php表单未提交到MySQL数据库[关闭]答案

【问题标题】：php Form not submitting to MySQL database [closed]php表单未提交到MySQL数据库[关闭]
【发布时间】：2016-03-24 05:00:08
【问题描述】：

我正在制作一个注册表单。下面是我的代码。我的数据库名称是“users”，包含以下字段：id、name、email & password。当我提交表单时，它会回显“您已注册！”但没有任何东西被插入到数据库中。我是 php 和 SQL 的新手。如果有人可以帮助我解释为什么我的表单没有将数据提交到数据库。

<?php

if (isset($_POST['submit'])) {

    $error = "";

    if (!$_POST['userName'])
        $error .= "<br/>Please enter your name";

    if (!$_POST['userEmail'])
        $error .= "<br/>Please enter your email";
    else if (!filter_var($_POST['userEmail'], FILTER_VALIDATE_EMAIL))
        $error .= "<br/>Please enter a valid email address";

    if (!$_POST['userPassword'])
        $error .= "<br/>Please enter your password";
    else {
        if (strlen($_POST['userPassword']) < 8)
            $error .= "<br/>Please enter a password with minimum 8 characters";
        if (!preg_match('`[A-Z]`', $_POST['userPassword']))
            $error .= "<br/>Please include a capital letter in your password";
    }

    if ($error)
        echo "There were error(s) in your signup details: " . $error;
    else {
        $link = mysqli_connect("localhost", "username", "password", "database");

        if (!$link) {
            echo "Failed.";
        } else {
            $query = "SELECT * FROM `users` WHERE email='$_POST[userEmail])'";
            $result = mysqli_query($link, $query);
            $results = mysqli_num_rows($result);

            if ($results)
                echo "That email address already exists. Do you want to log in? ";
            else {
                $query = "INSERT INTO users (name, email, passsword) VALUES(
                    '$_POST[userName]', '$_POST[userEmail]', '$_POST[userPassword]')";
                mysqli_query($link, $query);
                echo "You've been signed up!";
            }
        }
    }
}
?>
    <!DOCTYPE html>
    <html lang="en">
      <head>
        <meta charset="utf-8">
        <title>Sign Up</title>
    </head>
    <body>
    <h1>Sign Up</h1>
    <form method="post">
        <label for="userName">Name</label>
        <input type="text" id="userName" name="userName" placeholder="Name"/>
        <label for="userEmail">Email address</label>
        <input type="email" id="userEmail" name="userEmail" placeholder="Email"/>
        <label for="userPassword">Password</label>
        <input type="password" id="userPassword"
            name="userPassword" placeholder="Password"/>
        <input type="submit" id="submit" name="submit" placeholder="Sign Up"/>
    </form>
    </body>
    </html>

【问题讨论】：

Your script is at risk for SQL Injection Attacks.
请使用 PHP 的built-in functions 来处理密码安全问题。如果您使用的 PHP 版本低于 5.5，您可以使用 password_hash() compatibility pack。
你没有检查错误。
Why are you limiting passwords? Don't limit passwords.
$_POST[userName] 应该是 $_POST["userName"].. 其他值也需要调整。 SQL注入漏洞也存在

标签： php html mysql forms

【解决方案1】：

我检查了你的代码。

Error : 1.) It was in select Query : placed extra ')' right parenthesis. 
2.) It was in Insert Query : spelling of password was passsword.

更新：只需更改以下查询。

$query = "SELECT * FROM `student` WHERE email='$_POST[userEmail]'";

$query = "INSERT INTO student (name, email, password) VALUES(
                    '$_POST[userName]', '$_POST[userEmail]', '$_POST[userPassword]')";

【讨论】：

谢谢。这是因为拼写错误。我也会按照你和其他人的建议更新代码的另一部分。

【解决方案2】：

您的 INSERT 查询应如下所示：

$query="INSERT INTO users (name, email, passsword) VALUES('$userName', '$userEmail', '$userPassword')";

【讨论】：

【解决方案3】：

用你的else替换

else {
     $uname = $_POST["userName"];
     $email = $_POST["userEmail"];
     $password = $_POST["userPassword"];
     $query = "INSERT INTO users (name, email, passsword) VALUES('$uname', '$email', '$password')";
     mysqli_query($link, $query) or die(mysqli_error($link));
     echo "You've been signed up!";     
}

【讨论】：

至少在里面扔一些mysqli_real_escape_strings。