通过PHP插入MySQL数据库只有一半工作

时间:2016-09-26 21:05:44

标签: php mysql

所以我目前正在学习PHP,我正在使用POST方法创建一个带注册表单的简单PHP页面。在表单提交时,页面哈希密码(使用phpass),验证用户名是否有效(即,它当前不存在于数据库中)并插入,如果这是真的。我的代码是插入新行,但我没有看到存储用户名或哈希值的值。这是PHP:

require("PasswordHash.php");
$unSuccess = false;
$pwSuccess = false;
$registerSuccess = false; 
$spamSuccess = false;

$database = "XXXXXXX";
$username = "XXXXXXX";
$password = "XXXXXXX";
$server = "XXXXXXX";
$db = new mysqli($server, $username, $password, $database);

$user = "";
$pass = "";


if (mysqli_connect_errno()) 
    {
        printf("Connection failed: %s\n", mysqli_connect_error());
        exit();
    }        


if($_POST["usr"] && !$unSuccess){
    $un = $_POST["usr"];

    if(strlen($un) < 20){
        //Verify Username is valid
        if(preg_match("/([A-Za-z0-9])/", $un) == 1){ 
            //Username is valid, check if it already exists in db. 
            $unCheckQuery = "SELECT USERS.Username FROM USERS WHERE USERS.Username = '$un'"; 
            $result = $db->query($unCheckQuery);
            $num = $result->num_rows;
            $result->close();
            if($num != 0){ $errUsername = "Username already exists."; $unSuccess = false; }
        } 
        else{ 
            //Username is valid and not taken 
            $user = $un; 
            $unSuccess = true; 
        }
    }
}


if($_POST["password"] && !$pwSuccess){
    //verify and hash pw
    $pw = $_POST["password"];
    if(str_len($pw) > 72){die("Password must be shorter than 72 characters");}
    $hasher = new PasswordHash(8, false);
    $hash = $hasher->HashPassword($pw);
    if(strlen($hash) >= 20 && preg_match($pattern, $pw) == 1){
        $pass = $hash;
        echo $pass;
        $pwSuccess = true;
    }
    else{
        $pwSuccess = false;
    }
}
if($_POST["spam"]){
    $s = $_POST["spam"];
    if($s != 10){
        $spamSuccess = false;
    }
    else if($s == 10) {$spamSuccess = true;}
}

if($unSuccess = true && $pwSuccess = true && $spamSuccess = true){
    $registerQuery = "INSERT INTO USERS(Username, phash) VALUES('$user', '$pass')";
    //This line is breaking evrything.
    $db->query($registerQuery);

}

我使用的表单是一个简单的HTML表单。由于显而易见的原因,我省略了登录信息任何指向正确方向的人都会非常感激!

2 个答案:

答案 0 :(得分:0)

let shared_hash = Arc::new(FakeMutex::new(new_hash()));

for _ in 0..n_cpu {
    println!("start thread");
    let my_hash = shared_hash.clone();
    thread_pool.push(thread::spawn(move || {
        let mut my_hash = my_hash.lock();
        let mut search_engine = SearchEngine::new();
        search_engine.search(&mut myhash);
    }));
}

for i in thread_pool {
    let _ = i.join();
}

需要

if($unSuccess = true && $pwSuccess = true && $spamSuccess = true)

答案 1 :(得分:0)

原来这个特殊问题是由服务器端的安全问题引起的。此代码在语法上是正确的。