php mysql注册表单

I've tried creating a register php code so i can sign people up when im not at my computer but for some reason it wont create the table and wont create the folders even when there not there.

the output is:

( ! ) Notice: Undefined variable: db_add_user

added user

user folder already created

user image folder already created

user profile picture already there

didn't create user table

done

and here's the code

connection.php

<?php

$servername = "localhost";
$username = "root";
$password = "";

// Create connections
$main_db = new mysqli($servername, $username, $password, "main_db");
$user_db = new mysqli($servername, $username, $password, "u");
$chat_db = new mysqli($servername, $username, $password, "chat");
$log_db = new mysqli($servername, $username, $password, "log");

?>

index.php

<?php
require('/website/live/includes/checkadmin.php')
?>

<html>
    <head>
        <title>register</title>
        <link rel="stylesheet" type="text/css" href="/main.css">
    </head>
    <body class="disableNotifications">
        <?php include("/website/live/includes/nav.php"); ?>

        <form action="register.php" method="post" >
            <input type="text" name="user" placeholder="user" required>
            <input type="text" name="login" placeholder="login" required>
            <input type="text" name="pass" placeholder="pass" required>
            <input type="text" name="email" placeholder="" required>
            <input type="text" name="year" placeholder="" required>
            <button type="submit"><h2>register</h2></button>
            <button type="reset"><h2>reset</h2></button>

        </form>

    </body>
</html>

<?php
#makes sure user is admin
require("/website/live/includes/checkadmin.php");
#opens connection to database
require("/website/live/includes/connection.php");

$query = $main_db->query("SELECT user FROM main_table WHERE user = '$_POST[user]'", MYSQLI_USE_RESULT);

if ($query) {
   while ($row = $query->fetch_array()) {
       $db_add_user = $row['user'];
   }
}

if ($db_add_user != $_POST['user']) {

    #adds user to main database
    $inserttable = "INSERT INTO `main_table` (`ID`, `user`, `email`, `year`, `login`, `pass`, `admin`, `master`, `banned`) VALUES (NULL, '$_POST[user]', '$_POST[email]','$_POST[year]' ,'$_POST[login]', '$_POST[pass]', 'False', 'False', 'False')";

    if ($main_db->query($inserttable, MYSQLI_USE_RESULT) === TRUE) {
        echo "added user <br>";
    } 
    else {
        echo "didn't add user <br>";
    }

    #makes folders
    if (file_exists("'/website/live/u/' . $_POST[user]") === TRUE) {
        mkdir('/website/live/u/' . $_POST['user']);
        echo "created user folder <br>";
    }
    else {
        echo "user folder already created <br>";
    }
    if (file_exists("'/website/live/u/' . $_POST[user] . '/images'") === TRUE) {
        mkdir('/website/live/u/' . $_POST['user'] . '/images');
        echo "created user image folder <br>";
    }
    else {
        echo "user image folder already created <br>";
    }
    if (file_exists("'/website/live/images/logo.png','/website/live/u/'.$_POST[user].'/logo.png'") === TRUE) {
        copy('/website/live/images/logo.png','/website/live/u/'.$_POST['user'].'/logo.png');
        echo "copyed user logo across <br>";
    }
    else {
        echo "user profile picture already there <br>";
    }
    #adds folders to user database
    $makeimages = "CREATE TABLE `$_POST[user]` ('name' TEXT NOT NULL , `time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP , `upvotes` INT NOT NULL DEFAULT '0' , `downvotes` INT NOT NULL DEFAULT '0' , UNIQUE `name` (`name`))";

    if ($user_db->query($makeimages, MYSQLI_USE_RESULT) === TRUE) {
        echo "created user table <br>";
    }
    else {
        echo "didn't create user table <br>";
    }

}

else {
    echo "user already added <br>";
    die;
}

#not going to redirect so erros can be displayed
echo "done <br>";
?>

btw the email input is just a number cause reasons.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dqvy87517 2017-09-09 04:01
关注
I imagine due to the undefined variable your query is failing:

Notice: Undefined variable: db_add_user

$query = $main_db->query("SELECT user FROM main_table WHERE user = '$_POST[user]'", MYSQLI_USE_RESULT); if ($query) { while ($row = $query->fetch_array()) { $db_add_user = $row['user']; } }

If query is false ( or return no results ) the while never runs, ergo the variable is never set. One thing that is at least "bad form" is this

'$_POST[user]'"

No quotes for the key, this should issue a warning like undefined constant, then PHP will default the constant value to = the name of the constant, or name.

It's doubtful that is why it is failing, but one never knows. In any case the while loop itself here is pointless when a single result is expected. Especially when using fetch_array instead of just fetch. That said I haven't used Mysqli in about 4 years so I'm a bit rusty on that as I use PDO these days. But unless I am mistaken, fetch_array should return the whole result set, thereby also making the while loop pointless.

In the case that the query does run, your user may not be correct.

Note - this is not necessary intended as an answer but is too much for a comment.

Following through with this, ignoring the fact it's totally open to SQL injection, when concatenating $_POST values directly into the SQL, is that you should check that the value of that post item is indeed what it should be. If not then it all falls apart. ie $_POST['user'] is what you think it is.

Also, another thing on the while loop.

By working my way through your code. fetch_array returns something like this

[ 0 => ['item' => 'value' ] ]

In other words a multidimensional array. So therefore your while loop as it's coded can never pull the correct $row['user'] value out, because row is the entire result set, wrapped in a container array. So you would be looking at one level up in the array then where you think you are. ie. an array of rows, not a single row.

As mentioned in the comments by @Javad, your file_exists check in the if statement is also incorrect.

file_exists("'/website/live/u/' . $_POST[user]");

Containing both single and double quotes ( also missing quotes around the key ). And should be of the form such as

file_exists('/website/live/u/' . $_POST['user']); file_exists("/website/live/u/{$_POST['user']}"); //I prefer the {} for variable interpolation, yep that's a big word that means variable interpretation, or more simply PHP will just fill the variable value in.

etc.

Really, just think what that first error means to your code, in your mind replace this $db_add_user with ? or undefined. As it runs it will pass into the loop because surely that is not equal to posted user value. And with the improper formatted file exists check, the file will never exist, which causes it to create the proper file, because those are coded correctly. So the next time you run it, it does the same thing, creating the proper files/folders, which don't match the miss coded file exists check.

This Line is extremely troubling ( which is why i took the time to explain the below ):

$inserttable = "INSERT INTO `main_table` (`ID`, `user`, `email`, `year`, `login`, `pass`, `admin`, `master`, `banned`) VALUES (NULL, '$_POST[user]', '$_POST[email]','$_POST[year]' ,'$_POST[login]', '$_POST[pass]', 'False', 'False', 'False')";

Imagine I post this as my password.

$_POST[pass] = "password', true, true, false )--";

The -- comments the rest of the sql out, so I just made myself an admin, and master of your site. ( assuming you mean true and not 'true' as a string ) Because your query becomes something like this

"INSERT INTO `main_table` (`ID`, `user`, `email`, `year`, `login`, `pass`, `admin`, `master`, `banned`) VALUES (NULL, 'god', 'gad@heaven.com','2017' ,'God', 'password', true, true, false) --', 'False', 'False', 'False')"

Where nothing after the -- counts because the DB thinks its a comment. Now I am not saying that exactly would work, as I'm not in a habit of exploiting SQL injection vulnerabilities, but it's close enough that you should seriously consider using prepared statements.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

在表单提交后使用数据库值更新前端表 mysql php
2017-11-09 16:39

回答 1 已采纳 Change the order and put the DELETE part before the SELECT. <?php session_start(); include 'h
form表单提交到数据库储存 html mysql php
2022-07-28 15:34

回答 1 已采纳 php 存入mysql数据库https://blog.csdn.net/weixin_42464553/article/details/113165207
如何在php中提交表单后返回同一页面。 http mysql php
2015-03-27 11:03

回答 7 已采纳 Thank You All. I Got My Answer $_SERVER['REQUEST_URI']; will give the current URL with query stri
PHP交互MySQL 实现登录注册功能
2022-01-28 18:09

ThnPkm的博客 1.建立、关闭与MySQL服务器的连接 1)连接指定的mysql服务器 $link=@mysqli_connect($host, $user, $password,$database,$port); 2)连接错误时的提示 int mysqli_connect_errno (); //返回最后一次连接调用...
有关PHP 图片上传问题 css html5 php
2020-05-06 10:05

回答 1 已采纳 https://blog.csdn.net/Zhang17_617/article/details/86812795
PHP向数据库传送的数据中文乱码 html5 mysql php sql
2019-02-13 19:06

回答 3 已采纳编码不一致， 1、php 文件中添加 header("Content-Type: text/html; charset=utf-8"); 2、mysql编码和php编码确保一致，如果php编码是g
如何将此表单拆分为两个值 javascript mysql php
2013-10-10 09:00

回答 3 已采纳 Replace div with textarea and to disable resizing use css: textarea { resize: none; } To
php mysql 表单_php表单怎么提交到数据库？（详解）
2021-01-18 23:20

Isaac Duan的博客提交数据到服务器端数据库都是用的form表单，这是最普通最简单提交数据的方法，填写完表单后，post提交到后台.php文件，处理完后返回到指定页面，最后，页面就重新刷新了一遍，显示预想的页面。下面本篇文章就来...
将html Web表单保存为草稿 mysql php
2011-02-21 05:18

回答 1 已采纳 Save the information they write into your database, but set it as not published. You can do this
通过ajax在html / php中搜索表单 ajax html javascript php
2010-04-25 22:10

回答 3 已采纳 onclick="run_query();" You don't seem to block the form's default action. Add a return false; to
我一直收到用户名和密码错误的登录表单[重复] css html javascript mysql php
2015-10-21 19:06

回答 1 已采纳 You have some missing quotes: $user = $_POST[user]; $pass = $_POST[pass]; Fixed version: $user
web php+mysql基础
2022-10-05 17:22

@See you later的博客 =代表赋值==比较数值===比较类型且比较数值表单标签：这里面包含了处理表单数据所用动态脚本的URL以及数据提交到服务器的方法。表单域：包含了文本框、密码框、隐藏域、多行文本框、复选框、单选框、下拉选择框和...
将序列化表单发送到数据库 jquery php
2014-01-31 15:00

回答 1 已采纳 It looks like you are serializing your form and then insert it into an element with id of phpval.
使用php前端连接mysql与后台_前端，php和mysql联合使用入门
2021-01-18 20:06

军机大臣上行走的博客声明本文只是简单的介绍前端和php服务端的交互，以及php连接mysql数据库进行简单的操作，不具备数据正则验证使用工具：phpstudy案例实现功能实现成员登记信息功能程序运行流程1.客户端输入预设好的内部密码及其他...
PHP+MySQL制作简单的用户注册登录界面（注释超详细~附源代码）
2022-07-20 01:01

WAMIA的博客 PHP+MySQL制作简单的用户注册登录界面（附详细注释源代码）
没有解决我的问题, 去提问

悬赏问题

¥30 这是哪个作者做的宝宝起名网站
¥60 版本过低apk如何修改可以兼容新的安卓系统
¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
¥50 有数据，怎么建立模型求影响全要素生产率的因素
¥50 有数据，怎么用matlab求全要素生产率
¥15 TI的insta-spin例程
¥15 完成下列问题完成下列问题
¥15 C#算法问题, 不知道怎么处理这个数据的转换
¥15 YoloV5 第三方库的版本对照问题
¥15 请完成下列相关问题！

php mysql注册表单

1条回答 默认 最新

悬赏问题

1条回答默认最新