Question

这可能不安全但忽略了这一点。我做了一个简单的主页登录，注册和注销。但我有一个问题，在我的数据库中存储密码。它看起来有点咸/咸。当我不自己散步时，我不太了解。事实上，我根本没有腌制的经验，所以请不要提供专业的解决方案。

这是注册后数据库中的样子：该数据库具有以下属性：id，username，password，email：

9，测试，* 94BDCEBE19083CE，test @ mail

但应该是这样的：

9，test，test，test @ mail

我的registration.php看起来像这样：

<html>
    <head>
        <link rel="stylesheet" type="text/css" href="styles.css">
    </head>
    <body>
        <?php
        // loggin in and selects the database
        include ("dbConfig.php");

        //Input vaildation and the dbase code
        if ( $_GET["op"] == "reg" )
         {
         $bInputFlag = false;
         foreach ( $_POST as $field )
            {
            if ($field == "")
           {
           $bInputFlag = false;
           }
            else
           {
           $bInputFlag = true;
           }
            }
         // If we had problems with the input, exit with error
         if ($bInputFlag == false)
            {
            die( "Problem with your registration info. "
           ."Please go back and try again.");
            }

         // Fields are clear, add user to database
         //  Setup query
         $q = "INSERT INTO dbUsers (username, password , email ) "
            ."VALUES ('".$_POST["username"]."', "
            ."PASSWORD('".$_POST["password"]."'), "
            ."'".$_POST["email"]."')";
         //  Run query
         $r = mysql_query($q);

         // Make sure query inserted user successfully
         if ( !mysql_insert_id() )
            {
            die("Error: User not added to database.");
            }
         else
            {
            // Redirect to thank you page.
            Header("Location: register.php?op=thanks");
            }
         } // end if


        //The thank you page
        elseif ( $_GET["op"] == "thanks" )
         {
         echo "<form action='members.php' method='POST'>";
         echo "<div class='panel'> <span><font color='lime'>Thanks for registering!</font></span>";
         echo "<label><input type='submit' class ='button' value='Back'></label></div></form>";
         }

        //The web form for input ability
        else
         {
         echo  "
         <div class='box'>
            <h1>Registration</h1>
            <form action=\"?op=reg\" method=\"POST\">
                <label> 
                    <span>Username</span>
                    <input autocomplete='off' class='input_text' name='username'>   
                </label>
                <label>
                    <span>Password</span>
                    <input autocomplete='off' class='input_text' type='password' name='password'>
                </label>
                <label> 
                    <span>Email</span>
                    <input autocomplete='off' class='input_text' name='email'>  
                </label>
                <label> 
                    <input type='submit' class='button' value='Registrer'>  
                </label>
            </form>
         </div>";
         }
        ?>
    </body>
</html>

Answer 1

只需从SQL语句中删除PASSWORD()函数即可。

所以你必须修改你的代码：

$q = "INSERT INTO dbUsers (username, password , email ) "
        ."VALUES ('".$_POST["username"]."', "
        ."'".$_POST["password"]."', "
        ."'".$_POST["email"]."')";

请注意这是不安全的，因为可以进行SQL注入。您可以prepared statements使用mysqli_*功能来阻止此操作。如果您无法使用mysqli_*，也可以使用mysql_real_escape_string()。

您的代码将如下所示：

$q = "INSERT INTO dbUsers (username, password , email ) "
        ."VALUES ('".mysql_real_escape_string($_POST["username"])."', "
        ."'".mysql_real_escape_string($_POST["password"])."', "
        ."'".mysql_real_escape_string($_POST["email"])."')";

PHP mysql注册密码

1 个答案: