1. 首頁
  2. 問答
  3. 試圖添加記錄到MySQL使用PHP和HTML

試圖添加記錄到MySQL使用PHP和HTML

2015-11-01 53 views
0

我想添加一個記錄到一個SQL表,我遇到麻煩這樣做。試圖添加記錄到MySQL使用PHP和HTML

我有一個註冊頁面,將用戶的用戶名,密碼和電子郵件,並將它們傳遞給一個小php腳本,從較大的php文件調用函數。

當我嘗試按註冊按鈕,頁面刷新,並沒有添加到表中。

任何意見表示讚賞。

HTML: 

<body> 

    <div class="body"></div> 
    <div class="grad"></div> 
     <div class="header"> 

     </div> 
     <br> 
     <div class="signup"> 

    <script  src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script> 
    <script type = "text/javascript" src="js/js_functions.js"></script> 

    <form method="post" action ="signup_script.php" onsubmit = "return checkEmailandPassword(this);" method = "post" > 
       <input type="text" placeholder="username" name="username"  required = "required" maxlength = "15"><br> 
       <input type ="email" placeholder = "email" name = "email" required = "required" maxlength = "50"><br> 
       <input type ="email" placeholder = "re-enter email" name = "reemail" required = "required" maxlength = "50"><br> 
       <input type="password" placeholder="password" name="password" required = "required" pattern = "(?=.*\d)(?=.*[A-Z]).{10,}"><br> 
       <input type="password" placeholder="re-enter password"name="repassword" required = "required"><br> 
       <p class = "passwordreq">Password must:</p> 
       <ol class = "passwordreq"> 
        <li>Have 10 characters</li> 
        <li>Have one number</li> 
        <li>Have one uppercase letter</li> 
       </ol> 
       <input type="submit" value="sign up"> <input type="button" value="go back" onclick="window.location='index.html'"> 
      </form> 

    </body> 
</html>

小php文件:

include_once('profile_Functions.php'); 

    $username = $_POST['username']; 
    $password = $_POST['password']; 
    $email = $_POST['email']; 

    createUser($username,$password,$email);

大php文件:

<?php 
    extract($_GET); 
    extract($_POST); 
    extract($_SERVER); 

    function setup(){ 
    extract($_GET); 
    extract($_POST); 
    extract($_SERVER); 

    $host="localhost"; 
    $user="root"; 
    $passwd=""; 

    $connect=mysql_connect($host,$user,$passwd) or die("error connecting mysql server"); 
    mysql_select_db('oddjob',$connect) or die("error accessing db"); 
} 



function createUser($name, $pass, $email){ 
    setup(); 
    $hashed_password = password_hash($pass, PASSWORD_DEFAULT); 
    $sql = "insert into profiles (UserName, Password, Email) values ($name,   $hashed_password, $email); "; 
    $res = mysql_query($sql); 
} ?>

來源

2015-11-01 jhell

+1

請不要使用這樣的提取,它的危險 – 2015-11-01 20:38:28

+1

你有'signup_script.php','profile_Functions.php',「小php文件」和「大php文件」的引用。他們有什麼關係? – Teepeemm

回答

1

insert聲明失敗。您應環繞values部分內字符值與引號:

$sql = "insert into profiles (UserName, Password, Email) 
     values ('$name', '$hashed_password', '$email'); ";

這將是很好的實際檢查$res不是falsemysql_query後執行。

請注意,將用戶輸入值直接注入SQL語句是不安全的。閱讀有關SQL injection攻擊以及如何保護您的數據庫。

來源

2015-11-01 20:46:54 trincot

+1

這將是很好的不使用mysql_ *和unsantised輸入 – 2015-11-01 20:50:26

+0

謝謝你的工作!我同意這聽起來像一個好主意。 – jhell

+1

@Dragon,非常真實! – trincot

相關問題

 相關問題