-1
我想建立一個社交網絡門戶。我寫了一個代碼。但是在提交註冊數據之後,它將我重定向到成功的註冊頁面,但不註冊數據庫用戶。即使電子郵件地址和確認電子郵件地址不符,它也顯示註冊成功。一切都很好,但註冊不起作用
的config.php
<?php
define("HOST","localhost");
define("DB","thinker");
define("DBUSER","root");
define("DBPASS","");
?>
connection.php
<?php
include("config.php");
$connection=mysqli_connect(HOST,DBUSER,DBPASS,DB);
if(mysqli_connect_errno($connection)){
echo "Failed to connect to Mysql Database: ".mysqli_connect_error();
}
?>
的index.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="CSS/welcome.css"/>
<title>Welcome To The Thinkers</title>
</head>
<body>
<div class="header"><div class="logo">Welcome To Thinkers</div>
</div>
<div class="reg"><p class="pfrom">Register Here</p><br/>
<form action="../thinkers/registration/registration.php" method="post" enctype="multipart/form-data" name="MaskName" class="regform">
Mask Name : <input type="text" name="maskname" /><br/>
User Name : <input type="text" name="maskname" /><br/>
First Name : <input type="text" name="maskname" /><br/>
Last Name : <input type="text" name="maskname" /><br/>
Birthday : <input type="text" name="maskname" /><br/>
Email Address : <input type="text" name="maskname" /><br/>
Confirm E-Add : <input type="text" name="maskname" /><br/>
Password : <input type="text" name="password" /><br/>
Confirm Password :<input type="text" name="confirmpassword" /><br/>
<input type="submit" value="Click Here To Register" />
</form>
</div>
<div class="footer">
<h1>This is the footer</h1>
</div>
</body>
</html>
爲registration.php
<?php
require("connection.php");
if(isset ($_POST["maskname"],$_POST["username"],$_POST["firstname"],$_POST["lastname"],$_POST["dateofbirth"],$_POST["emailaddress"],$_POST["confirmemailaddress"],$_POST["password"],$_POST["confirmpassword"])){
$maskname=$_POST["maskname"];
$username=$_POST["username"];
$firstname=$_POST["firstname"];
$lastname=$_POST["lastname"];
$dateofbirth=$_POST["dateofbirth"];
$emailaddress=$_POST["maskname"];
$confirmemailaddress=$_POST["confirmemailaddress"];
$password=$_POST["password"];
$confirmpassword=$_POST["confirmpassword"];
}
if($emailaddress!=$confirmemailaddress|| $password!=$confirmpassword){
echo "Email Address and password Did not match";
}
else{$sql="INSERT INTO member (maskname, username, firstname,lastname, emailaddress, password,birthday)
VALUES ('$maskname', '$username', '$firstname','$lastname', '$emailaddress', '$password','$birthday')" && header('Location: ../registration/successfull.html');
}
if(!mysqli_query($connection,$sql)){
die('Error: ' . mysqli_error($connection));
}
mysqli_close($connection);
?>
successfull.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="../CSS/welcome.css"/>
<title>Registration Successfull</title>
</head>
<body>
<div class="header"><div class="logo">Welcome To Thinkers</div>
</div>
<div class="reg"><p class="pfrom">You Have Been Registered Successfully</p><br/>
<form action="login.php" method="post" enctype="multipart/form-data" name="MaskName" class="regform">
Email Address<br/>
<input type="text" name="emailaddress" /><br/>
Password<br/>
<input type="password" name="password" /><br/><br/>
<input type="submit" value="Click To Enter The World" />
</form>
<div class="footer">
<h1>This is the footer</h1>
</div>
</div>
被修改的HTML代碼形式
<div class="reg"><p class="pfrom">Register Here</p><br/>
<form action="../thinkers/registration/registration.php" method="post" enctype="multipart/form-data" class="regform">
Mask Name : <input type="text" name="maskname" /><br/>
User Name : <input type="text" name="username" /><br/>
First Name : <input type="text" name="firstname" /><br/>
Last Name : <input type="text" name="lastname" /><br/>
Birthday : <input type="text" name="birthday" /><br/>
Email Address : <input type="text" name="emailaddress" /><br/>
Confirm E-Add : <input type="text" name="confiremailaddress" /><br/>
Password : <input type="text" name="password" /><br/>
Confirm Password :<input type="text" name="confirmpassword" /><br/>
<input type="submit" value="Click Here To Register" />
</form>
編輯PHP代碼
<?php
require("connection.php");
if(isset ($_POST["maskname"],$_POST["username"],$_POST["firstname"],$_POST["lastname"],$_POST["dateofbirth"],$_POST["emailaddress"],$_POST["confirmemailaddress"],$_POST["password"],$_POST["confirmpassword"])){
$maskname=$_POST["maskname"];
$username=$_POST["username"];
$firstname=$_POST["firstname"];
$lastname=$_POST["lastname"];
$dateofbirth=$_POST["dateofbirth"];
$emailaddress=$_POST["maskname"];
$confirmemailaddress=$_POST["confirmemailaddress"];
$password=$_POST["password"];
$confirmpassword=$_POST["confirmpassword"];
}
if($emailaddress!=$confirmemailaddress or $password!=$confirmpassword){
echo "Email Address and password Did not match";
}
else{$sql="INSERT INTO member (maskname, username, firstname,lastname, emailaddress, password,birthday)
VALUES ('$maskname', '$username', '$firstname','$lastname', '$emailaddress', '$password','$birthday')";
}
if(!mysqli_query($connection,$sql)){
die('Error: ' . mysqli_error($connection));
}
mysqli_close($connection);
?>
你會得到可怕的,可怕的,像這樣的代碼被黑客入侵。到處都有SQL注入漏洞。 [**請不要在新代碼中使用'mysql_ *'函數**](http://bit.ly/phpmsql)。他們不再被維護[並且被正式棄用](http://j.mp/XqV7Lp)。看到[**紅框**](http://j.mp/Te9zIL)?學習[*準備的語句*](http://j.mp/T9hLWi),並使用[PDO](http://php.net/pdo)或[MySQLi](http://php.net/ mysqli) - [這篇文章](http://j.mp/QEx8IB)將幫助你決定哪個。如果你選擇PDO,[這裏是一個很好的教程](http://j.mp/PoWehJ)。 – ceejayoz 2013-05-10 04:26:22