我的注册表格工作正常,比我的index.php我将所有mysql函数更改为mysqli函数,现在它不再起作用了。 Register.php代码:
<?php
require('config.php');
session_start();
// If the values are posted, insert them into the database.
if (isset($_POST['username']) && isset($_POST['password'])){
$username = htmlEntities($_POST['username'],ENT_QUOTES);
$password = htmlEntities($_POST['password'],ENT_QUOTES);
$query = "INSERT INTO `users` (username, password) VALUES ('$username', '$password')";
$result = mysqli_query($connect, $query);
if($result){
header("Location:index.php");
}
else
{
echo "Het werkt niet!";
}
}
?>
答案 0 :(得分:0)
不知道配置文件的内容,所以在这里添加了信息。
<?php
if ( isset( $_POST[ 'username' ] ) && isset( $_POST[ 'password' ] ) )
{
$username = htmlEntities( $_POST[ 'username' ], ENT_QUOTES );
$hashed_password = password_hash( $_POST[ 'password' ], PASSWORD_BCRYPT, [ 'cost' => 12 ] ); // hashes the password before inserting into the database, do not alter the password though.
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$conn = new mysqli( $servername, $username, $hashed_password, $dbname );
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// prepare and bind
$stmt = $conn->prepare( "INSERT INTO users ( username, password ) VALUES ( ?, ? ) " );
$stmt->bind_param( "ss", $username, $password );
$stmt->execute();
}
?>
参考 - http://www.w3schools.com/php/php_mysql_prepared_statements.asp
我已将密码行替换为在将密码放入数据库之前对密码进行哈希处理的密码行。
以后使用时检查密码:
if( password_verify( $supplied_password, $hashed_password ) )
{
// Passed
}