[英]Re:Having trouble integrating both my Captcha and my Php Code
我无法同时将我在Php中的注册表格和验证码结合在一起。 我曾尝试将它们与非常有限的编码知识集成在一起,但是当输入错误的验证码时,它表示“ INCORRECT CAPTCHA”,但不幸的是,它也输入了Mysql Db上的用户,而没有首先验证验证码。
所有相关代码如下所示,请协助,谢谢!
1.Registration.php
<div class="form-title">Sign Up</div>
<div class="form-sub-title">It's free and anyone can join</div>
<form method="post" action="check.php" enctype="multipart/form-data">
<table width="864" align="center" cellpadding = "15">
<tr>
<td>FirstName:</td>
<td><input type="text" name="FirstName" maxlength="10" required="" ></td>
.....................................................................................................................................................................................................
<td> </td>
</td>
</tr> </td>
<td>
<?php
session_start();
echo '<form action="check.php" method="post">';
$rand_int1 = substr(mt_rand(),0,2);
$rand_int2 = substr(mt_rand(),0,1);
$rand_int3 = substr(mt_rand(),0,1);
$captcha_answer = $rand_int1 + $rand_int2 - $rand_int3;
$_SESSION['captcha_answer'] = $captcha_answer;
echo 'What is '.$rand_int1.' + '.$rand_int2.' - '.$rand_int3.'?<br>
<input type="text" name="captcha">
<td><input type="submit" value="Submit" name="registration" class="greenButton"/><img id="loading" src="img/ajax-loader.gif" alt="working.." /></td>
</form>';
?>
</td>
</tr>
2. Check.php
<?php
session_start();
$captcha = $_POST['captcha'];
$captcha_answer = $_SESSION['captcha_answer'];
if($captcha != $captcha_answer) {
echo 'Captcha is incorrect!';
}
else {
echo 'Captcha is correct, congratulations! :)';
}
?>
<?php
if(isset($_POST['registration']))
{
require "connection.php";
$FirstName = strip_tags($_POST['FirstName']);
$LastName = strip_tags($_POST['LastName']);
$Msisdn = $_POST['Msisdn'];
$month = $_POST['month'];
$day = $_POST['day'];
$year = $_POST['year'];
$date = $year . "-" . $month . "-" . $day;
$dob = date('y-m-d', strtotime($date));
$Gender = $_POST['Gender'];
$Faith = $_POST['Faith'];
$City = $_POST['City'];
$MarritalStatus = $_POST['MarritalStatus'];
$Profession =$_POST['Profession'];
$Country = $_POST['Country'];
$query="insert into users set FirstName='".$FirstName."',LastName='".$LastName
."',Msisdn='".$Msisdn."',dob='".$dob."',Gender='".$Gender."',Faith='".$Faith."',City='".$City."',MarritalStatus='".$MarritalStatus."',Profession='".$Profession."',Country='".$Country."'";
mysql_query($query)or die("".mysql_error());
echo "Successful Registration!";
}
?>
验证码应防止机器人成功提交表单。 x1 + x2 - x3
对于任何自动提交表单来说都太简单了。
为了解决您的任务,在if子句if(isset($_POST['registration']))
您还需要检查验证码的成功,将其更改为:
if (isset($_POST['registration']) && $captcha === $captcha_answer)
您也不应该使用mysql_
函数,因为它们将很快在较新的PHP版本中关闭。
您的代码似乎也很适合黑客(SQL注入)。 您应该验证$_POST
变量,而不仅仅是将它们放入简单的查询中。
就像我在名字中输入';DROP TABLE users;--
。
此处的代码不检查验证码是否成功。 要做到这一点
if(isset($_POST['registration']))
至
if(isset($_POST['registration']) && $captcha == $captcha_answer)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.