我知道我有一个重复的问题,但我已经多次在google上搜索这个问题,但仍然尝试了很多例子,但我仍然无法弄明白。我知道我的代码不安全,大家帮我解决我的代码有什么问题。我试图创建一个注册表。
以下是代码:
<?php
if(isset($_POST['submit'])) {
global $con;
$firstname = isset($_POST['first_name']) ? $_POST['first_name'] : '';
$lastname = isset($_POST['last_name']) ? $_POST['last_name'] : '';
$email = isset($_POST['email']) ? $_POST['email'] : '';
$username = isset($_POST['username']) ? $_POST['username'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
//$role = isset($_POST['role']) ? $_POST['role'] : '';
//$status = isset($_POST['status']) ? $_POST['status'] : '';
$cpassword = isset($_POST['cpassword']) ? $_POST['cpassword'] : '';
//$login_query=mysqli_query($con, "SELECT * FROM admin where id = $id_session");
//$count=mysqli_num_rows($login_query);
//$row=mysqli_fetch_array($login_query);
//$type=$row['username'];
if($password != $cpassword) {
?>
<script type="text/javascript">
alert("Password doesn't match");
</script>
<?php
} else {
$query = "INSERT INTO reg_requests (first_name, last_name, email, username, password) VALUES ('{$firstname}', '{$lastname}', '{$email}', '{$username}', '{$password}')";
$result = mysqli_query($con, $query);
}
if($result && mysqli_affected_rows($con) == 1) {
//mysqli_query($con, "INSERT INTO history (date,action,user) VALUES (NOW(), 'Created Admin: $username', '$type')")or die(mysql_error());
?>
<script type="text/javascript">
alert("Admin creation success, waiting for Admin's approval!");
location.href="adLogin.php";
</script>
<?php
} else {
?>
<script type="text/javascript">
alert("Admin creation failed");
</script>
<?php
}
}
?>
<link rel="stylesheet" type="text/css" href="../css/style.css" media="all" />
<body class="align">
<h1 style="color:seashell; margin-bottom:0px; font-size:44px; font-family:Josefin Slab;">JAIL MANAGEMENT SYSTEM</h1>
<h2 style="color:seashell; font-family:Josefin Slab;">Registration</h2>
<div class="grid">
<form method="POST" class="form login">
<div class="form__field">
<label for="login__username"><svg class="icon"><img src="../img/fname.png" width="20" /></svg><span class="hidden">Fname</span></label>
<input id="login__username" value="" type="text" name="first_name" class="form__input" placeholder="First Name" required/>
</div>
<div class="form__field">
<label for="login__username"><svg class="icon"><img src="../img/fname.png" width="20" /></svg><span class="hidden">Lname</span></label>
<input id="login__username" value="" type="text" name="last_name" class="form__input" placeholder="Last Name" required/>
</div>
<div class="form__field">
<label for="login__username"><svg class="icon"><img src="../img/email.png" width="20" /></svg><span class="hidden">Email</span></label>
<input id="login__username" value="" type="email" name="email" class="form__input" placeholder="E-mail" required/>
</div>
<div class="form__field">
<label for="login__username"><svg class="icon"><img src="../img/admin_icon.png" width="20" /></svg><span class="hidden">Username</span></label>
<input id="login__username" value="" type="text" name="username" class="form__input" placeholder="Username" required/>
</div>
<div class="form__field">
<label for="login__username"><svg class="icon"><img src="../img/password.png" width="20" /></svg><span class="hidden">Password</span></label>
<input id="login__username" value="" type="password" name="password" class="form__input" placeholder="Password" required/>
</div>
<div class="form__field">
<label for="login__username"><svg class="icon"><img src="../img/password.png" width="20" /></svg><span class="hidden">Cpassword</span></label>
<input id="login__username" value="" type="password" name="cpassword" class="form__input" placeholder="Confirm Password" required/>
</div>
<div class="form__field">
<input type="submit" name="submit" value="Submit">
</div>
</form>
<p class="text--center"><a href="adLogin.php">Cancel</a></p>
</div>
答案 0 :(得分:2)
您的$result
变量未在条件之前定义。更改您的代码如下。
if($password != $cpassword) {
$result = FALSE; // If password dosent match define the result as false.
?>
<script type="text/javascript">
alert("Password doesn't match");
</script>
<?php
} else {
$query = "INSERT INTO reg_requests (first_name, last_name, email, username, password) VALUES ('{$firstname}', '{$lastname}', '{$email}', '{$username}', '{$password}')";
$result = mysqli_query($con, $query);
}