-3
我目前很難理解爲什麼下面的腳本將成功返回給瀏覽器,但實際上並沒有將數據插入到數據庫中。 我知道我使用舊的MySQL指令,但我懷疑這應該是造成這個問題。 由於提前阿利斯泰爾PHP沒有插入到MySQL數據庫中
<?php
ob_start();
$host="localhost"; // Host name
$username="XXXXXX"; // Mysql username
$password="XXXXXXXXXXXXXXXXXXX"; // Mysql password
$db_name="XXXXXXXX"; // Database name
$tbl_name="XXXXXXXXXX"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define Variables
$myusername=$_POST['username'];
$password1=$_POST['password1'];
$password2=$_POST['password2'];
$emailadd=$_POST['emailadd'];
if($password1==$password2){
//Ecnrypt Password Using SHA512
$password1 = hash("sha512", $password1);
}
else {
//Passwords don't match return user to form with parameter
header("location:adduser.php?pwnomatch");
}
//Check user doesn't already exist
$sqlcheckuser="SELECT * FROM $tbl_name WHERE username='$username'";
$result1=mysql_query($sqlcheckuser);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result1);
//If user exists redirect back to login form
if($count==1){
header("location:adduser.php?userexist");
}
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($myusername);
$password1 = stripslashes($mypassword);
$emailadd = stripslashes($emailladd);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$emailadd = mysql_real_escape_string($emailladd);
$sqlinsertuser="INSERT INTO $tbl_name ('username', 'password', 'emailaddress' VALUES ($username, $password1, $emailadd)";
mysql_query($sqlinsertuser);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result2);
// Register user then redirect to "viewuser.php" with success parameter
header("location:viewuser.php?success");
ob_end_flush();
?>
SQL注入,我來了。 :) – hjpotter92 2013-03-23 11:46:24