php mysql使用注册表格插入mysql

Question

I am php beginner and I am trying to make e-commerce by using php. I am trying to make register form and I want to save these data into mysql server. The coding looks like OK, but the data did not store in mysql server. Could you give your answer for this? php language is first time that it is what I am struggled. Please give some advice. Thanks.

--registerForm.php--

<h4>Create a new account</h4>
                <div class="box">
                <form action="register.php" method="post">
                    <p>User ID: <input type="text" name="userId" size="30"/>*</p>
                    <p>Password: <input type="password" name="password" size="30"/>*</p>
                    <p>Retype Password: <input type="password" name="repassword" size="30"/>*</p>
                    <p>First Name: <input type="text" name="firstName" size="30"/>*</p>
                    <p>Last Name: <input type="text" name="lastName" size="30"/>*</p>
                    <p>Your Address (*):</p>
                    <p> <textarea name="address" rows="5" cols="30"></textarea></p>
                    <p>Phone: <input type="text" name="phone" size="20"/>*</p>
                    <p>E-mail: <input type="text" name="email" size="21"/>*</p>
                    <p><input type="submit" value="Create Account"/></p>
                </form>
                </div>

--register.php--

<?php
require "sql_connection.php";
if(isset($_POST['submit']))
{
if($_GET["userId"]==$_GET["repassword"]){
mysql_query("insert into customer (userId, password, firstName, lastName, address,
phone, email) 
values
  ('$_GET[userId]','$_GET[password]','$_GET[firstName]','$_GET[lastName]','$_GET[address]','$_GET[phone]','$_GET[email]')")
or die(mysql_error());
}
echo "Done!!!!";
}
?>

--sql_connection.php--

<?php
$db_host = "localhost";
$db_username = "root";
$db_pass = "**MY_PASS**";
$db_name = "**MY_DB**";

@mysql_connect("$db_host", "$db_username", "$db_pass", "$db_name") or die("connection is fail.");
@mysql_select_db("$db_name") or die("database does not exsist.");
echo "Successfully connection!!";
?>

Answer 1

if($_GET["userId"]==$_GET["repassword"])

Why do you compare userid to a retype pssword field?

I think it should be :

if($_GET["password"]==$_GET["repassword"])

Also make sure you escape strings to prevent SQL Injection Attacks.

http://php.net/manual/en/function.mysql-real-escape-string.php

And Like Paul said, to correctly retrieve the data use $_POST

Answer 2

Few things. Your $_GET and $_POST are mixed up. and NEVER post your db_pass and uername in public. Also, you're suppressing errors using @ . don't do that.

ie

if($_GET["userId"]==$_GET["repassword"]){

should be

if($_POST["userId"]==$_POST["repassword"]){

and changes all these to $_POST

Your code:

$_GET[userId]','$_GET[password]','$_GET[firstName]','$_GET[lastName]','$_GET[address]','$_GET[phone]','$_GET[email]')

Should be:

$_POST[userId]','$_POST[password]','$_POST[firstName]','$_POST[lastName]','$_POST[address]','$_POST[phone]','$_POST[email]')"

Answer 3

As your form method defined is POST so use $_POST to get values after submit instead of $_GET

require "sql_connection.php";
if(isset($_POST['submit']))
{
if($_POST["userId"]==$_POST["repassword"]){
mysql_query("insert into customer (userId, password, firstName, lastName, address,
phone, email) 
values
  ('$_POST[userId]','$_POST[password]','$_POST[firstName]','$_POST[lastName]','$_POST[address]','$_POST[phone]','$_POST[email]')")
or die(mysql_error());
}
echo "Done!!!!";
}
?>

Values are not quoted properly. You should quote then before insert.

mysql_query("insert into customer (userId, password, firstName, lastName, address,
phone, email) 
values
  ('".$_POST[userId]."','".$_POST[password]."','".$_POST[firstName]."','".$_POST[lastName]."','".$_POST[address]."','".$_POST[phone]."','".$_POST[email]."')")

Answer 4

我认为您正在尝试做的是：

if($_GET["password"]==$_GET["repassword"]) {