1. 首页
  2. 问题列表
  3. 使用php向mySQL提交html表单
提问者:小点点

使用php向mySQL提交html表单


对此非常新,我目前正在尝试为我的网站创建一个登录系统。我已经创建了一个html日志表单,我计划使用该表单为用户创建帐户。我已经创建了一个php页面,其中包含了我要连接到服务器的代码,如下所示。

当我填写表单时,我没有得到任何输出。我不确定php代码是在错误的地方(它是作为一个单独的文件)还是不期望输出。提交表单时,当我在测试时手动提交时,数据库似乎不会发生变化。

我的最终目标是能够将用户添加到数据库中名为users的表中。

下面是我的日志表单的代码:

 <body>

        <h2>Sign Up</h2>

        <p></p>

        <form action="Create_User.php" method="post">
            <div class="imgcontainer">
                <img src="http://fc05.deviantart.net/fs70/f/2012/361/1/6/albert_einstein_by_zuzahin-d5pcbug.jpg" alt="Einstein the lad" class="img" />
            </div>

            <div class="container">
                <label><b>Username</b></label>
                <input type="text" placeholder="Please Enter your desired Username" name="username" required />

                <label><b>Password</b></label>
                <input type="password" placeholder="Please Enter Your Desired Password" name="password" required />

                <label><b>Email Address</b></label>
                <input type="email" placeholder="Please Enter Your Email Address" name="email" required />

                <label><b>Date Of Birth</b></label>
                <input type="date" name="date_of_birth" required />

                <label><b>First Name</b></label>
                <input type="text" placeholder="Please Enter your first name" name="first_name" required />

                <label><b>Surname</b></label>
                <input type="text" placeholder="Please Enter your surname" name="surname" required />

            </div>

            <div class="container" style="background-color: #f1f1f1">
                <button type="submit">Sign Up</button>
                <button class="signinbtn" onclick="location.href='/AccountRelatedPages/SignIn.aspx'">Already have an account? Sign in here</button>
            </div>
        </form>

    </body>

下面是我的php文件中的代码:

<?php
$servername = "localhost";
$username = "root";
$password = "rootpass";
$dbname = "synther_physics";


$conn = new mysqli($servername, $username, $password, $dbname);

if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

$sql = "INSERT INTO users (username, password, email, date_of_birth, first_name, surname)
VALUES ('<?php echo $_POST[$username];', '<?php echo $_POST[$password];', '<?php echo $_POST[$email], <?php echo $_POST[$date_of_birth];, <?php echo $_POST[$first_name], <?php echo $_POST[$surname];')";

if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>

再一次,我对这一切都很陌生,所以我正在尽力让我的脑袋转过来,所以请记住这一点。

多谢了。


共1个答案

匿名用户

将注释、sql注入、password_hash()组合在一起。对于sql注入保护,则需要使用准备好的语句。我就不多说了很多重要的事情都在评论中说过了,希望你们都看过了,因为我看过了。

您的代码应该是这样的:

<?php
$servername = "localhost";
$username   = "root";
$password   = "rootpass";
$dbname     = "synther_physics";



//Validate user inputs
$username = $_POST['username'];

$password = $_POST['password'];

$hash = password_hash($password, PASSWORD_DEFAULT);

$email = $_POST['email']; //VALIDATE the email

$dob   = $_POST['date_of_birth'];
$fname = $_POST['first_name'];


$sname = $_POST['surname'];

$conn = new mysqli($servername, $username, $password, $dbname);

if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

$sql = "INSERT INTO users (username, password, email, date_of_birth, first_name, surname)
VALUES (?,?,?,?,?,?)";

$stmt = $conn->prepare($sql);

$stmt->bind_param("ssssss", $username, $hash, $email, $dob, $fname, $sname);

if ($stmt->execute()) {

    echo "New record created successfully";
} else {

    echo "Error : " . $conn->error; // on dev mode only

    // echo "Error, please try again later"; //live environment
}

$conn->close();
?>

编辑:

如果您的php文件和html文件是相同的,那么为了避免未定义索引,您需要在处理前检查表单是否已提交。您需要做的是为表单按钮提供一个name属性。

然后检查表单是否已提交。

<?php
$servername = "localhost";
$username   = "root";
$password   = "rootpass";
$dbname     = "synther_physics";



//Validate user inputs
if(isset($_POST['buttonName'])){


$username = $_POST['username'];

$password = $_POST['password'];

$hash = password_hash($password, PASSWORD_DEFAULT);

$email = $_POST['email']; //VALIDATE the email

$dob   = $_POST['date_of_birth'];
$fname = $_POST['first_name'];


$sname = $_POST['surname'];

$conn = new mysqli($servername, $username, $password, $dbname);

if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

$sql = "INSERT INTO users (username, password, email, date_of_birth, first_name, surname)
VALUES ('?,?,?,?,?,?')";

$stmt = $conn->prepare($sql);

$stmt->bind_param("ssssss", $username, $hash, $email, $dob, $fname, $sname);

if ($stmt->execute()) {

    echo "New record created successfully";
} else {

    echo "Error : " . $conn->error; // on dev mode only

    // echo "Error, please try again later"; //live environment
}

$conn->close();
}
?>

此外,您还需要检查字段是否已设置且不为空。

相关问题