0
我創建這需要註冊和登錄頁面的網頁,但我得到了以下錯誤:警告:mysqli_query()預計至少2個參數,1給出... register.php線64
警告:mysqli_query()預計至少2個參數,1 C中給出:\深淵Web服務器\ htdocs中\上線項目\ register.php 64
這裏是我的register.php
<?php
ob_start();
session_start();
if(isset($_SESSION['user'])!=""){
header("Location: home.php");
}
include_once 'connect_db.php';
$error = false;
if (isset($_POST['btn-signup'])) {
// clean user inputs to prevent sql injections
$name = trim($_POST['name']);
$name = strip_tags($name);
$name = htmlspecialchars($name);
$email = trim($_POST['email']);
$email = strip_tags($email);
$email = htmlspecialchars($email);
$pass = trim($_POST['pass']);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
// basic name validation
if (empty($name)) {
$error = true;
$nameError = "Please enter your full name.";
} else if (strlen($name) < 3) {
$error = true;
$nameError = "Name must have atleast 3 characters.";
} else if (!preg_match("/^[a-zA-Z ]+$/",$name)) {
$error = true;
$nameError = "Name must contain alphabets and space.";
}
//basic email validation
if (!filter_var($email,FILTER_VALIDATE_EMAIL)) {
$error = true;
$emailError = "Please enter valid email address.";
} else {
// check email exist or not
$query = "SELECT userEmail FROM users WHERE userEmail='$email'";
$result = mysqli_query($dbc, $query);
$count = mysqli_num_rows($result);
if($count!=0){
$error = true;
$emailError = "Provided Email is already in use.";
}
}
// password validation
if (empty($pass)){
$error = true;
$passError = "Please enter password.";
} else if(strlen($pass) < 6) {
$error = true;
$passError = "Password must have atleast 6 characters.";
}
// password encrypt using SHA256();
$password = hash('sha256', $pass);
// if there's no error, continue to signup
if(!$error) {
$query = "INSERT INTO users(userName,userEmail,userPass) VALUES('$name','$email','$password')";
$res = mysqli_query($query);
if ($res) {
$errTyp = "success";
$errMSG = "Successfully registered, you may login now";
unset($name);
unset($email);
unset($pass);
} else {
$errTyp = "danger";
$errMSG = "Something went wrong, try again later...";
}
}
}
代碼?>
mysqli_num_rows()函數返回結果集中的行數。 因此,如果沒有行返回或行不正確,則返回FALSE。 如果mysqli_query返回一個布爾值,那麼只有在查詢失敗時纔會返回錯誤。
我不太確定如何去糾正這個錯誤,並且需要一些指導,謝謝。
** WARNING **:當使用'mysqli'你應該使用[參數化查詢(HTTP:// PHP。 net/manual/en/mysqli.quickstart.prepared-statements.php)和['bind_param'](http://php.net/manual/en/mysqli-stmt.bind-param.php)添加用戶數據到您的查詢。 **不要**使用手動轉義和字符串插值或串聯來實現此目的,因爲如果您忘記正確地轉義某些內容,您將創建嚴重的[SQL注入漏洞](http://bobby-tables.com/)。 'htmlspecialchars'是**沒有辦法**一個適當的轉義SQL的方法,並會破壞否則有效的數據。 – tadman
**警告**:編寫您自己的訪問控制層並不容易,並且有很多機會使其嚴重錯誤。請不要在[Laravel](http://laravel.com/)等任何現代開發框架(http://codegeekz.com/best-php-frameworks-for-developers/)上編寫自己的認證系統,內置了強大的[認證系統](https://laravel.com/docs/5.2/authentication)。絕對不會遵循[推薦的安全最佳實踐](http://www.phptherightway.com/#security)和**從不存儲具有弱無限散列**的密碼。 – tadman