stackoom
  简体   繁体   中英

Insert into MySQL database via PHP only half working

 原文  2016-09-26 21:05:44       php/ mysql

Question

So I'm currently learning PHP, and I'm creating a simple PHP page with a signup form using the POST method. On form submit, the page hashes the password (with phpass), verifies the username is valid (that is, it doesn't exist currently in the db) and inserts if that's true. My code is inserting new rows, but I'm not seeing values for username or hash values being stored. Here's the PHP: 

require("PasswordHash.php");
$unSuccess = false;
$pwSuccess = false;
$registerSuccess = false; 
$spamSuccess = false;

$database = "XXXXXXX";
$username = "XXXXXXX";
$password = "XXXXXXX";
$server = "XXXXXXX";
$db = new mysqli($server, $username, $password, $database);

$user = "";
$pass = "";


if (mysqli_connect_errno()) 
    {
        printf("Connection failed: %s\n", mysqli_connect_error());
        exit();
    }        


if($_POST["usr"] && !$unSuccess){
    $un = $_POST["usr"];

    if(strlen($un) < 20){
        //Verify Username is valid
        if(preg_match("/([A-Za-z0-9])/", $un) == 1){ 
            //Username is valid, check if it already exists in db. 
            $unCheckQuery = "SELECT USERS.Username FROM USERS WHERE USERS.Username = '$un'"; 
            $result = $db->query($unCheckQuery);
            $num = $result->num_rows;
            $result->close();
            if($num != 0){ $errUsername = "Username already exists."; $unSuccess = false; }
        } 
        else{ 
            //Username is valid and not taken 
            $user = $un; 
            $unSuccess = true; 
        }
    }
}


if($_POST["password"] && !$pwSuccess){
    //verify and hash pw
    $pw = $_POST["password"];
    if(str_len($pw) > 72){die("Password must be shorter than 72 characters");}
    $hasher = new PasswordHash(8, false);
    $hash = $hasher->HashPassword($pw);
    if(strlen($hash) >= 20 && preg_match($pattern, $pw) == 1){
        $pass = $hash;
        echo $pass;
        $pwSuccess = true;
    }
    else{
        $pwSuccess = false;
    }
}
if($_POST["spam"]){
    $s = $_POST["spam"];
    if($s != 10){
        $spamSuccess = false;
    }
    else if($s == 10) {$spamSuccess = true;}
}

if($unSuccess = true && $pwSuccess = true && $spamSuccess = true){
    $registerQuery = "INSERT INTO USERS(Username, phash) VALUES('$user', '$pass')";
    //This line is breaking evrything.
    $db->query($registerQuery);

}

The form I'm using is a simple HTML form. I have omitted login information for obvious reasons. Any pointers in the right direction would be greatly appreciated!

2 answers

solution1
 0  2016-09-26 21:10:42

if($unSuccess = true && $pwSuccess = true && $spamSuccess = true)

需要是

if($unSuccess == true && $pwSuccess == true && $spamSuccess == true)

solution2
 0  2016-10-06 02:34:55

Turns out this particular issue was being caused by a security issue on the server end. This code is syntactically correct.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Insert PHP to mySQL database not working online (via flash application) Database insert not working (MySQL, PHP) Mysql query working from command line but only half working in PHP Cannot insert data into MySQL database via PHP Insert multiple values via PHP PDO into MySQL database How to insert text and html format data into a MySQL database via PHP? Using a Submit Button to insert into a MySQL database via PHP? Using a Submit Button to insert an entry into a MySQL database via PHP? INSERT INTO not working for Mysql database Insert MYSQL PHP into database
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM