我有一个项目,所以建立了一个小型的社交网站。注册表单使用用户名,但是当我为firstname和lastname添加区域时,它不起作用。我不知道如何添加“编辑个人资料”页面,用户可以在其中添加个人资料照片和生物基本信息。下面是我在尝试添加不起作用的名字和姓氏时使用的文件。
if (isset($_POST['reg_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$firstname = mysqli_real_escape_string($db, $_POST['firstname']);
$lastname = mysqli_real_escape_string($db, $_POST['lastname']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
$user_check_query = "SELECT * FROM clients WHERE username='$username' OR
email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
if (count($errors) == 0) {
$password = md5($password_1);
$query = "INSERT INTO clients (username, firsname, lastname, email,
password)
VALUES('$username', '$firstname', '$lastname' '$email',
'$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: indexclient.php');
}
}
我仍然不理解100%的问题,但我确实在你的INSERT查询中发现了一个错误。你需要在'$lastname'之后加一个分号
所以这:
$query = "INSERT INTO clients (username, firsname, lastname, email,
password)
VALUES('$username', '$firstname', '$lastname' '$email',
'$password')";
需要是:
$query = "INSERT INTO clients (username, firsname, lastname, email,
password)
VALUES('$username', '$firstname', '$lastname', '$email',
'$password')";
在旁注中,您的查询将打开SQL注入,how to prevent SQL injection