更新:
我最初的问题是关于向数据库中添加用户的问题。它已经解决了,但现在我在登录(login.php)时遇到了问题test@test.com,但当我尝试使用此电子邮件登录时,它显示"登录失败"。
我试图将最初问题的解决方案合并到login.php中,但代码似乎已经存在。所以我被卡住了。。。这是我的register.php页面和login.php页面。
我有一种感觉,不知何故,它与:email有关。我的login.php文件出了什么问题?
register.php
<?php
// First we execute our common code to connection to the database and start the session
require("common.php");
// This if statement checks to determine whether the registration form has been submitted
// If it has, then the registration code is run, otherwise the form is displayed
if(!empty($_POST))
{
// Ensure that the user has entered a non-empty username
if(empty($_POST['email']))
{
// Note that die() is generally a terrible way of handling user errors
// like this. It is much better to display the error with the form
// and allow the user to correct their mistake. However, that is an
// exercise for you to implement yourself.
die("Please enter an email.");
}
// Make sure the user entered a valid E-Mail address
// filter_var is a useful PHP function for validating form input, see:
// http://us.php.net/manual/en/function.filter-var.php
// http://us.php.net/manual/en/filter.filters.php
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
die("Invalid E-Mail Address");
}
// Now we perform the same type of check for the email address, in order
// to ensure that it is unique.
$query = "
SELECT
1
FROM users
WHERE
email = :email
";
$query_params = array(
':email' => $_POST['email']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: ");
}
$row = $stmt->fetch();
if($row)
{
die("This email address is already registered");
}
// An INSERT query is used to add new rows to a database table.
// Again, we are using special tokens (technically called parameters) to
// protect against SQL injection attacks.
$query = "
INSERT INTO users (
email
) VALUES (
:email
)
";
$query_params = array(
':email' => $_POST['email']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: ");
}
// This redirects the user back to the login page after they register
header("Location: login.php");
// Calling die or exit after performing a redirect using the header function
// is critical. The rest of your PHP script will continue to execute and
// will be sent to the user if you do not die or exit.
die("Redirecting to login.php");
}
?>
<h1>Register</h1>
<form action="register.php" method="post">
E-Mail:<br />
<input type="text" name="email" value="" />
<br /><br />
<input type="submit" value="Register" />
</form>
login.php
<?php
// First we execute our common code to connection to the database and start the session
require("common.php");
// This if statement checks to determine whether the login form has been submitted
// If it has, then the login code is run, otherwise the form is displayed
if(!empty($_POST))
{
// This query retreives the user's information from the database using
// their email.
$query = "
SELECT
email
FROM users
WHERE
email = :email
";
// The parameter values
$query_params = array(
':email' => $_POST['email']
);
try
{
// Execute the query against the database
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// This variable tells us whether the user has successfully logged in or not.
// We initialize it to false, assuming they have not.
// If we determine that they have entered the right details, then we switch it to true.
$login_ok = false;
// Retrieve the user data from the database. If $row is false, then the email
// they entered is not registered.
$row = $stmt->fetch();
// If the user logged in successfully, then we send them to the private members-only page
// Otherwise, we display a login failed message and show the login form again
if($login_ok)
{
// This stores the user's data into the session at the index 'user'.
// We will check this index on the private members-only page to determine whether
// or not the user is logged in. We can also use it to retrieve
// the user's details.
$_SESSION['user'] = $row;
// Redirect the user to the private members-only page.
header("Location: private.php");
die("Redirecting to: private.php");
}
else
{
// Tell the user they failed
print("Login Failed.");
}
}
?>
<h1>Login</h1>
<form action="login.php" method="post">
Email:<br />
<input type="text" name="email" value="My Email" />
<br /><br />
<input type="submit" value="Login" />
</form>
<a href="register.php">Register</a>
谢谢!
您可以忽略下面的文本。
旧问题(适用于register.php):
我正在尝试为我的网站创建一个简单的登录系统,注册/登录只需要一个电子邮件地址。当我尝试使用phpMyAdmin将用户添加到数据库时,会出现一个错误(详细信息如下)。
我已经成功创建了一个MySQL数据库使用:
CREATE TABLE `users` (
`email` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
PRIMARY KEY (`email`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=1;
然后在register.php页面上,我得到了这段代码。
<?php
// First we execute our common code to connection to the database and start the session
require("common.php");
// This if statement checks to determine whether the registration form has been submitted
// If it has, then the registration code is run, otherwise the form is displayed
if(!empty($_POST))
{
// Ensure that the user has entered a non-empty username
if(empty($_POST['email']))
{
// Note that die() is generally a terrible way of handling user errors
// like this. It is much better to display the error with the form
// and allow the user to correct their mistake. However, that is an
// exercise for you to implement yourself.
die("Please enter an email.");
}
// Make sure the user entered a valid E-Mail address
// filter_var is a useful PHP function for validating form input, see:
// http://us.php.net/manual/en/function.filter-var.php
// http://us.php.net/manual/en/filter.filters.php
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
die("Invalid E-Mail Address");
}
// Now we perform the same type of check for the email address, in order
// to ensure that it is unique.
$query = "
SELECT
1
FROM users
WHERE
email = :email
";
$query_params = array(
':email' => $_POST['email']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: ");
}
$row = $stmt->fetch();
if($row)
{
die("This email address is already registered");
}
// An INSERT query is used to add new rows to a database table.
// Again, we are using special tokens (technically called parameters) to
// protect against SQL injection attacks.
$query = "
INSERT INTO users (
email
) VALUES (
:email
)
";
// This redirects the user back to the login page after they register
header("Location: login.php");
// Calling die or exit after performing a redirect using the header function
// is critical. The rest of your PHP script will continue to execute and
// will be sent to the user if you do not die or exit.
die("Redirecting to login.php");
}
?>
<h1>Register</h1>
<form action="register.php" method="post">
E-Mail:<br />
<input type="text" name="email" value="" />
<br /><br />
<input type="submit" value="Register" />
</form>
问题可能是由以下代码引起的:
INSERT INTO users (
email
) VALUES (
:email
)
这是导致我在phpMyAdmin中出现问题的代码。它给了我这个错误:
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':email
)' at line 4
register.php页面成功地连接到了我的数据库,并且也按照它应该的方式重定向了我,所以我觉得问题在于添加用户。
看起来INSERT语句并不是在执行查询或分配电子邮件参数。
下
$query = "
INSERT INTO users (
email
) VALUES (
:email
)
";
添加
$query_params = array(
':email' => $_POST['email']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: ");
}
我已经添加/调整了您的代码。我使用了不同的占位符名称来简化的调试
<?php
// First we execute our common code to connection to the database and start the session
require("common.php");
// This if statement checks to determine whether the registration form has been submitted
// If it has, then the registration code is run, otherwise the form is displayed
if(!empty($_POST))
{
// Ensure that the user has entered a non-empty username
if(empty($_POST['email']))
{
// Note that die() is generally a terrible way of handling user errors
// like this. It is much better to display the error with the form
// and allow the user to correct their mistake. However, that is an
// exercise for you to implement yourself.
die("Please enter an email.");
}
// Make sure the user entered a valid E-Mail address
// filter_var is a useful PHP function for validating form input, see:
// http://us.php.net/manual/en/function.filter-var.php
// http://us.php.net/manual/en/filter.filters.php
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
die("Invalid E-Mail Address");
}
// Now we perform the same type of check for the email address, in order
// to ensure that it is unique.
$checkSQL = <<<SQL1
SELECT
1
FROM users
WHERE
email = :checkemail
SQL1;
$insertSQL = <<<SQL2
INSERT INTO users (
email
) VALUES (
:insertemail
)
SQL2;
try
{
$s_ps = $db->prepare($checkSQL);
$s_ps -> bindValue(':checkemail',$_POST['email'],PDO::PARAM_STR);
$s_ps -> execute();
$checkRow = $s_ps->fetch();
if($checkRow)
{
die("This email address is already registered");
}
// An INSERT query is used to add new rows to a database table.
// Again, we are using special tokens (technically called parameters) to
// protect against SQL injection attacks.
$i_ps=$db -> prepare($insertSQL);
$i_ps -> bindValue(':insertemail',$_POST['email'],PDO::PARAM_STR);
$i_ps -> execute();
}
catch(PDOException $ex)
{
die("Failed to run query: ".$ex->getMessage());
}
// This redirects the user back to the login page after they register
header("Location: login.php");
// Calling die or exit after performing a redirect using the header function
// is critical. The rest of your PHP script will continue to execute and
// will be sent to the user if you do not die or exit.
die("Redirecting to login.php");
}
?>
<h1>Register</h1>
<form action="register.php" method="post">
E-Mail:<br />
<input type="text" name="email" value="" />
<br /><br />
<input type="submit" value="Register" />
</form>
使用
":email"
这可能有效。。。
问题是mysql不知道:电子邮件是…试试。。。
$email = mysql_real_escape_string($_POST['email']);
$query = "
INSERT INTO users (
email
) VALUES (
'$email'
)
";