尝试使用php和html将记录添加到mysql
[英]Trying to Add record to mysql using php and html
问题描述
I'm trying to add a record to an sql table, and I'm having trouble doing so. 
我正在尝试将记录添加到sql表中,但是这样做很麻烦。
I have a sign up page that will take in the username, password, and email of the user, and pass them to a small php script which calls functions from a larger php file. 我有一个注册页面,该页面将使用用户名,密码和用户的电子邮件,并将其传递给一个小的php脚本,该脚本从较大的php文件中调用函数。
When I try press the signup button, the page just refreshes, and nothing is added to the table. 当我尝试按下注册按钮时,页面将刷新,并且没有任何内容添加到表格中。
Any advice is appreciated. 任何建议表示赞赏。
html: 的HTML:
<body>
<div class="body"></div>
<div class="grad"></div>
<div class="header">
</div>
<br>
<div class="signup">
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
<script type = "text/javascript" src="js/js_functions.js"></script>
<form method="post" action ="signup_script.php" onsubmit = "return checkEmailandPassword(this);" method = "post" >
<input type="text" placeholder="username" name="username" required = "required" maxlength = "15"><br>
<input type ="email" placeholder = "email" name = "email" required = "required" maxlength = "50"><br>
<input type ="email" placeholder = "re-enter email" name = "reemail" required = "required" maxlength = "50"><br>
<input type="password" placeholder="password" name="password" required = "required" pattern = "(?=.*\d)(?=.*[A-Z]).{10,}"><br>
<input type="password" placeholder="re-enter password"name="repassword" required = "required"><br>
<p class = "passwordreq">Password must:</p>
<ol class = "passwordreq">
<li>Have 10 characters</li>
<li>Have one number</li>
<li>Have one uppercase letter</li>
</ol>
<input type="submit" value="sign up"> <input type="button" value="go back" onclick="window.location='index.html'">
</form>
</body>
</html>
small php file: 小php文件:
include_once('profile_Functions.php');
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
createUser($username,$password,$email);
large php file: 大型php文件:
<?php
extract($_GET);
extract($_POST);
extract($_SERVER);
function setup(){
extract($_GET);
extract($_POST);
extract($_SERVER);
$host="localhost";
$user="root";
$passwd="";
$connect=mysql_connect($host,$user,$passwd) or die("error connecting mysql server");
mysql_select_db('oddjob',$connect) or die("error accessing db");
}
function createUser($name, $pass, $email){
setup();
$hashed_password = password_hash($pass, PASSWORD_DEFAULT);
$sql = "insert into profiles (UserName, Password, Email) values ($name, $hashed_password, $email); ";
$res = mysql_query($sql);
} ?>
1 个解决方案
解决方案1
1 已采纳 2015-11-01 20:46:54
Your insert statement fails. 您的insert语句失败。 You should surround character values inside the values part with quotes: 您应该在values部分内用引号引起来的字符值:
$sql = "insert into profiles (UserName, Password, Email)
values ('$name', '$hashed_password', '$email'); ";
It would be good to actually check that $res is not false after the execution of mysql_query . 最好在执行mysql_query之后检查$res是否为false 。
Note that it is unsafe to inject user input values directly into SQL statements. 请注意,将用户输入值直接注入SQL语句是不安全的。 Read about SQL injection attacks and how you can protect your database from them. 阅读有关SQL注入攻击的信息,以及如何保护数据库免受攻击。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.