我正在尝试使用phpmyadmin进行登录,但是,当我单击“提交”时,它将在数据库中插入空白条目
[英]I am attempting to make a login using phpmyadmin, but, when I click submit, it inserts blank entries into the database
问题描述
My class is attempting to make our own game.. But, we can't get the submit page to send to the database in PhpMyAdmin. 
我的课正在尝试制作自己的游戏。.但是,我们无法将提交页面发送到PhpMyAdmin中的数据库。 When you click submit, it sends blank entries to the database, like if you hadn't filled in any of the blanks. 当您单击提交时,它将向数据库发送空白条目,就像您没有填写任何空白一样。 Can someone help with this problem. 有人可以解决这个问题吗? Thanks!! 谢谢!!
My index.php page. 我的index.php页面。
<html>
<head>
<meta charset="UTF-8">
<title> Register New Account </title>
<link rel="stylesheet" type="text/css" href="td.css">
</head>
<body>
<?php
/* $count=$count+1;
echo " count " . $count; */
if($_POST['submit_id'] == 1)
{
/* echo "testing"; */
if($_POST['Username'] == NULL)
{
$message = 'Please enter your Username.';
}
if($_POST['Email'] == NULL)
{
$message = 'Please enter your Email.';
}
if($_POST['Confirm'] == NULL)
{
$message = 'Please re-enter your Email.';
}
if($_POST['Password'] == NULL)
{
$message = 'Please enter your Password.';
}
if($_POST['Email'] != $_POST['Confirm'])
{
$message = 'Your emails did not match, Please enter your emails again.';
}
}
if( $message == NULL )
{
// if there is no error, test to see if there is already an account by the player_name
$MySQLlink = new mysqli("localhost", "root", "******", "Tower_Defense");
// check connection - take out later
if ( !$MySQLlink )
{
printf( "Could not connect to MySQL server : %s", mysqli_connect_error() );
exit();
}
else
{
printf( "Connected to the MySQL server" );
echo "<br>";
}
$result = mysqli_query( $MySQLlink, "SELECT * FROM Users WHERE ( email = 'email' ) " );
if($row = mysqli_fetch_array($result))
{
$message = "There is an account with that email address already. Please choose another email account";
}
mysqli_free_result($result);
$result = mysqli_query( $MySQLlink, "SELECT * FROM Users WHERE ( Username = '$Username' ) " );
if( $row = mysqli_fetch_array($result) && $message == NULL )
{
$message = "There is an account by that player name already. Please choose another Login name";
mysqli_free_result($result);
}
else
{
//echo "next date <br>";
// create account
$Username = ($_POST['Username']);
$Password = ($_POST['Password']);
$Email = ($_POST['Email']);
$email = ($_POST['email']);
//echo "Next one<br>";
$TableList = " `Username`, `Password`, `Email`, `Confirm` ";
$Values = " '$Username', '$Password', '$Email', '$Confirm' ";
if($message != NULL)
{
echo "$message";
}
?>
<div id="container" >
<div id="header">
<h1 id="h1">Besco's Biscuits</h1>
<a href= "http://192.168.131.**/towerdefence/about/index.html" id="a1">About</a>
<a href="http://192.168.131.**/towerdefence/instruction/index.html" id="a2">Instructions</a>
<a href="http://192.168.131.**/towerdefence/create/index.html" id="a3"> The Creation Of The Game</a>
<a href="http://192.168.131.**/towerdefence/cu/index.html" id="a4">Contact Us</a>
</div>
<br /> <br /> <br />
<table align = "center">
<tr>
<td>
Welcome to <b> Besco's Biscuits </b>. Please fill out the following <br />
areas and we will begin your adventure soon. :)
</td>
</tr>
</table>
<br /> <br /> <br /> <br /> <br />
<table align = "center">
<tr>
<td>
<form action = "<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post"> <br />
Username: <input type="text" name="Username" id= "Username"> <br />
Email: <input type = "text" name = "Email" id= "Email"> <br />
Confirm: <input type = "text" name = "Confirm" id= "Confirm"> <br />
Password: <input type = "password" name = "Password" id = "Password"> <br />
<input type = "submit" value = "Register" id="submit_id" value = "1">
<input type = "reset" name="Reset" value="Check if Available!" class = "account">
</form>
</td>
</tr>
</table>
</body>
</html>
My insert.php page 我的insert.php页面
<html>
<body>
<?php
$Username = $_POST['name'];
$con=mysqli_connect("localhost", "root", "******", "Tower_Defense");
//Check Connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO Users (Username, Email, Confirm, Password)
VALUES
('$_POST[Username]','$_POST[Email]',' $_POST[Confirm]',' $_POST[Password]')";
if (!mysqli_query($con,$sql))
{
die ('Error: ' . mysqli_error($con));
}
else
{
echo "1 record added";
echo $_POST[Username];
//echo "Where is Username?";
echo $_POST[Email];
//echo "Where is Email?";
echo $_POST[Confirm];
//echo "Where is Confirm";
echo $_POST[Password];
//echo "Where is Password";
}
mysqli_close($con);
?>
</body>
UPDATE: 更新:
I added in the changes that someone had suggested in moving the checks to insert.php and now the email and confirm email check does not work. 我添加了有人建议将支票移至insert.php的更改,现在电子邮件和确认电子邮件支票不起作用。 Can anyone help? 有人可以帮忙吗?
index.php index.php
<html>
<body>
<div id="container" >
<div id="header">
<h1 id="h1">Besco's Biscuits</h1>
<a href= "http://192.168.131.34/towerdefence/about/index.html" id="a1">About</a>
<a href="http://192.168.131.34/towerdefence/instruction/index.html" id="a2">Instructions</a>
<a href="http://192.168.131.34/towerdefence/create/index.html" id="a3"> The Creation Of The Game</a>
<a href="http://192.168.131.34/towerdefence/cu/index.html" id="a4">Contact Us</a>
</div>
<br /> <br /> <br />
<table align = "center">
<tr>
<td>
Welcome to <b> Besco's Biscuits </b>. Please fill out the following <br />
areas and we will begin your adventure soon. :)
</td>
</tr>
</table>
<br /> <br /> <br /> <br /> <br />
<table align = "center">
<tr>
<td>
<form action = "insert.php" method = "post"> <br />
Username: <input type="text" name="Username" id= "Username" required = "1"> <br />
Email: <input type = "text" name = "Email" id= "Email" required = "1"> <br />
Confirm: <input type = "text" name = "Confirm" id= "Confirm" required = "1"> <br />
Password: <input type = "password" name = "Password" id = "Password" required = "1"> <br />
<input type = "submit" value = "Register" id="submit_id" value = "1">
<input type = "reset" name="Reset" value="Reset Page" class = "account">
</form>
</td>
</tr>
</table>
</body>
</html>
insert.php insert.php
<html>
<body>
<?php
if($_POST['submit_id'] == 1)
{
echo "testing";
if($_POST['Email'] != $_POST['Confirm'])
{
$message = 'Your emails did not match, Please enter your emails again.';
}
}
if( $message == NULL )
{
// if there is no error, test to see if there is already an account by the player_name
$MySQLlink = new mysqli("localhost", "root", "abc123", "tower_defense");
// check connection - take out later
if ( !$MySQLlink )
{
printf( "Could not connect to MySQL server : %s", mysqli_connect_error() );
exit();
}
else
{
printf( "Connected to the MySQL server" );
echo "<br>";
}
$result = mysqli_query( $MySQLlink, "SELECT * FROM Users WHERE ( email = 'email' ) " );
if($row = mysqli_fetch_array($result))
{
$message = "There is an account with that email address already. Please choose another email account";
}
mysqli_free_result($result);
$result = mysqli_query( $MySQLlink, "SELECT * FROM Users WHERE ( Username = '$Username' ) " );
if( $row = mysqli_fetch_array($result) && $message == NULL )
{
$message = "There is an account by that player name already. Please choose another Login name";
mysqli_free_result($result);
}
else
{
//echo "next date <br>";
// create account
$Username = ($_POST['Username']);
$Password = ($_POST['Password']);
$Email = ($_POST['Email']);
$email = ($_POST['email']);
//echo "Next one<br>";
}
}
if($message != NULL)
{
echo "$message";
}
$con=mysqli_connect("localhost", "root", "abc123", "tower_defense");
//Check Connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO Users (Username, Email, Confirm, Password)
VALUES
('$_POST[Username]','$_POST[Email]',' $_POST[Confirm]',' $_POST[Password]')";
if (!mysqli_query($con,$sql))
{
die ('Error: ' . mysqli_error($con));
}
else
{
echo "1 record added";
echo $_POST[Username];
//echo "Where is Username?";
echo $_POST[Email];
//echo "Where is Email?";
echo $_POST[Confirm];
//echo "Where is Confirm";
echo $_POST[Password];
//echo "Where is Password";
}
mysqli_close($con);
?>
</body>
</html>
2 个解决方案
解决方案1
0 2014-03-25 18:06:44
I see two main problems here - 我在这里看到两个主要问题-
First , the action of your form points to itself. 首先 ,表单的动作指向自身。 That means that the $_POST array submits to index.php, and your insert.php page has no access to that information . 这意味着$ _POST数组提交给index.php,而您的insert.php页面无权访问该信息 。 Index.php runs through the validation checks, and if everything checks out, it assigns the $_POST values to variables and quits. Index.php运行验证检查,如果一切检查完毕,它将为变量分配$ _POST值并退出。 That's where the data dies. 那就是数据死亡的地方。 There is no method for getting the information over to the file insert.php. 没有将信息获取到文件insert.php的方法。 So if you manually open the file insert.php in a browser, the $_POST array will be empty, and it will simply insert blanks. 因此,如果您在浏览器中手动打开文件insert.php,则$ _POST数组将为空,并且只会插入空格。
There are several ways to resolve this. 有几种解决方法。 The simplest, most expeditious way would be the single page solution - move the insert.php code into the index.php file inside that last else block. 最简单,最快捷的方法是单页解决方案-将insert.php代码移到最后else块内的index.php文件中。
else {
//echo "next date <br>";
// create account
$Username = $_POST['name'];
//etc.. code to insert data from insert.php
Another solution would be to move all the validation code to insert.php, display any form errors on that page, and make the user go back a page if validation fails. 另一种解决方案是将所有验证代码移至insert.php,在该页面上显示任何表单错误,并在验证失败时使用户返回页面。 In that case, you would change the action of the form to insert.php: 在这种情况下,您可以将表单的操作更改为insert.php:
<form action="insert.php" method="post">
This approach is less user-friendly, and not an ideal solution. 这种方法不太用户友好,也不是理想的解决方案。 Really a better practice is to use Javascript for form validation and PHP for form processing. 确实更好的做法是使用Javascript进行表单验证,使用PHP进行表单处理。 That may be outside the scope of your class... 那可能超出了你的课程范围...
Second , this code is wide open to SQL injection. 其次 ,此代码可广泛用于SQL注入。 Instead of putting variables directly into your SQL statements, you need to use parameterized queries. 您需要使用参数化查询,而不是直接将变量放入SQL语句中。 Take a look at this SO question about how to parameterize queries with mysqli . 看一下关于如何使用mysqli参数化查询的SO问题 。
解决方案2
0 2014-03-25 19:09:01
The mistakes that I found: 我发现的错误:
First things first your code submits the values received from the form to index.php itself so there is no question of values getting insert at the first place because the insert query is not run.
首先,您的代码首先将从表单接收的值提交到index.php本身,因此不会因为插入查询未运行而首先获取插入值。 In index.php check the query to SELECT email and username.
在index.php中,检查查询以选择电子邮件和用户名。 The variables do not have any value when the query is run because the values get transferred couple of lines AFTER the queries (at the lines where you have $email = $_POST['Email']). 运行查询时,变量没有任何值,因为在查询之后,这些值会转移到几行(在您有$ email = $ _POST ['Email']的行)。 Moreover you have missed the $ sign in the query related to email. 此外,您在与电子邮件相关的查询中错过了$号。 Coming to insert.php you have missed quotes in the global variable $_POST[] in the insert query viz.
即将插入insert.php时,您会在插入查询viz中的全局变量$ _POST []中缺少引号。 $_POST['email']. $ _POST ['email']。
Check for these errors and let me know if it works. 检查这些错误,让我知道它是否有效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.