<?php
require('login_include_connection.php');
if (isset($_POST['btn_confirm'])) {
$user_name=$_POST['user_name'];
$user_password=sha1($_POST['user_password']);
if (empty($user_name) || empty($user_password)) {
#This validation works only if user place user name, leaving blank password will still works which is not ok
echo "Please make corect inputs!!!"; #Both fields must have inputs
} else {
$sql="INSERT into user_info (id, user_name, user_password) VALUES (null, '$user_name', '$user_password')";
$result=mysqli_query($conn, $sql); #Proceed with sql query and place record to MySQL database
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
<style type="text/css">
body {
background-color: lightblue;
}
</style>
</head>
<body>
<h2>User registration</h2>
<form method="POST" action="sesija_registracija.php">
<input type="text" name="user_name">
<input type="password" name="user_password">
<input type="submit" name="btn_confirm" value="REGISTER USER NOW">
</form>
</body>
</html>
对不起家伙对上一个问题的解释不好。所以,正如你所看到的那样有基本的PHP脚本注册。它需要填写用户名和密码。即使没有密码值,我的表单也会将用户名放在数据库中。那么if语句有什么问题,empty()不适用于sha1()或其他什么?我想要的只是确保用户必须填写两个字段。
答案 0 :(得分:0)
$user_password=sha1($_POST['user_password']);
即使POSTed字符串为空,也会返回非空字符串。
您需要在if条件之后哈希密码:
$user_password = $_POST['user_password'];
if (empty($user_name) || empty($user_password)) {
#This validation works only if user place user name, leaving blank password will still works which is not ok
echo "Please make corect inputs!!!"; #Both fields must have inputs
} else {
$user_password = sha1($_POST['user_password']);
$sql="INSERT into user_info (id, user_name, user_password) VALUES (null, '$user_name', '$user_password')";
$result=mysqli_query($conn, $sql); #Proceed with sql query and place record to MySQL database
}
此外,请注意,评论时,您很容易受到SQLinjection的攻击。</ p>
你的哈希也应该被腌制。