stackoom
  简体   繁体   中英

PHP and mysqli registration page not working

 原文  2015-11-28 08:59:33       php/ html5/ mysqli

Question

This is a simple php code through which I want to insert into database table. But I don't know why this is not working. 

 <!DOCTYPE html>
   <html>
   <meta charset="utf-8">
  <title>Registration</title>
  </head>
  <body>
  <form method = "POST" action = "checkregister.php">
  <label for = "email">EmailID</label>
  <input type = "text" id = "email" name = "email" /><br />
  <label for = "pass">Password</label>
  <input type = "text" id = "pass" name = "pass" /><br />
  <input type = "submit" name = "submit" value = "submit" />
  </form>
  </body>
  </html>

checkregister.php 

  <?php
   $conn = mysqli_connect('localhost', 'root', '', 'justdental')
   or die("couldn't connect");
   $email = $_POST['email'];
   $pass = $_POST['pass'];

   $query = "INSERT INTO register (email, pass) VALUES ('$email', '$pass')";
   mysqli_query($conn, $query)
   or die("Not connecting");

   echo 'Registered Succesfully!';

   mysqli_close($conn);
   ?>

1 answers

solution1
 -1 ACCPTED  2015-11-28 09:07:34

You should check if it is posted or not: 

<?php
   $conn = mysqli_connect('localhost', 'root', '', 'justdental')
   or die("couldn't connect");


if (mysqli_connect_errno()) {
   printf("Connect failed: %s\n", mysqli_connect_error());
   exit();
 }

if (!mysqli_query($conn, "SELECT * FROM register WHERE 1=1" ) ) {
    printf("Errormessage: %s\n", mysqli_error($conn));
}
if(isset( $_POST['email'] )  ){
   $email = $_POST['email'];
} else{
   echo "could not get email .";
}
if( isset( $_POST['pass'] ) ){
   $pass = $_POST['pass'];
} else{
   echo 'Password could not get.';
}
if( $email && $pass ){
   $query = "INSERT INTO register ( email, pass) VALUES ('" . $email . "','" . $pass . "')";
   $result = mysqli_query($conn, $query);
   if( isset($conn->insert_id) && $conn->insert_id ){
       echo 'Registered Succesfully!';
   } else {
       printf("Error: %s\n", $conn->error);
   }
} 
   mysqli_close($conn);
   ?>

There are a couple of serious security issues with this code, which I've not fixed to avoid confusing the issue. Firstly, the code is vulnerable to SQL injection, which is likely to result in people bypassing your credential checks if this goes live.

Also, your passwords are not hashed, and so can be read either using SQL injection vulns, or perhaps if the database can be stolen another way. That will put your users' security at risk, since people - despite the industry's advice - will often reuse passwords.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Registration form with php and mysqli not working Creating a registration and login page using PHP MYSQLI registration page with php and mysql not working IPN page still not working PHP mysqli Simple but secure user registration with PHP and mysqli Simple User Registration & Login Script in PHP and MySQLi Difficulty checking for existing user registration php/mysqli PHP mysqli() not working php mysqli not working PHP - MySQLi INSERT not working
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM