我是个新手,遇到一些问题需要帮助。我如何纠正PHP代码;无连接";或";重定向次数过多";本地服务器上出现错误?我有register.php文件、index.php和errors.php文件。这是server.php代码。我不知道该怎么办。
<?php
session_start();
// initializing variables
$username = "";
$phone = "";
$email = "";
$gender = "";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', '', 'work');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$username =
mysqli_real_escape_string($db, $_POST['username']);
$phone =
mysqli_real_escape_string($db, $_POST['phone']);
$email =
mysqli_real_escape_string($db, $_POST['email']);
$password_1 =
mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 =
mysqli_real_escape_string($db, $_POST['password_2']);
$gender =
mysqli_real_escape_string($db, $_POST['gender']);
$occupation =
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($username))
{ array_push($errors, "Username is required"); }
if (empty($phone))
{ array_push($errors, "Phone is required"); }
if (empty($password_1))
{ array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");}
if (empty($gender))
{ array_push($errors, "Gender is required"); }
// first check the database to make sure
// a user does not already exist with the same username and/or phone
$user_check_query = "SELECT * FROM register WHERE phone='$phone' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user['phone'] === $phone) {
array_push($errors, "Phone No already used");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO register (username, phone, password, gender)
VALUES('$username', '$phone', '$password', '$gender')";
mysqli_query($db, $query);
$_SESSION['phone'] = $phone;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
// ...
?>
感谢
我的猜测是,代码向您发出关于"too many redirects"
的警告的原因是,if (count($errors) == 0) {
在任何测试之外都被调用,以查看是否有合适的POST数据,此时$errors
数组为空-因此,如果您碰巧POST到与表单相同的页面,则会得到一个无休止的循环(因此重定向过多(
一种解决方案是将处理insert
的代码部分快速移动到IF
块内。
你真的,真的应该使用Prepared Statement
,避免使用可能会更改数据的mysqli_real_escape_string
。
<?php
session_start();
$username = "";
$phone = "";
$email = "";
$gender = "";
$errors = array();
$db = mysqli_connect('localhost', 'root', '', 'work');
if (isset($_POST['reg_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$phone = mysqli_real_escape_string($db, $_POST['phone']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
$gender = mysqli_real_escape_string($db, $_POST['gender']);
$occupation =
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($phone)) {
array_push($errors, "Phone is required");
}
if (empty($password_1)) {
array_push($errors, "Password is required");
}
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
if (empty($gender)) {
array_push($errors, "Gender is required");
}
$user_check_query = "SELECT * FROM register WHERE phone='$phone' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user['phone'] === $phone) {
array_push($errors, "Phone No already used");
}
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO register (username, phone, password, gender) VALUES('$username', '$phone', '$password', '$gender')";
mysqli_query($db, $query);
$_SESSION['phone'] = $phone;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}
?>
一个使用prepared statements
并稍微改变逻辑的非常匆忙的修改版本~完全未经测试,因此可能存在错误
<?php
session_start();
$db = mysqli_connect('localhost', 'root', '', 'work');
if( $_SERVER['REQUEST_METHOD']=='POST' && isset(
$_POST['username'],
$_POST['phone'],
$_POST['email'],
$_POST['password_1'],
$_POST['password_2'],
$_POST['gender']
)){
# the errors array only exists within the POST logic block
# a standard GET request (ie: redirect ) will not enter this
# block of code.
$errors = array();
$username = $_POST['username'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$gender = $_POST['gender'];
$pwd1=$_POST['password_1'];
$pwd2=$_POST['password_2'];
if( empty($username) )$errors[]='username is required';
if( empty($phone) )$errors[]='phone is required';
if( empty($email) )$errors[]='email is required';
if( empty($gender) )$errors[]='gender is required';
if( empty($pwd1) )$errors[]='password 1 is required';
if( empty($pwd1) )$errors[]='password 2 is required';
if( $pwd1!==$pwd2 )$errors[]='Passwords do not match';
# No errors at this stage - proceed to check phone number
# to my mind this is odd - more usual to test an email than
# a phone number but hey...
if( empty( $errors ) ){
# use a `Prepared Statement` ...
$sql='select `phone` from `users` where `phone`=?';
$stmt=$db->prepare( $sql );
$stmt->bind_param('s',$phone);
$res=$stmt->execute();
if( $res ){
$stmt->bind_result( $cphone );
if( empty( $cphone ) ){
$sql='INSERT INTO `register` ( `username`, `phone`, `password`, `gender` ) VALUES (?, ?, ?, ?)';
$hash=password_hash($pwd,PASSWORD_DEFAULT);
$stmt=$db->prepare($sql);
$stmt->bind_param('ssss',$username,$phone,$hash,$gender);
$res=$stmt->execute();
$stmt->close();
if( $res ){
$_SESSION['username']=$username;
$_SESSION['phone'] = $phone;
$_SESSION['success'] = "You are now logged in";
exit( header('Location: index.php') );
}
}
}
}else{
foreach( $errors as $error ){
printf('<div>%s</div>',$error);
}
}
}
?>
是否可以添加出口;重定向后
header('location: index.php');
exit;