发表新帖
发表新帖

PHP Registration code

后端 未结
关注
4 1004
小蘑菇
小蘑菇 2021-01-16 23:27

I am currently attempting to create a registration script to enter registration information into my UserAccount table. Below is my connection:
相关标签:
4条回答
  • 心在旅途
    2021-01-16 23:55

    Try the following by changing the single and double quotes around:

    $insert = "INSERT INTO UserAccount(email_address, password, f_name, s_name) 
VALUES('".$email_address."','".$password."','".$f_name."','".$l_name."')";

    This is good practice! The page will be blank but at least you should get entry in the table.

    Also check if the database name $db should be the same as the $usr? Is this correct?

    $db = $usr;

    Shouldn't this be something like

    $db = "databaseName";

    Final thought:

    There is a keyword variable transfer; that looks funny. Because of the setup of php error reporting/handling it might cause an error but not show/report it thus the blank page. Use echo at specific places in the code to see where it stops.

    Should it be $transfer; and should it receive a variable?

    The other thought is that if you have $_SESSION['conn'] there should be a session_start(); just after the opening <?php tag. This might all cause the conn.php to fail thus breaking the INSERT.

    0 讨论(0)
  • 广开言路
    2021-01-16 23:58

    You have to see if your query is even being executed? what's the error that your query is returning? Try

    mysqli_query($conn,$insert) or die(mysqli_error($conn));

    That will tell you why there is no data. Good time you moved to MYSQLI or PDO

    EDIT:

    Also you are using a variable $l_name which has not been declared before. In your query it should be $s_name. Most probably your table is set to NOT accept blank value for l_name and that's where it fails

    0 讨论(0)
  • 栀梦
    2021-01-17 00:14

    Don't ever use mysql_ functions this way! Seriously!

    • You are risking SQL injection by using untreated data directly in your query
      • someone could formulate a malicious request that could expose, or corrupt your data
    • mysql_* functions are deprecated as of PHP 5.5!
      • they are not supported anymore!

    Solution:

    • use prepared statements
    • Use PDO
    • or use mysqli consistently throughout the application (as others noted)

    Of all these, I'd suggest going the PDO way:

    try {
    //open connection, this is different than in the old functions
    $dbh = new PDO('mysql:host=localhost;dbname=test', $user, $pass);

    //***running query
    //**step1: create statement
    $stmt = $dbh->prepare('INSERT INTO UserAccount(email_address, password, f_name, s_name) 
    VALUES( :email, :password,:f_name,:l_name)'); //notice parameters prefixed with ':'

    //**step2: bind values (be sure to also check out the bindParameter() function too!)
    $stmt->bindValue(':email', $email_address);
    $stmt->bindValue(':password', $password);
    $stmt->bindValue(':f_name', $f_name);
    $stmt->bindValue(':l_name', $l_name);

    //**step3: exexcute statement
    $stmt->execute();

    $dbh = null;
} catch (PDOException $e) {
    print "Error!: " . $e->getMessage() . "<br/>";
    die();
}
    0 讨论(0)
  • 余生分开走
    2021-01-17 00:18

    You have a typo

    mysql_query($insert); should be mysqli_query($insert);

    You can't make mysql queries onto a mysqli connection.

    0 讨论(0)
 看不清?
提交回复
热议问题