编码注册系统
的我明显的不良企图所以我试着去建立一个网站,即时通讯开发一个登录系统,我非常新的PHP所以我跳进深结束了一下。我的目标是创建一个注册表单,如果密码不匹配,它不会添加数据并显示错误,并且如果用户名被占用。我已经找到了这两个代码,但我不确定如何一起实现它们。编码注册系统
<?php
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "";
$dbname = "immo";
//Connection to the DB
$con = mysqli_connect($dbhost,$dbuser,$dbpass,$dbname) or die ($dberror1);
session_start();
if (isSet($_POST['Register']) && isSet($_POST['Username']) && isSet($_POST['Password']) && $_POST['Username'] != '' && $_POST['Password'] != '') {
$Password = $_POST['Password'];
$passMD5 = md5($Password);
$Username = $_POST['Username'];
$q = mysqli_query($con, "SELECT * FROM `users` WHERE `Username`='$Username'");
if (mysqli_num_rows($q) > 0) {
echo 'That username is already taken.';
}
if ($_POST['Password']!= $_POST['ConfirmPassword']){
echo("Oops! Password did not match! Try again. ");
}
else{
$qq = mysqli_query($con, "INSERT INTO `users` VALUES ('', '$Username', '$passMD5')");
if ($qq) {
echo 'Registered successfully!';
}else
echo 'Failed to register.';
}
}
?>
<form method="post" class="registration_form">
<fieldset>
<legend>Registration Form </legend>
<table>
<tbody>
<tr>
<td class="label"><label for="Username">Username :</label></td>
<td class="input"><input type="text" id="Username" name="Username" required/></td>
<td class="error"></td>
</tr>
<tr>
<td class="label"><label for="Fname">First Name :</label></td>
<td class="input"><input type="text" id="Firstname" name="Firstname" required/></td>
<td class="error"></td>
</tr>
<tr>
<td class="label"> <label for="Lname">Last Name :</label></td>
<td class="input"><input type="text" id="Lastname" name="Lastname" required/></td>
<td class="error"></td>
</tr>
<tr>
<td class="label"><label for="e-mail">E-mail :</label></td>
<td class="input"><input type="email" id="Email" name="Email" required/></td>
<td class="error"></td>
</tr>
<tr>
<td class="label"><label for="Password">Password:</label></td>
<td class="input"><input type="password" id="Password" name="Password" required/></td>
<td class="error"></td>
</tr>
<tr>
<td class="label"><label for="ConfirmPassword">Confirm Password:</label></td>
<td class="input"><input type="password" id="ConfirmPassword" name="ConfirmPassword" required/></td>
<td class="error"></td>
</tr>
<tr>
<td><input type="hidden" name="formsubmitted" value="TRUE" /></td>
<td><input type="submit" id="Register" value="Register" name="Register" /></td>
<td class="error"></td>
</tr>
</tbody>
</table>
</fieldset>
</form>
不漂亮,但:
<?php
session_start();
if (isSet($_POST['Register']) && isSet($_POST['Username']) && isSet($_POST['Password']) && $_POST['Username'] != '' && $_POST['Password'] != '') {
$Password = $_POST['Password'];
$passMD5 = md5($Password);
$Username = $_POST['Username'];
$q = mysqli_query($con, "SELECT * FROM `users` WHERE `Username`='$Username'");
if (mysqli_num_rows($q) == 0) {
if ($_POST['Password'] == $_POST['ConfirmPassword']){
$qq = mysqli_query($con, "INSERT INTO `users` VALUES ('', '$Username', '$passMD5')");
if ($qq) {
echo 'Registered successfully!';
} else {
echo 'Failed to register.';
}
} else {
echo "Oops! Password did not match! Try again.";
}
} else {
echo 'That username is already taken.';
}
}
?>
口口声声说未能注册 – nathzOO
鉴于OP的形式是犹太教; - )并且他们的连接是成功的。 –
好吧,看起来密码是匹配的,你没有插入数据。看起来你还没有连接到数据库。您是否已连接到页面中较高的数据库?在运行查询之前,您需要这样做。另外,正如其他人所提到的,您应该切换到PDO,但这完全是一个单独的主题。 –
旁注:您可以减少整个'如果(isSet($ _ POST [ '注册'])......'简单'如果(空! ($ _POST ['Register'])....'和其他人,不需要'!='''或者简单的三元操作符 –
你真的不应该使用MD5密码哈希值,你真的应该使用PHP的[内置函数](http://jayblanchard.net/proper_password_hashing_with_PHP.html)来处理密码安全性。如果您使用的PHP版本低于5.5,您可以使用'password_hash()'[兼容包](https://github.com/ircmaxell/password_compat)。 –
[你的脚本是在对SQL注入攻击的风险。(http://*.com/questions/60174/how-can-i-prevent-sql-injection-in-php) –