1. 首页
  2. 问答
  3. 使用简单插入查询插入数据使用php

使用简单插入查询插入数据使用php

2013-10-13 85 views
0

我使用php创建简单注册表单。 我已经做了验证检查使用PHP它工作正常..选择语句工作正常,以检查用户名是否退出。 但是,在这里我有问题插入数据..提交时没有任何反应。这里是完整的代码..所有的代码是罚款的问题是与插接部分..请大家上一看..使用简单插入查询插入数据使用php

<h3>* Required Fields<br/> </h3> 
     <?php 
     if(isset($_POST['username'])){ 
    # connect to the database here 
    # search the database to see if the user name has been taken or not 
    include 'config.php'; 
    $username=$_POST['username']; 

    $query = "SELECT * FROM account WHERE userid='$username' "; 
    //$sql = mysql_query($query); 
    //$row = mysql_fetch_array($sql); 

    $sql=mysql_query($query) or die($sql.">>".mysql_error()); 
    $row=mysql_num_rows($sql); 
    //if($num>0){ //check if 

    #check too see what fields have been left empty, and if the passwords match 
    if($row>0|| empty($_POST['fname'])||empty($_POST['lastname'])|| empty($_POST['username'])||empty($_POST['password1'])|| empty($_POST['password2'])|| empty($_POST['day'])|| empty($_POST['Month'])|| empty($_POST['year'])|| empty($_POST['gender']) || empty($_POST['contact'])||$_POST['password1']!=$_POST['password2']|| $_POST['gender_select']='gender'|| $_POST['month_select']='month'|| $_POST['day_select']='day'|| $_POST['year_select']='year'){ 
     # if a field is empty, or the passwords don't match make a message 
     $error = '<h4>'; 

     if(empty($_POST['fname'])){ 
      $error .= 'First Name can\'t be empty<br>'; 
     } 
     if(empty($_POST['lastname'])){ 
      $error .= 'Last Name can\'t be empty<br>'; 
     } 
     if(empty($_POST['username'])){ 
      $error .= 'Email can\'t be empty<br>'; 
     } 
     if(empty($_POST['password1'])){ 
      $error .= 'Password can\'t be empty<br>'; 
     } 
     if(empty($_POST['password2'])){ 
      $error .= 'You must re-type your password<br>'; 
     } 

     if(empty($_POST['contact'])){ 
      $error .= 'contact is not selected<br>'; 
     } 
     if($_POST['password1']!=$_POST['password2']){ 
      $error .= 'Passwords don\'t match<br>'; 
     } 
     if($row>0){ 
      $error .= 'User Name already exists<br>'; 
     } 
     if($_POST['gender_select'] == 'gender'){ 
     $error.= "Please select a gender<br>"; 
     } 
     if($_POST['month_select'] == 'month'){ 
     $error.= "Please select a month<br>"; 
     } 
     if($_POST['day_select'] == 'day'){ 
     $error.= "Please select a day<br>"; 
     } 
     if($_POST['year_select'] == 'year'){ 
     $error.= "Please select a year<br>"; 
     } 

     $error .= '</h4>'; 
    }else{ 

       $ftname=$_POST['fname']; 
       $lastname=$_POST['lastname']; 
       $gender=$_POST['gender']; 
       $bday=$_POST['day_select']; 
       $byear=$_POST['year_select']; 
       $bmonth=$_POST['month_select']; 
       $username=$_POST['username']; 
       $password=$_POST['password1']; 
       $contact=$_POST['contact']; 
     $query= mysql_query(" insert into Account (firstname,lastname,gender,bday,byear,bmonth,userid,password,contactno) values 
          ('$ftname','$lastname','$gender','$bday','$byear','$bmonth','$username','$password','$contact')") or die(mysql_error()); 

       if($query){ 

        echo "New record was saved."; 
       // echo "<script>alert('Congratulation! You Create account successfully! ')</script>"; 
          } 
       else 
       { 
        echo "Sorry no record saved."; 
       } 
    } 
} 
# echo out each variable that was set from above, 
# then destroy the variable. 
if(isset($error)){ 
    echo $error; 
    unset($error); 
} 
?> 

     </div> 

      <form id="send" name="form" method="post" action=""> 

       <p> 

       <label for="name">Name *</label> 
       <input type="text" name="fname" /> 
       </p> 

       <p> 
       <label for="lastnamme">Father Name *</label> 
       <input type="text" name="lastname" /> 
       </p> 

       <p> 

       <label for="username">Email Address *</label> 
       <input type="text" name="username" /> 
       </p> 

       <p> 

       <label for="password">Password *</label> 
       <input type="password" name="password1" /> 
       </p> 
       <p> 

       <label for="cpassword">Confirm Password *</label> 
       <input type="password" name="password2" /> 
       </p> 

       <p> 
       <label for="dob">Date of Birth *</label> 
       <select name="day_select"> 
       <option value="day" >Day&nbsp;</option> 
        <?php for($i=0;$i<=31;$i++) 
           { 
           ?> 
      <option value="<?php echo $i; ?>"><?php echo $i."<br>"; ?></option> 
      <?php } ?> 
      </select> 

      &nbsp; 
      <select name="month_select" > 
       <option value="month" >Month*</option> 

       <option value="January">January</option> 
       <option value="February">February</option> 
       <option value="March">March</option> 
       <option value="April">April</option> 
       <option value="May">May</option> 
       <option value="June">June</option> 
       <option value="July">July</option> 
       <option value="August">August</option> 
       <option value="September">September</option> 
       <option value="October">October</option> 
       <option value="November">November</option> 
       <option value="December">December</option> 
       <option value="unknown" >Unknown</option> 
      </select> 
      &nbsp; 
      <select name="year_select" > 
      <option value="year" >Year&nbsp;&nbsp;</option> 
      <?php for($i=1920;$i<=2013;$i++) 
           { 
           ?> 

      <option value="<?php echo $i; ?>"><?php echo $i."<br>"; ?></option> 
      <?php } ?> 
      </select> 

       </p> 

       <p> 

       <label for="genderr">Gender *</label> 

       <select name="gender_select" > 
       <option value="gender">Gender </option> 
       <option value="male">Male </option> 
       <option value="female">Female</option> 
       <option value="other">other</option> 
       </select> 
       </p> 

       <p> 
       <label for="contactno">Contact No *</label> 
       <input type="text" name="contact" /> 
       </p> 

       <p> 


       <input type="submit" id="submit" name="submit" value="Sign Up" /> 
       </p> 

      </form> 




      </div> 

     <!--END #signup-inner --> 
     </div> 

    <!--END #signup-form --> 
    </div> 

      </div> 

      </div><!-- end content --> 

     </div><!-- end main --> 

     <?php include('footer.php'); ?> 
    </body>

来源

2013-10-13 Farooq

+1

'mysql_query'被弃用PHP 5.5.0的,并会在将来被移除。相反,使用MySQLi或PDO_MySQL扩展。 http://php.net/manual/en/function.mysql-query.php – heretolearn

回答

1

您应该使用MySQLi而不是MySQL。而且您还必须首先检查输入以避免SQL注入!

$ftname=mysqli_real_escape_string($con, $_POST['fname']); 
$lastname=mysqli_real_escape_string($con, $_POST['lastname']); 
$gender=mysqli_real_escape_string($con, $_POST['gender']); 
$bday=mysqli_real_escape_string($con, $_POST['day_select']); 
$byear=mysqli_real_escape_string($con, $_POST['year_select']); 
$bmonth=mysqli_real_escape_string($con, $_POST['month_select']); 
$username=mysqli_real_escape_string($con, $_POST['username']); 
$password=mysqli_real_escape_string($con, $_POST['password1']); 
$contact=mysqli_real_escape_string($con, $_POST['contact']); 

mysqli_query($con, "INSERT INTO Account 
(firstname,lastname,gender,bday,byear,bmonth,userid,password,contactno) 
VALUES ('".$ftname."','".$lastname."','".$gender."','".$bday."','".$byear."','".$bmonth."','".$username."','".$password."','".$contact."')") 
or die(mysqli_error($con));

但是,您需要在脚本的开始处定义$ con。这是MySQL数据库的连接 -

$con=mysqli_connect("localhost","username","password","databasename");

希望帮助:)

来源

2013-10-13 21:35:26

0

你是不是在你的INSERT语句正确串接你的价值观。 应该

的mysql_query(”插入账户(名字,姓氏,性别,BDAY,byear,bmonth,用户ID,密码,contactno)值 ( ' “$ ftname。”''”。$姓氏。 “ ''”。$的性别。 “ ''”。$ BDAY。 “ ''”。$ byear。 “ ''”。$ bmonth。 “ ''”。$用户名 “ ''” 。“$ password。”','。。$ contact。“')”)或die(mysql_error());

但是要小心你的方法很容易sql注入。您不应该将源自公共表单的值直接链接到SQL查询。您需要仔细逃避值或使用PDO准备好的语句。

来源

2013-10-13 20:10:53 melc

相关问题

 相关问题