem suggested