1. 首页
  2. 问答
  3. 为什么这个插入查询不起作用?

为什么这个插入查询不起作用?

2017-05-21 117 views
0 
<!DOCTYPE html> 
    <html> 
    <head> 
     <title>User Registration</title> 
    </head> 
    <body> 
    <!--Design area--> 
    <a href="register.php">Register</a><=====><a href="login.php">Login</a> 
    <h3>Registration Form</h3> 
    <form action="" method="post"> 
     <input type="text" name="username"> 
     <input type="password" name="password"> 
     <input type="submit" name="register" value="Register"> 
    </form> 

<!--End design area--> 
<!--PHP Section--> 
<?php 
if(isset($_POST['register'])){ 
    $username=$_POST['username']; 
    $password=$_POST['password']; 
    $con=mysqli_connect('localhost','root','','log') or die("Connection failure"); 
    $query="SELECT * FROM log_data WHERE username='".$username."'";//Validation query 
    $run_query=mysqli_query($con,$query); 
    $row_count=mysqli_num_rows($run_query);

直到现在一切正常。但是,当我给行计数条件,然后编写插入查询,那时浏览器说帐户没有创建。这意味着我的查询没有运行。为什么?为什么这个插入查询不起作用?

if($row_count==0){ 
     $query="INSERT INTO log_data(username,password) VALUES('$username','$password')";//insert query 
     $run_query=mysqli_query($con,$query); 
     if($run_query){//if inserted 
    echo "Account Successfully Created"; 
    } else { 
    echo "Account not created"; 
    } 

}else{ 
    echo "This username already exits"; 
} 
} 

?> 
<!--End Php Section--> 
</body> 
</html>

来源

2017-05-21 Shuvro Jyoti

+2

您的代码容易受到SQL注入。请学习使用[预先准备的语句](https://www.youtube.com/watch?v=nLinqtCfhKY)。另外,将密码存储为纯文本字符串是一个糟糕的主意。 –

+0

mysqli_num_rows($ query); –

+0

$ row_count = $ query-> num_rows; ('$ username','$ password')“; //插入查询 $ run_query = mysqli_query($ con,$ query)或者死(mysqli_error) –

回答

-1

您可能需要采取一些预防措施来防止SQL注入,因此此代码很容易受到攻击。

$stmt = mysqli->prepare("SELECT col1 FROM t1 WHERE col2 = ?"); 
$stmt->bind_param("s", $username); 

$stmt->execute();

这应该有帮助,确保你使用'?'任何用户定义的输入变量的占位符。

来源

2017-05-21 11:55:29

-1

试试这个..

<?php 

$con=mysqli_connect("localhost","root","","log"); 
// Check connection 

if (mysqli_connect_errno()) 
    { 
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
    } 


if(isset($_POST['register'])){ 

    $username=$_POST['username']; 
    $password=$_POST['password']; 

    $query="SELECT * FROM log_data WHERE username='".$username."'"; //Validation query 


    if ($result=mysqli_query($con,$query)){ 

    $rowcount=mysqli_num_rows($result); 
    //$row_count = $query->num_rows; 

    if($rowcount==0){ 

     $sql="INSERT INTO log_data(username,password) VALUES('$username','$password')"; //insert query 

     $run_query=mysqli_query($con,$sql); 

     if($run_query){ //if inserted 

      echo "Account Successfully Created"; 
     } 

     else { 

     echo "Account not created"; 

     } 

    } 
    else{ 

    echo "This username already exits"; 

    } 
} 

} 

?>

来源

2017-05-21 12:03:49

相关问题

 相关问题