-4
我有這個問題,我有一個註冊表單,我正在使用PHP和MySQL。問題是,即使所有數據都有效,它也不會將信息輸入到數據庫中。我知道數據庫已連接,因爲我可以在我的網站的登錄部分使用它。我認爲這是電子郵件和用戶名交叉檢查數據庫的問題,但我不確定。花括號的位置還是更復雜?我的php沒有進入sql數據庫的值,我的代碼有什麼問題?
<?php
include_once('db.php');
$name = mysql_real_escape_string($_POST["name"]);
$username = mysql_real_escape_string(($_POST["username"]));
$password = mysql_real_escape_string(md5 ($_POST["password"]));
$repeatpassword = mysql_real_escape_string($_POST['repeatpassword']);
$email = mysql_real_escape_string($_POST["email"]);
$confirmemail = mysql_real_escape_string($_POST['confirmemail']);
// the below if statement is for when the user does NOT have JS enabled in their browser
if(empty($name) || empty($username) || empty($password) || empty($email)){
echo "(*) indicate that the fields are mandatory.";
exit();
}
if($email == $confirmemail){
exit();
}else{
echo "Your Email address does not match.";
}
if($email == $repeatpassword){
exit();
}else{
echo "Your Passwords do not match.";
exit();
}
$res = mysql_query("SELECT username FROM users WHERE username='$username'");
$row = mysql_fetch_row($res);
$res1 = mysql_query("SELECT email FROM users WHERE email='$email'");
$row1 = mysql_fetch_row($res1);
if($row > 0){
echo nl2br("The username $username is already in use");
}else{
if($row1 > 0){
echo nl2br("the email address $email is already in use");
}else{
$sql = "INSERT INTO users VALUES('','$name', '$username', '$password', '$email')";
if(mysql_query($sql)){
echo "Inserted Successfully";
}else{
echo "Insertion Failed";
}
}
}
?>
錯誤的查詢,你沒有指定列名 – Poria
你不必指定列名,儘管它非常推薦。 –
[Little Bobby](http://bobby-tables.com/)說[你的腳本存在SQL注入攻擊的風險。](http://stackoverflow.com/questions/60174/how-can-i-prevent -sql噴射在-PHP)。即使[轉義字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! –