可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
I'm having a bit of trouble with register information.
It's supposed to go to a database called "mon" and to a table called "user".This table contains the information "'id','name',and 'pass'".The 'id' is based off of an auto increment system,so doesn't need to be defined in the register page.
No errors are reported,just a reload of the page.But,when visiting the table using phpMyAdmin,it shows that a new row wasn't created.I need help on this because I am fairly new to PHP and don't know much of the kinks of it.
Code:
Pastebin because stackoverflow is acting weird with my code even though I spaced it.
register.php:
<?php
require_once 'connect.php';
if(!empty($_POST)) {
if(isset($_POST['username'], $_POST['password'], $_POST['desc'])) {
$username = $_POST['username'];
$password = $_POST['password'];
if(!empty($username) && !empty($password)) {
$insert = $db->prepare("INSERT INTO 'user' ('name', 'pass') VALUES (?, ?)");
$insert->bind_param('ss', $username, $password);
}
}
}
?>
<html>
<head>
<?php
require_once 'style.php';
?>
<title>si | Registering an Account</title>
</head>
<body>
<?php
require_once 'header.php';
?>
<div id="page">
<h2>Register an Account on Si</h2>
<form action="" method="post">
<input type="text" name="username" placeholder="Username" autocomplete="off">
<input type="password" name="password" placeholder="Password" autocomplete="off">
<button>Register</button>
</form>
</div>
</body>
</html>
connect.php:
<?php
$db = new mysqli('127.0.0.1', 'root', '');
if($db->connect_errno) {
echo "<p id='gotem'>Something has gone wrong.Tell J to fix it.</p>";
}
?>
Any help on this,the creation of a session that marks login,and the redirecting to the index page with the session on is very appreciated.
回答1:
In conjunction with the other answers given, you are using regular quotes around your table and columns, which are invalid identifier qualifiers.
("INSERT INTO 'user' ('name', 'pass')
^ ^ ^ ^ ^ ^
Which should either be removed
("INSERT INTO user (name, pass)
or using ticks which resemble a quote, but is in fact NOT a quote; those are two different animals altogether.
("INSERT INTO `user` (`name`, `pass`)
Reference on identifier qualifiers for MySQL:
- http://dev.mysql.com/doc/en/identifier-qualifiers.html
Passwords
I also noticed that you may be storing passwords in plain text. This is not recommended.
Use one of the following:
- CRYPT_BLOWFISH
crypt()bcrypt()scrypt()- On OPENWALL
- PBKDF2
- PBKDF2 on PHP.net
- PHP 5.5's
password_hash() function.
- Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/
Other links:
Important sidenote about column length:
If and when you do decide to use password_hash() or crypt, it is important to note that if your present password column's length is anything lower than 60, it will need to be changed to that (or higher). The manual suggests a length of 255.
You will need to ALTER your column's length and start over with a new hash in order for it to take effect. Otherwise, MySQL will fail silently.
回答2:
First of all you forgot to add your database name and password in your mysqli instance
<?php
$db = new mysqli('127.0.0.1', 'root', 'your_password_for_the_user_root','yout_database_name');
if($db->connect_errno) {
echo "<p id='gotem'>Something has gone wrong.Tell J to fix it.</p>";
}
?>
Then in your register.php file you have added a post index which will not be set($_POST['desc']), that's why your code inside your if statement will never be execute since your form does not contain an input name desc.I think its better remove it and please do not forget to execute your prepared statement. The code might be like this.
UPDATED CHANGE ' TO `
if(!empty($_POST)) {
if(isset($_POST['username'], $_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
if(!empty($username) && !empty($password)) {
$insert = $db->prepare("INSERT INTO `user` (`name`, `pass`) VALUES (?, ?)");
$insert->bind_param('ss', $username, $password);
if (!$insert->execute()) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
}
}
}
Adding an attribute type of your button might also be helpful
<form action="" method="post">
<input type="text" name="username" placeholder="Username" autocomplete="off">
<input type="password" name="password" placeholder="Password" autocomplete="off">
<button type="submit">Register</button>
</form>
回答3:
in your file , line 6
if(isset($_POST['username'], $_POST['password'], $_POST['desc'])) {
you dont post $_POST['desc'] check this.
NOTE: Better way is , have else for all of your if , to see what happend
EDIT:
use $insert->execute();
after
$insert->bind_param('ss', $username, $password);
回答4:
Line no. 6
I think you have added extra parameter 'desc' to isset statement which is not used anywhere.
Change this line
if(isset($_POST['username'], $_POST['password'], $_POST['desc'])) {
To following
if(isset($_POST['username'], $_POST['password'])) {
Add following code.
You have bind the parameter to to sql query but not yet executed.
Add the following code just after $insert->bind_param('ss', $username, $password);
$insert->execute();
Creating Session
To create session you need to store session value in session variable. You can do this by storing newly registred user id in session variable. Add following code just after $insert->execute();
$userid = mysqli_insert_id($db); // get newly registred userid
$_SESSION['userid'] = $userid // store the registred userid in session.
Redirect to Index Page
Redirection of page done using header function in php
Add following code.
header("Location: index.php");
On Index page
To get access to session and session variable. Add following code at very first line.
session_start();
$userid = $_SESSION['userid'];
if(isset($userid) && !empty($userid)) {
echo "User is logged In using user id:".$userid;
} else {
echo "User is not logged In"
}
