1. 首页
  2. 问答
  3. 通过PHP连接mySQL db

通过PHP连接mySQL db

2017-08-05 312 views
1

让我开始说我对此非常陌生。我正在尝试开发一款没有真实体验的移动应用和网站。有可能是我错过了或我做错了,但我似乎无法指出问题在哪里。在创建我自己的之前,我遵循了一个视频指南(演示文件下载到我的电脑),但似乎无法连接到我的数据库。我也复制了这些演示文件,并将它们放入我的代码中,但它仍然让我陷入了一个部分。我正在使用程序MAMP进行连接,并使用Brackets作为代码。下面是我的会议文件:通过PHP连接mySQL db

数据库连接 -

<?php 

$dbServername = "localhost"; 
$dbUsername = "root"; 
$dbPassword = "root"; 
$dbName = "Login System"; 

$con = mysqli_connect($dbServername, $dbUsername, $dbPassword, $dbName);

我的注册文件 -

<?php 

if (isset($_POST['submit'])) { 

    include_once 'dbh.inc.php'; 

    $first = mysqli_real_escape_string($conn, $_POST['first']); 
    $last = mysqli_real_escape_string($conn, $_POST['last']); 
    $email = mysqli_real_escape_string($conn, $_POST['email']); 
    $uid = mysqli_real_escape_string($conn, $_POST['uid']); 
    $pwd = mysqli_real_escape_string($conn, $_POST['pwd']); 

    //Error handlers 
    //Check for empty fields 
    if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) { 
     echo <h2>Please fill in all fields; 
     exit(); 
    } else { 
     //Check if input characters are valid 
     if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) { 
      header("Location: ../signup.php?signup=invalid"); 
      exit(); 
     } else { 
      //Check if email is valid 
      if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { 
       header("Location: ../signup.php?signup=email"); 
       exit(); 
      } else { 
       $sql = "SELECT * FROM users WHERE user_uid='$uid'"; 
       $result = mysqli_query($conn, $sql); 
       $resultCheck = mysqli_num_rows($result); 

       if ($resultCheck > 0) { 
        header("Location: ../signup.php?signup=usertaken"); 
        exit(); 
       } else { 
        //Hashing the password 
        $hashedPwd = password_hash($pwd, PASSWORD_DEFAULT); 
        //Insert the user into the database 
        $sql = "INSERT INTO users (first, last, email, uid, pwd) VALUES ('$first', '$last', '$email', '$uid', '$hashedPwd');"; 
        mysqli_query($conn, $sql); 
        header("Location: ../signup.php?signup=success"); 
        exit(); 
       } 
      } 
     } 
    } 

} else { 
    header("Location: ../signup.php"); 
    exit(); 
} 

?>

我的登录表

<?php 
    include_once 'header.php'; 
?> 

    <section class="main-container"> 
     <div class="main-wrapper"> 
      <h2>Signup</h2> 
      <form class="signup-form" action="includes/signup.inc.php" method="POST"> 
       <input type="text" name="first" placeholder="Firstname"> 
       <input type="text" name="last" placeholder="Lastname"> 
       <input type="text" name="email" placeholder="E-mail"> 
       <input type="text" name="uid" placeholder="Username"> 
       <input type="password" name="pwd" placeholder="Password"> 
       <Button type="submit" name="submit">Sign up</Button> 
      </form> 

     </div> 
    </section> 

<?php 
    include_once 'footer.php'; 
?>

我已将“root”密码重置为“root”,并确保可以使用该密码登录。如果任何字段为空,则检查错误列表的文档返回到URL中带有“= empty”字样的前一页。无论我在我的字段中输入什么信息,它都不会将信息推送到数据库中,或者我错误地映射了我的字段,因此其中一个数据库字段为空。

任何帮助将不胜感激。正如我在本文开头所说的那样,我对此非常陌生。你可能会看到一些令人难以置信的明显而有些愚蠢的东西......你被警告过!我正在创建一个允许用户登录的移动应用程序和网站。登录尝试将引用我的本地主机数据库,以确认用户不存在或用户未使用。

谢谢!

来源

2017-08-05 Palmeeze

+0

:也许variabl e不匹配?我在你的数据库连接中看到'$ con',但是当试图用于转义函数和查询时,有'$ conn'(一个额外的'n')。 –

+0

我很感谢你看看。我确实用$ conn尝试过,但这也不起作用。我用$ con进行了测试,但没有奏效,但我忘了将它改回来。 – Palmeeze

+0

你确定连接成功吗?让程序帮助你发现什么是错的。尝试在连接后(或包含行后)添加以下内容:'if(!$ conn){echo'没有连接:'。 mysqli_connect_error(); }'...确保首先将'$ con'改回到'$ conn'。 –

回答

1

检查连接处理,你可以连接尝试后补充一点:

$conn = mysqli_connect(...); 

if (!$conn) { 
    die('Did not connect: ' . mysqli_connect_error()); 
}

要查询后检查处理,就可以查询尝试后补充一点:

$result = mysqli_query($conn, $sql); 

if (false === $result) { 
    die('Query error: ' . mysqli_error($conn)); 
}

来源

2017-08-05 22:36:21

0

立即使用php -l,我在includes/signup.inc.php文件中的代码中发现了一些错误。

echo <h2>Please fill in all fields;没有被引用,当我尝试加载页面时会导致错误500。要解决此问题,我添加了单引号echo '<h2>Please fill in all fields</h2>';并添加了</h2>以关闭HTML标记。

修复之后,页面将返回Please fill in all fields即使我填写了注册表单中的所有字段。要解决此问题,我将mysqli_real_escape_string($conn, $_POST['POST_DATA']);更改为strip_tags(trim($_POST['POST_DATA']));

电子邮件线是一个有点不同,mysqli_real_escape_string($conn, $_POST['email']);改为filter_var(trim($_POST['email'], FILTER_SANITIZE_EMAIL));

我也改变了$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);(PHP文件:http://php.net/manual/en/function.password-hash.php)行补充盐分。什么是盐?

In cryptography, a salt is random data that is used as an additional input to a one-way function that "hashes" a password or passphrase. Salts are closely related to the concept of nonce. The primary function of salts is to defend against dictionary attacks or against its hashed equivalent, a pre-computed rainbow table attack.

来源:en.wikipedia.org/wiki/Salt_(cryptography)
在这篇文章中stackexchange也看一看/安全一些更多的信息链接:https://security.stackexchange.com/a/51983


includes/signup.inc.php文件

<?php 
if (isset($_POST['submit'])) { 
    include_once 'dbh.inc.php'; 
    $first = strip_tags(trim($_POST['first'])); 
    $last = strip_tags(trim($_POST['last'])); 
    $email = filter_var(trim($_POST['email'], FILTER_SANITIZE_EMAIL)); 
    $uid = strip_tags(trim($_POST['uid'])); 
    $pwd = strip_tags(trim($_POST['pwd'])); 
    //Error handlers 
    //Check for empty fields 
    if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) { 
    echo '<h2>Please fill in all fields</h2>'; // was echo <h2>Please fill in all fields; which would cause an error 500 
    exit(); 
    } 
    else { 
    //Check if input characters are valid 
    if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) { 
     header("Location: ../signup.php?signup=invalid"); 
     exit(); 
    } 
    else { 
     //Check if email is valid 
     if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { 
     header("Location: ../signup.php?signup=email"); 
     exit(); 
     } 
     else { 
     $sql = "SELECT * FROM users WHERE user_uid='$uid'"; 
     $result = mysqli_query($conn, $sql); 
     $resultCheck = mysqli_num_rows($result); 
     if ($resultCheck > 0) { 
      header("Location: ../signup.php?signup=usertaken"); 
      exit(); 
     } 
     else { 
      //Hashing the password 
      $options = [ 
      'cost' => 12, 
      ]; 
      $hashedPwd = password_hash($password, PASSWORD_BCRYPT, $options); // Adding salt to hashed password 
      //Insert the user into the database 
      $sql = " 
        INSERT INTO users (first, last, email, uid, pwd) 
        VALUES ('" . $first . "', 
        '" . $last . "', 
        '" . $email . "', 
        '" . $uid . "', 
        '" . $hashedPwd . "');"; 
      mysqli_query($conn, $sql); 
      header("Location: ../signup.php?signup=success"); 
      exit(); 
     } 
     } 
    } 
    } 
} 
else { 
    header("Location: ../signup.php"); 
    exit(); 
} 
?>


此外,它会是一个好主意,学习如何使用的mysqli的OOP风格进行更复杂的数据库操作上的mysqli
PHP文件:php.net/manual/en/mysqli.query .PHP
这也将是很好的添加一列作为一个序列号,以允许使用此MySQL查询的用户值的后期编辑:至少有一个问题 

ALTER TABLE `users` ADD `serial` INT PRIMARY KEY AUTO_INCREMENT;

来源

2017-08-06 00:26:11 RedRoosterFarm

相关问题

 相关问题