我在使用php和mysq构建注册表单时遇到问题。 我有两个文件,contactus.php和home.php。 contactus.php的代码如下:
<?php
session_start();
$db = mysqli_connect("localhost", "wadca2user", "password123", "p1514432db");
if(isset($_POST['register_btn'])){
session_start();
$username = mysql_real_escape_string($_POST['username']);
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);
$password2 = mysql_real_escape_string($_POST['password2']);
if($password == $password2){
$password = md5($password); // stored before
$sql = "INSERT INTO users(username,email,password) Values('$username','$email','$password')";
mysqli_query($db, $sql);
$_SESSION['message'] = "Your are now logged in";
$_SESSION['username'] = $username;
header("location: home.php");
}else{
$_SESSION['message'] = "The two passwords do not match";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<link href="css/maincss.css" rel="stylesheet" type="text/css"/>
</head>
<body>
<div class="header">
<h1>Register</h1>
</div>
<form method="post" action="contactus.php">
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="username" class="textInput"></td>
</tr>
<tr>
<td>Email:</td>
<td><input type="email" name="email" class="textInput"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" class="textInput"></td>
</tr>
<tr>
<td>Password again:</td>
<td><input type="password" name="password2" class="textInput"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="register_btn" value="Register"></td>
</tr>
</table>
</form>
</body>
</html>
home.php的代码如下:
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<link href="css/maincss.css" rel="stylesheet" type="text/css"/>
</head>
<body>
<div class="header">
<h1>Register</h1>
</div>
<h1>Home</h1>
<div>
<h3>Welcome<?php echo $_SESSION['username']; ?></h3>
</div>
</body>
</html>
点击提交后,应该转到home.php。但是,它没有成功。我不确定我的问题在哪里。
答案 0 :(得分:2)
使用PDO,这个(下面)应该完成工作,它可以安全地防止sql注入(检查准备好的请求更多)。 您不能使用MD5,不推荐使用,请尝试使用sha1()或sha256()。 编辑:你也有密码_hash()非常好。
<?php
session_start();
$servername = "localhost";
$username = "wadca2user";
$password = "password123";
$conn = null;
try {
$conn = new PDO("mysql:host=$servername;dbname=p1514432db", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo "Connected successfully";
}
catch(PDOException $e)
{
echo "Connection failed: " . $e->getMessage();
}
if(isset($_POST['register_btn']) && !is_null($conn)){
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
if($password === $password2){
$password = md5($password); // stored before
$request = $conn->prepare("INSERT INTO users (username,email,password) VALUES (:username, :email, :password)");
$request->bindParam(':username', $username);
$request->bindParam(':email', $email);
$request->bindParam(':password', $password);
$request->execute();
$_SESSION['message'] = "Your are now logged in";
$_SESSION['username'] = $username;
header("location: home.php");
}else{
$_SESSION['message'] = "The two passwords do not match";
}
}
?>