表单处理导致apache崩溃?

时间:2010-08-22 19:32:00

标签: php apache post registration

我使用以下代码在我的网站上注册用户。问题是当用户注册apache时没有响应并崩溃。

我的代码是否中断或我做错了什么????

<?php

include ('../includes/db_connect.php');

$firstname = $_POST['firstname'];
$email = $_POST['email'];    
$username = $_POST['username'];
$password = md5($_POST['password']);

// lets check to see if the username already exists

$checkuser = mysql_query("SELECT username FROM users WHERE username='$username'");

$username_exist = mysql_num_rows($checkuser);

if($username_exist > 0){
    echo "I'm sorry but the username you specified has already been taken.  Please pick another one.";
    unset($username);
    //include 'register.html';
    exit();
}

// lf no errors present with the username
// use a query to insert the data into the database.

$query = "INSERT INTO users (firstname, email, username, password)
VALUES('$firstname', '$email', '$username', '$password')";
mysql_query($query) or die(mysql_error());
mysql_close();

echo "You have successfully Registered";

// mail user their information

//$yoursite = ‘www.blahblah.com’;
//$webmaster = ‘yourname’;
//$youremail = ‘youremail’;
//    
//$subject = "You have successfully registered at $yoursite...";
//$message = "Dear $firstname, you are now registered at our web site.  
//    To login, simply go to our web page and enter in the following details in the login form:
//    Username: $username
//    Password: $password
//    
//    Please print this information out and store it for future reference.
//    
//    Thanks,
//    $webmaster";
//    
//mail($email, $subject, $message, "From: $yoursite <$youremail>\nX-Mailer:PHP/" . phpversion());
//    
//echo "Your information has been mailed to your email address.";

?>

1 个答案:

答案 0 :(得分:0)

此脚本不会导致apache死亡。在这方面,它没有任何问题。 但我不知道db_connect.php

中有什么

邮件已停用,如果服务器设置不正确,这确实可能需要很长时间。例如如果服务器无法按照您的意见建议找到其完全合格的域名。

你有活跃的会话吗?这可以解释为什么你无法访问任何网站,而另一个网站仍在运行并发送邮件,它可能会让你看起来像阿帕奇崩溃。 因为您没有调用session_write_close,并且一次只能激活一次会话。

肯定错误的是mysql注入的漏洞。 你绝对需要通过以下方式改变你的变量:

$ firstname = mysql_real_escape_string($ _ POST ['firstname']); $ email = mysql_real_escape_string($ _ POST ['email']);
$ username = mysql_real_escape_string($ _ POST ['username']);

此外我建议只在用户名上有一个唯一的que并尝试插入,看看你是否收到错误或者你是否得到一个mysq_insert_id。让mysql完成这项工作。 但你的支票也很好..但你也应该在数据库中有一个约束,这只是一个预防措施。 并且你应该削减你的价值和maby只允许某些字符,如果网站上的用户名是&amp;%DTRFG $Ä←↓ff

它很烦人