这段代码接受用户信息,并将其作为新的注册表insert
s到数据库中。不幸的是,在代码运行后,数据不会出现在数据库中。
<?php
$dbc = mysqli_connect('localhost','root','')
or die(mysqli_error());
$db_select = mysqli_select_db($dbc,'GameStore');.
if (!$db_select) {
die("Database selection failed: " . mysqli_error());
}
$username = $_POST['username'];
$mail = $_POST['email'];
$region = $_POST['region'];
$pass = $_POST['password'];
$insert = 'INSERT INTO user (username, email, region, pwd_hash)
VALUES('.$username.','.$mail.','.$region.','.md5($pass).')';
?>
发布于 2014-05-15 08:27:55
在按如下方式设置$insert
字符串之后,当您应该使用mysqli_query
时,您实际上并没有运行查询:
$dbc = mysqli_connect('localhost','root','')
or die(mysqli_error());
$db_select = mysqli_select_db($dbc,'GameStore');.
if (!$db_select) {
die("Database selection failed: " . mysqli_error());
}
$username = $_POST['username'];
$mail = $_POST['email'];
$region = $_POST['region'];
$pass = $_POST['password'];
$insert = 'INSERT INTO user (username, email, region, pwd_hash)
VALUES('.$username.','.$mail.','.$region.','.md5($pass).')';
mysqli_query($dbc, $insert);
也就是说,我会像这样重构你的代码。注意,我添加了注释,但也设置了一个简化的解析$_POST值的过程,方法是设置数组中的键,然后使用isset
检查它们是否确实设置好了。如果不是,则将它们设置为null
。我还为整个查询字符串设置了双引号,以便它可以处理字符串替换(双引号可以做到这一点),但对'" . md5($password) . "'
区域使用了串联,因为这是对函数的调用。
// Set the DB connection.
$dbc = mysqli_connect('localhost','root','') or die(mysqli_error());
// Select the DB.
$db_select = mysqli_select_db($dbc,'GameStore');.
// Send an error message if the DB select failed.
if (!$db_select) {
die("Database selection failed: " . mysqli_error());
}
// Set an array for '$_POST' values & roll through them.
$post_array = array('username','email','region','password');
foreach($post_array as $post_key => $post_value) {
$$post_key = isset($_POST[$post_key]) ? $_POST[$post_key] : null;
}
// Set the insert query.
$insert = "INSERT INTO user (username, email, region, pwd_hash)
VALUES('$username','$email','$region.','" . md5($password) . "')";
// Run the insert query.
$db_insert = mysqli_query($dbc, $insert);
// Send an error message if the query failed.
if (!$db_insert) {
die("Database insert failed: " . mysqli_error());
}
发布于 2014-05-15 08:20:16
VALUES('.$username.','.$mail.','.$region.','.md5($pass).')
您需要将这些值括在引号中。
VALUES("'.$username.'","'.$mail.'","'.$region.'","'.md5($pass).'")
还要考虑清理您的查询。从用户输入向数据库添加数据是一个非常糟糕的想法。More info here
从@Ohgodwhy的评论展开,为什么你实际上根本没有运行这个查询。
您还应该检查输入数据是否为is set,否则您将在将来遇到错误。
发布于 2014-05-15 08:26:26
您忘了执行查询。这里。试试这个:
<?php
/* ESTABLISH YOUR CONNECTION */
$dbc=mysqli_connect("localhost","root","","GameStore");
if(mysqli_connect_errno()){
echo "Error".mysqli_connect_error();
}
/* YOU MAY WANT TO CONSIDER ESCAPING THE VARIABLES FIRST BEFORE USING THEM INTO A QUERY */
$username = mysqli_real_escape_string($dbc,$_POST['username']);
$mail = mysqli_real_escape_string($dbc,$_POST['email']);
$region = mysqli_real_escape_string($dbc,$_POST['region']);
$pass = mysqli_real_escape_string($dbc,$_POST['password']);
$pass = md5($pass);
$insert = "INSERT INTO user (username, email, region, pwd_hash)
VALUES('$username','$mail','$region','$pass')";
mysqli_query($dbc,$insert); /* EXECUTE YOUR QUERY. THIS IS THE PART OF YOUR CODE YOU FORGOT TO INCLUDE */
?>
https://stackoverflow.com/questions/23667271
复制相似问题