在表單注冊中需要PHP幫助
[英]Need PHP help in form registration
問題描述
問題是,無論如何在數據庫中創建的用戶名和密碼,如何防止這種情況? 我是新手,所以我對PHP不太了解。
if (isset($_POST['username']) && isset($_POST['password']))
{
$username = $_POST["username"];
$password = $_POST["password"];
RegisterErrors($username , $password);
$query = "INSERT INTO users (Username,Password) VALUES ('{$username}','{$password}')";
$query_result = mysqli_query($connection , $query);
echo "added";
}
這是驗證表單注冊的功能:
function RegisterErrors($username , $password)
{
if (null == $_POST["username"] || null == $_POST["password"])
{
echo "username or password cant be empty";
return false;
}
if (empty($_POST["username"]) || empty($_POST["password"]))
{
echo "username or password cant be empty";
return false;
}
if (strlen($_POST["username"]) > 14)
{
echo "username must be less than 14 character";
return false;
}
if (strlen($_POST["password"]) < 6)
{
echo "password must be at least 6 character";
return false;
}
}
3 個解決方案
解決方案1
2 2018-03-02 23:42:12
相反,您應該檢查驗證/檢查錯誤並將其存儲在數組中,然后只需檢查該數組為空即可。
這不僅允許您一次性檢查,而且還允許您以所需的形式向用戶顯示特定錯誤,還應該使用准備好的查詢來防止SQL注入或轉義引號等問題。
<?php
function RegisterErrors($username, $password) {
$errors = [];
// validate username
if (empty($username)) {
$errors['username'] = "username cant be empty";
} elseif (strlen($username) > 14) {
$errors['username'] = "username must be less than 14 character";
}
// validate password
if (empty($password)) {
$errors['password'] = "password cant be empty";
} elseif (strlen($password) < 6) {
$errors['password'] = "password must be at least 6 character";
}
return $errors;
}
if (isset($_POST['username']) && isset($_POST['username'])) {
$username = $_POST["username"];
$password = $_POST["password"];
$errors = RegisterErrors($username, $password);
if (empty($errors)) {
$stmt = $connection->prepare('INSERT INTO users (Username,Password) VALUES (?, ?)');
$stmt->bind_param('ss', $username, password_hash($password, PASSWORD_DEFAULT));
$stmt->execute();
echo "added";
}
}
?>
錯誤將是一個數組,您可以將其放置在表單中的正確位置。
<?= (!empty($errors['username']) ? $errors['username'] : null) ?>
編輯:當我添加了password_hash()時,您需要將登錄代碼更改為按用戶名進行SELECT ,然后使用password_verify ($_POST['password'], $dbresult['password'])檢查password_verify ($_POST['password'], $dbresult['password']) 。
有關此的更多信息: 在數據庫中存儲密碼的最佳方法
解決方案2
0 已采納
您不使用錯誤檢查功能返回的值。
因此,在最后一個}之前在RegisterErrors的底部添加return true; 接着:
if (isset($_POST['username']) && isset($_POST['username']))
{
$username = $_POST["username"];
$password = $_POST["password"];
$test=RegisterErrors($username , $password);//get the value returned, true\false; dont need to parse variables when your using the globals.
if($test){// if true, passed the tests then insert
$query = "INSERT INTO users (Username,Password) VALUES ('{$username}','{$password}')";
$query_result = mysqli_query($connection , $query);
echo "added";
}
}
解決方案3
0 2018-03-02 23:36:44
if (isset($_POST['username']) && isset($_POST['password']))
{
$username = $_POST["username"];
$password = $_POST["password"];
if(RegisterErrors($username , $password)){
$query = "INSERT INTO users (Username,Password) VALUES ('{$username}','{$password}')";
$query_result = mysqli_query($connection , $query);
echo "added";
}
}
function RegisterErrors($username , $password)
{
if (null == $username || null == $password)
{
echo "username or password cant be empty";
return false;
}
if (empty($username) || empty($password))
{
echo "username or password cant be empty";
return false;
}
if (strlen($username) > 14)
{
echo "username must be less than 14 character";
return false;
}
if (strlen($password) < 6)
{
echo "password must be at least 6 character";
return false;
}
return true;
}
需要幫助php html表單
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.