为什么我的PHP代码没有发布到我的SQL数据库?

时间:2016-11-08 07:10:48

标签: php mysql password-protection password-hash

我很确定我没有任何错误,但是,当我提交来自,我没有得到成功"我的提交成功时就像我应该的那样。 connect.php是连接到我的数据库的php文件,我没有从中获得任何错误,所以我知道我连接到我的数据库并且header.php是标题。什么都不会导致任何错误。页脚是一回事。我知道我已连接到我的数据库,因为我在测试代码之前遇到了错误,但是,现在我没有收到任何错误,或者没有成功"。

这是我的尝试:

<?php
//signup.php
include 'connect.php';
include 'header.php';

echo '<h3>Sign up</h3>';
echo '<form method="post" action="">
    Username: <input type="text" name="user_name" />
    Password: <input type="password" name="user_pass">
    Password again: <input type="password" name="user_pass_check">
    E-mail: <input type="email" name="user_email">
    <input type="submit" value="sign up" />
</form>';
if($_SERVER['REQUEST_METHOD'] === 'POST') {

    $fixed_user_name = $database_connection->real_escape_string($_POST['user_name']);
    $fixed_user_email = $database_connection->real_escape_string($_POST['user_email']);
    $now = NOW();

    $sql = "INSERT INTO users (user_name, user_pass, user_email) 
            VALUES ($fixed_user_name, $_POST['user_pass'], $fixed_user_email)";

    if($database_connection->query($sql) === TRUE){
        echo "Success";
    }
    else {
        echo "Error: " . $sql . "<br>" . $database_connection->error;
    }
}

include 'footer.php';
?>

这是我的connect.php文件:

<?php
//connect.php
$username   = 'root';
$password   = "root_password";
$database   = 'cloud';

$database_connection = new mysqli("localhost", $username, $password, $database);

if ($mysqli->connect_errno) {
    echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}

echo $mysqli->host_info . "\n";

?>

2 个答案:

答案 0 :(得分:2)

这是使用password_hash()和prepared-statements更安全的脚本方式:

signup.php 

<?php
//signup.php

#include "connect.php"; // set $servername, $username, $password and $dbname there

include 'header.php';

// changed here the '' to "" and back
echo "<h3>Sign up</h3>".
    "<form method='post' action=''>
        Username: <input type='text' name='user_name' />
        Password: <input type='password' name='user_pass'>
        Password again: <input type='password' name='user_pass_check'>
        E-mail: <input type='email' name='user_email'>
        <input name='submit' type='submit' value='sign up' />
     </form>";

if(isset($_POST["submit"])) {

    include "connect.php";

    // set the user_name and user_email as a seperate variable
    $username = $_POST["user_name"];
    $email = $_POST["user_email"];
    $password = $_POST["user_pass"];
    $cpassword = $_POST["user_pass_check"];

    $fixed_user_name = mysqli_real_escape_string($conn, $username);

    $fixed_user_email = mysqli_real_escape_string($conn, $email);

    #$now = NOW();

    //check if password is not cpassword and if so, there is an error
    if ($password !== $cpassword) {
        echo "Passwords do not match!";
    }

    //NEVER store PLAINTEXT PASSWORDS... user php build_in functions like password_hash() and store only the hash
    $hash = password_hash($password, PASSWORD_DEFAULT);

    //change your db_entry user_pass to hash
    $sql = $conn->prepare("INSERT INTO users (user_name, hash, user_email) VALUES (?, ?, ?)");
    $sql->bind_param("sss", $fixed_user_name, $hash, $fixed_user_email);
    $sql->execute();

    echo "Success!";

    $sql->close();
    $conn->close();

}
include 'footer.php';
?>


connect.php 

<?php
//connect.php
$servername = "localhost";
$username   = "root";
$password   = "root_password";
$dbname   = "cloud";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
?>

解释是在脚本中注释:)
查看php.net manual的password_hash()函数

也许这对你有帮助

答案 1 :(得分:0)

echo '<h3>Sign up</h3>';
echo '<form method="post" action="">
Username: <input type="text" name="user_name" />
Password: <input type="password" name="user_pass">
Password again: <input type="password" name="user_pass_check">
E-mail: <input type="email" name="user_email">
<input type="submit" name="submit" value="sign up" />
</form>';
if(isset($_POST['submit'])) {

$fixed_user_name = $database_connection->real_escape_string($_POST['user_name']);
$fixed_user_email = $database_connection->real_escape_string($_POST['user_email']);
$now = NOW();

$sql = "INSERT INTO users (user_name, user_pass, user_email) 
        VALUES ('$fixed_user_name', '".$_POST['user_pass']."', '$fixed_user_email')";

$result = mysqli_query(whatever your connection variable is, $sql);

if($database_connection->query($sql) === TRUE){
    echo "Success";
}
else {
    echo "Error: " . $sql . "<br>" . $database_connection->error;
}
}
相关问题
最新问题