我使用以下代码在我的网站上注册用户。问题是当用户注册apache时没有响应并崩溃。
我的代码是否中断或我做错了什么????
<?php
include ('../includes/db_connect.php');
$firstname = $_POST['firstname'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = md5($_POST['password']);
// lets check to see if the username already exists
$checkuser = mysql_query("SELECT username FROM users WHERE username='$username'");
$username_exist = mysql_num_rows($checkuser);
if($username_exist > 0){
echo "I'm sorry but the username you specified has already been taken. Please pick another one.";
unset($username);
//include 'register.html';
exit();
}
// lf no errors present with the username
// use a query to insert the data into the database.
$query = "INSERT INTO users (firstname, email, username, password)
VALUES('$firstname', '$email', '$username', '$password')";
mysql_query($query) or die(mysql_error());
mysql_close();
echo "You have successfully Registered";
// mail user their information
//$yoursite = ‘www.blahblah.com’;
//$webmaster = ‘yourname’;
//$youremail = ‘youremail’;
//
//$subject = "You have successfully registered at $yoursite...";
//$message = "Dear $firstname, you are now registered at our web site.
// To login, simply go to our web page and enter in the following details in the login form:
// Username: $username
// Password: $password
//
// Please print this information out and store it for future reference.
//
// Thanks,
// $webmaster";
//
//mail($email, $subject, $message, "From: $yoursite <$youremail>\nX-Mailer:PHP/" . phpversion());
//
//echo "Your information has been mailed to your email address.";
?>
答案 0 :(得分:0)
此脚本不会导致apache死亡。在这方面,它没有任何问题。 但我不知道db_connect.php
中有什么邮件已停用,如果服务器设置不正确,这确实可能需要很长时间。例如如果服务器无法按照您的意见建议找到其完全合格的域名。
你有活跃的会话吗?这可以解释为什么你无法访问任何网站,而另一个网站仍在运行并发送邮件,它可能会让你看起来像阿帕奇崩溃。 因为您没有调用session_write_close,并且一次只能激活一次会话。 肯定错误的是mysql注入的漏洞。 你绝对需要通过以下方式改变你的变量: $ firstname = mysql_real_escape_string($ _ POST ['firstname']);
$ email = mysql_real_escape_string($ _ POST ['email']);
$ username = mysql_real_escape_string($ _ POST ['username']);
此外我建议只在用户名上有一个唯一的que并尝试插入,看看你是否收到错误或者你是否得到一个mysq_insert_id。让mysql完成这项工作。 但你的支票也很好..但你也应该在数据库中有一个约束,这只是一个预防措施。 并且你应该削减你的价值和maby只允许某些字符,如果网站上的用户名是&amp;%DTRFG $Ä←↓ff
它很烦人