所以我目前遇到一个奇怪的问题。我正在使用我的大学数据库进行注册/登录。但是,由于某种原因,哈希方面似乎完全毁了它。没有它,数据就可以很好地插入到数据库中,但是,一旦尝试进行任何安全性哈希处理,我就会得到“ 500台服务器无法处理此请求”。每当我想要对escape_string进行额外的安全保护时,这也适用。有什么建议吗?
<?php
if (isset($_POST['register'])) {
require "loginDB.php";
$username = ($_POST['userID']);
$email = ($_POST['userEMAIL']);
$password = ($_POST['userPWD']);
$password2 = ($_POST['userPWD2']);
// $encrypted = $mysqli->escape_string(password_hash($_POST['userPWD'], PASSWORD_DEFAULT));
if (empty($username) || empty($email) || empty($password) || empty($password2)) {
header("Location: ../index.php?error=emptyfields&userID=" . $username . "&email=" . $email);
exit(); //If user makes a mistake they get sent back and have some of the fields filled in
} else if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../index.php?error=invalidemail&userID=" . $username);
exit();
} else if ($password != $password2) {
header("Location: ../index.php?error=passwordcheck&userID=" . $username . "&email=" . $email);
exit();
} else {
$sql = "SELECT username FROM users WHERE username=? ";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../index.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "s", $username); //binds the data
mysqli_stmt_execute($stmt); //runs the data inside the database
mysqli_stmt_store_result($stmt); //takes result from database
$check = mysqli_stmt_num_rows($stmt);
if ($check > 0) {
header("Location: ../index.php?error=usernametaken&email=" . $email);
exit();
} else {
// $encryptPWD = password_hash($password, PASSWORD_DEFAULT);
$sql = "INSERT INTO users (username, email, pwd) VALUES ('$username', '$email', '$password')";
header("Location: ../index.php?registration=successful");
$stmt = mysqli_stmt_init($conn);
mysqli_stmt_prepare($stmt, $sql);
mysqli_stmt_execute($stmt);
exit();
// }
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
} else {
header("Location: ../index.php");
exit();
}