doulan8330 2017-12-27 22:37
浏览 34

仅填充用户名,密码和电子邮件字段

I am running following query to register a new user. However, only username, password and email address fields are being inserted into the database. I have checked, the spellings exactly match with the ones I have in database. Not sure where is the issue. I have commented out some of the code in order to figure out the issue.Here is the complete code:

<?php

/* Main page with two forms: sign up and log in */
require 'db_connection.php';
session_start();

?>
<!DOCTYPE html>
<html>
<head>
  <title>Sign-Up Form: <?php include 'css/css.html'; ?></title>

</head>

<?php





/* form.php */
//session_start();
$_SESSION['message'] = '<div class="alert alert-error"><?= $_SESSION[\'message\'] ?></div>';
$mysqli = new mysqli('localhost', 'root', '', 'customer.accounts');

/*if (isset($_POST['btn-submit']))
    $first_name = ($_POST['first_name']);
    $last_name = ($_POST['last_name']);
    $username = ($_POST['username']);
    $DeliveryAddress= ($_POST['DeliveryAddress']);
    $CreditCardNo= ($_POST['CreditCardNo']);   */


if ($_SERVER["REQUEST_METHOD"] == "POST") {
//check if two passwords match
  //  if ($_POST['password'] == $_POST['password']) {

        //define other variables with submitted values from $_POST,

        $username = $mysqli->real_escape_string($_POST['username']);
        $email = $mysqli->real_escape_string($_POST['email']);
        $first_name = $mysqli->real_escape_string($_POST['first_name']);
        $last_name = $mysqli->real_escape_string($_POST['last_name']);
        $password = $mysqli->real_escape_string($_POST['password']);
        $DeliveryAddress = $mysqli->real_escape_string($_POST['DeliveryAddress']);
        $CreditCardNo = $mysqli->real_escape_string($_POST['CreditCardNo']);


        //md5 hash password for security
        $password = md5($_POST['password']);
        $_SESSION['username'] = $username;



    if(!preg_match('/^[a-zA-Z ]*$/',$first_name))           //validate firstname
    {
        $nameErr="Name can only contain alphabets";
        $execute=false;
    }
    if(!preg_match('/^[a-zA-Z ]*$/',$last_name))            //validate lastname
    {
        $nameErr="Name can only contain alphabets";
        $execute=false;
    }
    if(!preg_match('/^[0-9]*$/',$ContactNo))                //validate phone
    {
        $phoneErr="Mobile Number can only contain digits";
        $execute=false;
    }
    if(strlen($ContactNo)<10)
    {
        $phoneErr="<br/>Mobile number is too short";
        $execute=false;
    }

    if(strlen($CreditCardNo)<16)                                 //validate card details
    {
        $phoneErr="<br/>Credit Card Number is too short";
        $execute=false;
    }
    if($execute!=false)


        //Bind and insert user data into database
        $sql = "INSERT INTO useraccounts (first_name,last_name,username, email, password,DeliveryAddress,CreditCardNo) VALUES (?,?,?,?,?,?,?)";
        $stmt->bind_param('ssssssi', $first_name, $last_name, $username,$email,$password,$DeliveryAddress,$CreditCardNo);
        $username= $_SESSION('username');
        $stmt->execute();



        //check if mysql query is successful, then register the user.
        if ($stmt === true) {
            $_SESSION['message'] = "Registration successful!"
                . "Added $username to the database!";
            //redirect the user to welcome.php if the registration is successful
            header("location: welcome.php");

        } else {
            $_SESSION['message'] = 'User could not be added to the database!';
        }

        $mysqli->close();

    //else {
     //   $_SESSION['message'] = 'Two passwords do not match!';



//if ($_SERVER["REQUEST_METHOD"] == "POST")


}

function test_input($data){
    $data=trim($data);
    $data=htmlspecialchars($data);
    return $data;
}
//Registration Form

?>
<link href="//db.onlinewebfonts.com/c/a4e256ed67403c6ad5d43937ed48a77b?family=Core+Sans+N+W01+35+Light" rel="stylesheet" type="text/css"/>
<link rel="stylesheet" href="form.css" type="text/css">
<div class="body-content">
    <div class="module">
        <h1>Create an Account </h1>


        <form class="form" action="form.php" method="post" enctype="multipart/form-data" autocomplete="off">

            <div class="alert alert-error"> <?= $_SESSION['message'] ?></div>
            <input type="text" placeholder="First Name" name="first_name" required />
            <input type="text" placeholder="Last Name" name="last_name" required />

            <input type="text" placeholder="User Name" name="username" required />
            <input type="email" placeholder="Email" name="email" required />
            <input type="password" placeholder="Password" name="password" autocomplete="new-password" required />
            <input type="password" placeholder="Confirm Password" name="confirmpassword" autocomplete="new-password" required />
            <input type="text" placeholder="Delivery Address" name="DeliveryAddress" autocomplete="DeliveryAddress" required />
            <input type="text" placeholder="Payment Details" name="CreditCardNo" autocomplete="CreditCardNo" required />

            <input type="submit" value="Register" name="submit" class="btn btn-block btn-primary" />

        </form>
    </div>

</div>
  • 写回答

1条回答 默认 最新

  • dqwh0109 2017-12-27 23:03
    关注

    Ivar, I believe you may be complicating the situation by using bound parameters. This adds a level of indirection for an otherwise simple query. For standard queries, I would use parameter markers, for example (with debugging added):

    // Your SQL with parameter markers to create a prepared statment
$stmt = $pdo->prepare(
    "INSERT INTO useraccounts (first_name, last_name, username, email, 
                               password, DeliveryAddress, CreditCardNo) 
          VALUES (:first_name, :last_name, :username, :email, 
                  :password, :DeliveryAddress, :CreditCardNo)";

// All parameters markers must be satisfied in this array
$params = [
    ':first_name'      => $first_name,
    ':last_name'       => $last_name,
    ':username'        => $username,
    ':email'           => $email,
    ':password'        => $password,
    ':DeliveryAddress' => $DeliveryAddress,
    ':CreditCardNo'    => $CreditCardNo
];

// Export the array to a file, or simply using print_r 
file_put_contents('/tmp/params.txt', var_export($params, true));

// Execute the PDO statement
$stmt->execute($params);

    The exported file is only there to assist with finding the source of your original issue of the unset parameters. If they are set in the array, they should be set via your query as well. If the SQL is invalid, it will fail in the prepare call. If the parameter list is incorrect, it will fail in the execute call.

    评论

报告相同问题?

悬赏问题

  • ¥15 stm32开发clion时遇到的编译问题
  • ¥15 lna设计 源简并电感型共源放大器
  • ¥15 如何用Labview在myRIO上做LCD显示?(语言-开发语言)
  • ¥15 Vue3地图和异步函数使用
  • ¥15 C++ yoloV5改写遇到的问题
  • ¥20 win11修改中文用户名路径
  • ¥15 win2012磁盘空间不足,c盘正常,d盘无法写入
  • ¥15 用土力学知识进行土坡稳定性分析与挡土墙设计
  • ¥70 PlayWright在Java上连接CDP关联本地Chrome启动失败,貌似是Windows端口转发问题
  • ¥15 帮我写一个c++工程