【发布时间】:2014-05-09 23:18:04
【问题描述】:
现在整天都在研究这个问题,访问了许多论坛并听取了很多建议,但似乎还是有问题。
一旦输入了所有正确的用户信息,我将尝试通过 SQL 提交查询,然后在完成后将用户重定向回 index.html 作为“登录”用户。
代码如下:
error_reporting(E_ALL); ini_set('display_errors', 1); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
//setup database connection
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$mysql_database = "21st";
$conn = mysqli_connect($dbhost, $dbuser, $dbpass) or die("Could not connect database");
mysqli_select_db($conn, $mysql_database) or die("Could not select database");
//get user info
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
//if passwords are equal and longer than 5 characters, and username is longer than 4 characters
if ($password != $password2) || (strlen($username)) < 4 || (strlen($password < 5)) {
header('Location: index.html');
} else {
//encrypt passwords
$password = md5($password);
$password2 = md5($password2);
//sanitize email
$sanitized_email = filter_var($email, FILTER_SANITIZE_EMAIL);
//insert query into database
$sql = "INSERT INTO members (username, email, password) VALUES ('$username','$email','$password')";
mysqli_query($conn, $sql);
//redirect user to index.html once all is completed
header('Location: index.html');
exit();
}
}
【问题讨论】:
-
你有什么错误吗?
-
md5 对密码不安全,see this eg
-
您是否检查过DB中的列名与您在SQL查询中指定的列名相同?
-
当您已经检查过密码 1 和 2 以确保它们是相同的东西时,为什么还要对密码 1 和 2 进行 MD5ing?
-
@DanielLisik 重读我写的内容
标签: php registration