1. 首頁
  2. 問答
  3. 註冊表+插入查詢不起作用如何解決它

註冊表+插入查詢不起作用如何解決它

2013-04-27 83 views
-2

我有一個註冊表單,需要用戶的一些輸入。表單工作正常,但現在它不會向數據庫插入任何值。誰能幫我?註冊表+插入查詢不起作用如何解決它

我將顯示所有的代碼,但我需要的是關於插入查詢幫助:

register.php

<?php require_once('for members/scripts/connect.php'); ?> 

<?php 
function specializationQuery(){ 

$specData = mysql_query("SELECT * FROM specialization"); 

    while($recordJob = mysql_fetch_array($specData)){ 

    echo'<option value="' . $recordJob['specialization_id'] . '">' . $recordJob['specialization_name'] . '</option>'; 

    } 


} 

//default value 
$message = "Fields Marcked with an [*] are Required"; 
    $username = ""; 
    $fname = ""; 
    $lname = ""; 
    $specialization = ""; 
    $email = ""; 
    $pass1 = ""; 
    $pass2 = ""; 
    $governorate=""; 
    $district = ""; 
    $village = ""; 

if(isset($_POST['username'])){ 
    $username = mysql_real_escape_string($_POST['username']); 
    $fname = mysql_real_escape_string($_POST['fname']); 
    $lname = mysql_real_escape_string($_POST['lname']); 
    $email = mysql_real_escape_string($_POST['email']); 
    $pass1 = mysql_real_escape_string($_POST['pass1']); 
    $pass2 = mysql_real_escape_string($_POST['pass2']); 
    $bdate = mysql_real_escape_string($_POST['birthdate']); 


    $specialization = mysql_real_escape_string($_POST['specialization']); 
    $governorate = mysql_real_escape_string($_POST['governorate']); 
    @$district = mysql_real_escape_string($_POST['district']); 
    @$village = mysql_real_escape_string($_POST['village']); 


     var_dump($fname); 
     var_dump($username); 
     var_dump($governorate); 
     var_dump($email); 

    //error handeling 
    if((!$username)||(!$fname)||(!$lname)||(!$email)||(!$pass1)||(!$pass2)||(!$specialization)||(!$governorate)||(!$district)||(!$village)){ 
    $message = "**** Please insert the Required Fields below ****<br />"; 

     if($fname == "") 
    { 
     $message = $message . "Enter First name<br/>"; 
    } 
     if($lname == "") 
    { 
     $message = $message . "Enter Last name<br/>"; 
    } 

    if($specialization == 0) 
    { 
     $message = $message . "Select Your Job<br />"; 

    } 
    if($governorate == 0) 
    { 
     $message = $message . "Select Your Governorate<br />"; 
    } 

    if($district == '0') 
    { 
     $message = $message . "Select Your District<br />"; 
    } 
    if($village == '0') 
    { 
    $message = $message . "Select Your Village<br />"; 

    } 
    if($email == "") 
    { 
     $message = $message . "Enter Email Adress<br/>"; 
    } 
     if ($username == "") { 
     $message = $message . "Enter User Name<br/>"; 
     } 

     if($pass1 == "") 
    { 
     $message = $message . "Enter password<br/>"; 
    } 

     if($pass2 == "") 
    { 
     $message = $message . "rechek the password <br/>"; 
    } 


} 

    elseif(strlen($pass1) <= 8) 
    { 
     $message = $message . "Your Password must be at least 8 charachters<br />"; 
    } 
    else if($pass1!=$pass2){ 
    $message = "your password do not match!"; 
} 
else 
{ 
    //securing the data 
    $username = preg_replace("#[^0-9a-z]#i","",$username); 
    $fname = preg_replace("#[^0-9a-z]#i","",$fname); 
    $lname = preg_replace("#[^0-9a-z]#i","",$lname); 
    //$pass1 = sha1($pass1); 

    $email = mysql_real_escape_string($email); 
    // checking for duplicate 
    $user_query = mysql_query("SELECT user_name FROM user WHERE user_name = '$username'LIMIT 1") or die("could not check the username"); 
    $count_username = mysql_num_rows($user_query); 

    $email_query = mysql_query("SELECT email_address FROM user WHERE email_address = '$email'LIMIT 1") or die("could not check the email"); 
    $count_email = mysql_num_rows($email_query); 

    if($count_username > 0){ 
    $message = " your username is alredy in use"; 
    }elseif($count_email > 0){ 
     $message = "your email is alredy in use"; 
    } 
    else{ 

     $query = mysql_query("INSERT INTO user(user_name, first_name, last_name, governorate, district, village, birth_date, email_address, specialization, password, registered_date)VALUES('$username', '$fname', '$lname', '$governorate', '$district', '$village', '$bdate', '$email', '$specialization', '$pass1', now())")or die("could not insert data"); 




    $message = "you have now been registered"; 
    //from the social website 


     if ($query) 
     { 
     $_SESSION['user_id'] = mysql_insert_id(); 
     $_SESSION['login'] = 'true'; 
     $_SESSION['login_user'] = $username; 
     } 
?>

來源

2013-04-27 user2326255

+0

您需要閱讀有關SQL注入的信息。總是使用參數化查詢或轉義 - 並且永遠不要依賴你進行的任何「安全值檢查」。 – ThiefMaster 2013-04-27 13:05:44

+0

請使用帶有PDO的mysqli或PDO.use佔位符,而無需直接對sql命令使用變量.MYSQl現在已被棄用 – underscore 2013-04-27 13:08:51

+0

而不是傾銷整個代碼副本,您只需發佈可能有問題的相關代碼 - [SSCCE ](http://sscce.org)。 – Lion 2013-04-27 13:10:39

回答

0

您需要的文件分開的代碼。你寫了很長的故事。 $ username = mysql_real_escape_string($ _ POST ['username']); //這種類型的代碼很多次。礦碼不好,但比你的好。嘗試將函數中的代碼分開,並將函數中的每個邏輯分開。所以它很容易理解和改變(在一個地方的變化應該在所有地方改變)。嘗試分離JS,HTML,PHP,錯誤處理等。我沒有寫完整的工作代碼,但告訴你方式,你可以改進。

function getPostedField($var){ 
    if(!empty($_POST[$var]) and ($_POST[$var]!=0)){ 
     $var = mysql_real_escape_string($_POST[$var]); 
     return ($var); 
    } 
    return false; 
} 

if(isset($_POST['username'])){ 
    $fields = array('username','fname','lname'.....); 
    $errors = 0; 
    $posted_arr = array(); 
    foreach($fields as $field){ 
     $value = getPostedField($field); 
     if($value){ 
      $posted_arr[$field] = $value; 
     }else{ 
      $errors++; 
     $error_msg .= "<p>$field should not be empty.</p>"; 
     } 
    } 
    if($posted_arr['pass1']==$posted_arr['pass2'] and (strlen($posted_arr['pass2']<=8))){ 
    $errors++; 
    } 
    //do more checking here 
    if($error==0){ 
    $query = "insert into `table`"; 
     foreach($fields as $field){ 
     $query .= "`$field`='".$posted_arr[$field]."',"; 
     } 
    $len = strlen($query) - 1; 
    $query = substr($query,0,$len); //removing last , 
    $sql_query = mysql_query($query); 
    } 
}

來源

2013-04-27 13:40:04

相關問題

 相關問題