1. 首页
  2. 问答
  3. PHP注册系统用户信息未被存储在mysql中

PHP注册系统用户信息未被存储在mysql中

2013-06-11 160 views
-1

我有一个基本的注册系统。代码如下。无法注册用户。 connect.php网站工作...登录部分工作,如果我手动添加信息到数据库。我不断收到我设置的错误消息,请参阅以下内容......“发生错误,您的帐户未创建。”PHP注册系统用户信息未被存储在mysql中

<?php 

if ($_POST['registerbtn']){ 

    $getuser = $_POST['user']; 
    $getemail = $_POST['email']; 
    $getpass = $_POST['pass']; 
    $getretypepass = $_POST['retypepass']; 

    if ($getuser){ 

     if ($getemail){ 

      if ($getpass){ 
       if ($getretypepass){ 
        if ($getpass === $getretypepass){ 
         if((strlen($getemail) >= 7) && (strstr($getemail,"@")) && (strstr($getemail,"."))){ 

          require("./connect.php"); 

          $query = mysql_query("SELECT * FROM users WHERE username='$getuser'"); 
          $numrows = mysql_num_rows($query); 
           if ($numrows == 0){ 
            $query = mysql_query("SELECT * FROM users WHERE email='$getemail'"); 
            $numrows = mysql_num_rows($query); 
             if ($numrows == 0){ 
              $password = md5(md5("18sde#@!".$password."@1kwe#28")); 
              $date = date("F d, Y"); 
              $code = md5(rand()); 

              mysql_query("INSERT INTO user VALUES ('', '$getuser', '$password', '$getemail', '0', '$code', '$date')"); 



              $query = mysql_query("SELECT * FROM users WHERE username='$getuser'"); 
              $numrows = mysql_num_rows($query); 
              if ($numrows == 1){ 

               $site = "http://localhost/test"; 
               $webmaster = "[email protected]"; 
               $headers = "From: $webmaster"; 
               $subject = "Activate your account"; 
               $message = "Thanks for registering. Click the link below to active your account."; 
               $message .= "$site/activate.php?user=$getuser&code=$code"; 
               $message .= "You must activate your account to login."; 

               if (mail($getemail, $subject, $message, $headers)){ 

                $errormsg = "You have been registered. You must activate your account using your email $getemail"; 
                $getusr = ""; 
                $getemail = ""; 

               } 
               else 
                $errormsg = "An error has occurred. Your activation email was not sent."; 
              } 
              else 
               $errormsg = "An error has occurred. Your account was not created."; 

             } 
             else 
              $errormsg ="There is already a email with that email."; 
            } 
            else 
             $errormsg ="There is already a user with that username."; 

            mysql_close(); 
         } 
         else 
          $errormsg = "You must enter a valid email address to register."; 
        } 
        else 
         $errormsg = "Your passwords did not match"; 
       } 
       else 
        $errormsg = "You must retype your password to register."; 


      } 
       else 
        $errormsg = "You must enter your password to register."; 


     } 
     else 
      $errormsg = "You must enter your email to register."; 


    } 
    else 
     $errormsg = "You must enter your username to register."; 

} 




$form = "<form action='./register.php' method='post'> 
<table> 
<tr> 
    <td></td> 
    <td><font color='red'>$errormsg</font></td> 
</tr> 
<tr> 
    <td>Username:</td> 
    <td><input type='text' name='user' value'$getuser' /></td> 
</tr> 
<tr> 
    <td>Email:</td> 
    <td><input type='text' name='email' value'$getemail' /></td> 
</tr> 
<tr> 
    <td>Password:</td> 
    <td><input type='password' name='pass' value'' /></td> 
</tr> 
<tr> 
    <td>Retype Password:</td> 
    <td><input type='password' name='retypepass' value'' /></td> 
</tr> 
<tr> 
    <td></td> 
    <td><input type='submit' name='registerbtn' value'Register' /></td> 
</tr> 
</table> 
</form>"; 

echo $form; 

?>

来源

2013-06-11 optional

+3

请尝试去掉你的示例代码到相关部分 - 现在看起来你正在将代码倾倒在这里让其他人为你调试它,这不在本站的范围之内。 –

+0

永远不要认为'mysql_query()'成功。总是检查结果(你可以使用'mysql_error()'来确定错误,如果没有错误,你的'SELECT'查询就不会返回行。 –

回答

0

不是解决办法,但一些解决方法,使您的代码更简单,更好:

  1. 不要使用mysql_功能,使用mysqliPDO。 mysql_已被弃用。

  2. 不要单独验证输入(添加大量必要条件和嵌套)。像这样的更简单:

    $ createUser = true;

    if(!$ getuser){$ errorMsg ='Your error msg'; $ createUser = false; } if(!$ getemail){$ errorMsg ='Your error msg'; $ createUser = false;如果(!$ getpass){$ errorMsg ='Your error msg';} $ createUser = false; }

    如果($的createUser){ ...创建用户... }

  3. real_escape_string(找对的mysqli和PDO实现)

  4. 最后净化你的投入,添一些调试。例如,使用INSERT查询创建一个$sql var,并使用echo创建var,以查看查询是否正确形成。

来源

2013-06-11 23:31:06

+1

你应该单独验证输入,所以你可以显示每个错误一次不只是一次错误 – Jessica

+0

你有一个点,我重新配制:) –

+0

你的例子仍然只会显示一个错误消息。你应该使用一个数组来保存错误。这样你就可以一次显示所有的问题。 – Jessica

1

你正在做的INSERTuser -

mysql_query("INSERT INTO user VALUES ('', '$getuser', '$password', '$getemail', '0', '$code', '$date')"); 
         ----

users

$query = mysql_query("SELECT * FROM users WHERE username='$getuser'"); 
            -----

做你SELECT所以你永远不会INSERT插入一行供以后选择。

注意:您已开放SQL注入。至少可以净化你的$_POST数据。或者移至mysqli_PDO并使用准备好的语句。

来源

2013-06-11 23:36:27 Sean

相关问题

 相关问题