我对以下代码有问题:
<?php
if (isset($_POST["newuser"])) {
include('Connections/conn.php');
$name = mysqli_real_escape_string($conn, $_POST["name"]);
$username = mysqli_real_escape_string($conn, $_POST["username"]);
$age = mysqli_real_escape_string($conn, $_POST["age"]);
$email = mysqli_real_escape_string($conn, $_POST["email"]);
$password = mysqli_real_escape_string($conn, $_POST["password"]);
$uid = uniqid();
$registration = "INSERT INTO KG_user(id,name,username,email,age,password,type,points,groupID,emailstatus,forumstatus) VALUES ('NULL','$name','$username','$email','$age','$password',1,0,0,1,1)";
$registration2 = "INSERT INTO KG_notifications(id,icon,message,user,link) VALUES (NULL,'far fa-smile', 'Welcome to Kinder Generation, we have amazing articles to get you started!','$username','!')";
$registrationresult = mysqli_query($conn, $registration) or die(mysqli_error($conn));
$registrationresult2 = mysqli_query($conn, $registration2) or die(mysqli_error($conn));
$username = $_SESSION["3047_2019_id"];
header("location: secure/hub.php");
exit;
$to = "$email";
$subject = "Thank you for registering to Kinder Generation!";
$message = "
<html>
<head>
<title>HTML email</title>
</head>
<body>
<p>This email contains HTML Tags!</p>
<table>
<tr>
<th>Firstname</th>
<th>Lastname</th>
</tr>
<tr>
<td>John</td>
<td>Doe</td>
</tr>
</table>
</body>
</html>
";
// Always set content-type when sending HTML email
$headers = "MIME-Version: 1.0" . "rn";
$headers .= "Content-type:text/html;charset=UTF-8" . "rn";
// More headers
$headers .= 'From: <info@kindergeneration.com>' . "rn";
mail($to, $subject, $message, $headers);
}
?>我不确定出了什么问题,我已经将表格设置为method="POST"和action = "",并且还命名了form id ="newuser"并将提交按钮ID设置为" Newuser"。
任何帮助都会很棒!
这是我仍然不确定这里发生了什么的更新表格。我已经做了很多次了,我认为这只是一个愚蠢的错误。
<form method="POST" action="" name="newuser" id="newuser" class="px-5">
<h1 class="">Register now!</h1>
<div id="error">
</div>
<div class="form-group row"> <label for="name" class="col-form-label col-4">Name</label>
<div class="col-10">
<input type="text" name ="name" class="form-control" id="name" placeholder="Name" required="required"> </div>
</div>
<div class="form-group row"> <label for="username" class="col-form-label col-4">Username</label>
<div class="col-10">
<input type="text" name ="username" class="form-control" id="username" placeholder="Username" required="required"> </div>
</div>
<div class="form-group row"> <label for="age" class="col-form-label col-4">Age</label>
<div class="col-10">
<input type="number" name ="age" class="form-control" id="age" placeholder="Age" required="required"> </div>
</div>
<div class="form-group row"> <label for="email" class="col-form-label col-4">E-mail</label>
<div class="col-10">
<input type="email" class="form-control" id="email" placeholder="E-mail" required="required"> </div>
</div>
<div class="form-group row"> <label for="email" class="col-form-label col-4">E-mail</label>
<div class="col-10">
<input type="email" name ="cemail" class="form-control" id="cemail" placeholder="Enter again..." required="required"> </div>
</div>
<div class="form-group row"> <label for="password" class="col-form-label col-4">Password</label>
<div class="col-10">
<input type="password" class="form-control" id="password" placeholder="Password" required="required"> </div>
</div>
<div class="form-group row"> <label for="password" class="col-form-label col-4">Password</label>
<div class="col-10">
<input type="password" name ="cpassword" class="form-control" id="cpassword" placeholder="Password" required="required"> </div>
</div>
<div id="usersave">
</div>
<div id="usersavet">
</div>
<button type="submit" id="usersubmit" class="btn btn-primary btn-block btn-lg">Submit</button>
</form>
在发布<form>代码后,这是问题:
$_POST["newuser"]不是输入字段,这是您正在使用的表单名称。因此,您可以将其添加为<button>名称或更改此行:
if (isset($_POST["newuser"])) {
to:
if(count($_POST) > 0){
旁注:您的代码宽开放供SQL注入,您可以在此处使用PDO来防止SQL注入,还可以检查我的评论以获取一些提示。
一些参考:
如何防止PHP中的SQL注入?
PDO准备的陈述足以防止SQL注入?