Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
206 views
in Technique[技术] by (71.8m points)

Why doesn't this PHP MySQL registration form work?

So I wrote a very basic PHP registration form linking in with a HTML file; here's the code in PHP:

 <?php
if( $_POST )
{
$con = mysql_connect("localhost","KyleHulse","(my password)", "csdb1082");

if (!$con)
{
    die('Could not connect: ' . mysql_error());
}

mysql_select_db("csdb1082", $Users);


$insert_query = "insert into feedback(
                user,
                password,
                email
                    ) 
                    values (
            '".$_POST['user']."',
            '".$_POST['password']."',
            '".$_POST['email']."')";

mysql_query($insert_query);

echo "<h2>Thanks for registering.</h2>";

mysql_close($con);
}
?>

And here's the corresponding HTML code:

  <head>
<meta charset="UTF-8">
<title>Registration</title>
</head>
<body>
<form action="register.php" method="post">
    <p>
        <label for="user">Username</label>
        <input type="text" name="user" id="user">
    </p>
    <p>
        <label for="password">Password:</label>
        <input type="text" name="password" id="password">
    </p>
    <p>
        <label for="email">Email:</label>
        <input type="text" name="email" id="email">
    </p>
    <input type="submit" value="Submit">
</form>
</body>

The annoying thing is I had it working earlier, something I changed caused it to break.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Below is the modified code with Prepared Statement.

First step is to connect to the database. To do that, we need to define the access details.

// Define Database Credentials
$servername = "localhost"; //Server Name
$username = "KyleHulse"; //Username to the DB
$password = "(my password)"; //Password to the DB
$dbname = "csdb1082"; //Name of the Database

// Create Database Connection
$conn = new mysqli($servername, $username, $password, $dbname);

Now check the connection.

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

After this, you run your query. Please note that since this is your personal project, therefore I am using SHA1 as the hashing of your password. For a bigger project, I recommend to research further on how to secure your password.

To run the query, first is to prepare it. This is how you do.

$stmt = $conn->prepare("INSERT INTO feedback (user, password, email) VALUES (?, ?, ?)");

In this, you store the statement in $stmt variable. The query has INSERT INTO followed by the table's name. In your case it is feedback.

After this, you fill in the table's fields to be saved in first bracket. In your case it will be (user, password, email) followed by VALUES.

After this you add placeholders for the actual values using (?, ?, ?). Please note that the total count of ? must match the total count of fields in the previous bracket.

Now you have to bind the variables to these ?. This is done by,

$stmt->bind_param("sss", $user, $password, $email);

Please note that "sss" are the formats of values passed. Below are the formats.

i - integer
d - double
s - string
b - BLOB

So you need to pass 3 values, therefore you have 3 s, followed by the variables where you will store the values from HTML form by,

$user = $_POST["user"];
$password = sha1($_POST["password"]); //simplest way to use SHA1 hash.
$email = $_POST["email"];

Now you just need to execute the prepared statement.

$stmt->execute();

That's it!

Below is the full code.

// Define Database Credentials
$servername = "localhost"; //Server Name
$username = "KyleHulse"; //Username to the DB
$password = "(my password)"; //Password to the DB
$dbname = "csdb1082"; //Name of the Database

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

$stmt = $conn->prepare("INSERT INTO feedback (user, password, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $user, $password, $email);

$user = $_POST["user"];
$password = sha1($_POST["password"]); //simplest way to use SHA1 hash.
$email = $_POST["email"];

$stmt->execute();

Hope this helps.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...