小贝子编程

我的PHP注册码有问题



我一直在尝试使用php和html创建一个寄存器页面,一旦我终于完成并想检查它是否有效,它就重新加载了页面,当我检查数据库时那里没有新的。这是代码,在register.php中,

?php
require_once('connect.php');
$errors = array();
if (isset($_GET['submit'])) {
if (empty($_POST['username'])) { array_push($errors, 'Choose a username.'); }
if (empty($_POST['email'])) { array_push($errors, 'Choose an email.'); }
if (empty($_POST['password'])) { array_push($errors, 'Choose a password.'); }
$old_usn = mysql_query("SELECT id FROM users WHERE name = '".$_POST['username']."' LIMIT 1;") or die(mysql_error());
if (mysql_num_rows($old_usn) > 0) { array_push($errors, 'This username is already taken.'); }
$old_email = mysql_query("SELECT id FROM users WHERE email = '".$_POST['email']."' LIMIT 1;") or die(mysql_error());
if (mysql_num_rows($old_email) > 0) { array_push($errors, 'There is an existing account with this email.'); }
if ($_POST['password1'] != $_POST['password2']) { array_push($errors, 'The password does not match'); }
if (sizeof($errors) == 0) {
//htmlentities($_POST['username'], ENT_QUOTES);
    $username = htmlentities($_POST['username'], ENT_QUOTES);
    $email = htmlentities($_POST['email'], ENT_QUOTES);
    $password1 = htmlentities(sha1($_POST['password1']), ENT_QUOTES);
    mysql_query("INSERT into users (name, hashed_psw, email, joined)
    VALUES ('{$username}', '{$password}', '{$email}', NOW());") or die(mysql_error());
    }
}

?>

下面:

 <div class="container v-align-transform">
                <div class="row">
                    <div class="col-sm-6 col-sm-offset-3">
                        <div class="feature bordered text-center">
                            <h4 class="uppercase">Register Here</h4>
                            <?php
                            foreach($errors as $e) {
                                echo $e;
                                echo "<br />n";
                                }
                            ?>
                            <form class="text-left" action="register.php" method="post">
                                <input type="text" name="username" value="" placeholder="Username" />
                                <input type="text" name="email" value="" placeholder="Email Address" />
                                <input type="password" name="password1" value="" placeholder="Password" />
                                <input type="password" name="password2" value="" placeholder="Confirm Password" />
                                <input type="submit" name="submit" value="Register" />
                            </form>
                            <p class="mb0">By signing up, you agree to our
                                <a href="/">Terms Of Use</a>
                            </p>
                        </div>
                    </div>
                </div>
            </div>

我尝试找到了什么问题,但找不到任何东西。

您应该考虑纽扣有一些问题。

  1. 不要使用mysql_*功能。使用PDO或至少使用mysqli_*功能。
  2. 消毒您的SQL数据。否则。
  3. 无需使用array_push(如果需要的话,可以使用它),您可以使用速记版本:$errors[] = "New Error"
  4. 不要使用SHA1/MD5/ETC HASHES进行密码。而是使用盐的哈希。
  5. 您的表单方法是POST,但是您正在检查$_GET ...将其切换到$_POST(包括您已发布的变量)

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium