我的PHP到mysql中的数据冗余问题
有人可以查看我的PHP代码吗?如何修复PHP到mysql中的数据冗余?我不希望将相同的数据存储到我的数据库中。谢谢我的PHP到mysql中的数据冗余问题,php,phpmyadmin,Php,Phpmyadmin,有人可以查看我的PHP代码吗?如何修复PHP到mysql中的数据冗余?我不希望将相同的数据存储到我的数据库中。谢谢 <?php $email = ""; $passwords = ""; $firstname = ""; $lastname = ""; $errors = array(); $db = mysqli_connect('localh
<?php
$email = "";
$passwords = "";
$firstname = "";
$lastname = "";
$errors = array();
$db = mysqli_connect('localhost', 'root', '', 'wdt_assignment');
if (isset($_POST['email'])) {
$email = mysqli_real_escape_string($db, $_POST['email']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$firstname = mysqli_real_escape_string($db, $_POST['firstname']);
$lastname = mysqli_real_escape_string($db, $_POST['lastname']);
if (empty($email)) { array_push($errors, "email is required"); }
if (empty($password)) { array_push($errors, "password is required"); }
if (empty($firstname)) { array_push($errors, "firstname is required"); }
if (empty($lastname)) { array_push($errors, "lastname is required"); }
}
$user_check_query = "SELECT * FROM customer WHERE email='$Email' OR password='$Password' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['email'] === $Email) {
array_push($errors, "email already exists");
}
if ($user['password'] === $Password) {
array_push($errors, "password already exists");
}
}
if (count($errors) == 0) {
$query = "INSERT INTO customer (email, password, firstname, lastname)
VALUES('$email', '$password', '$firstname','$lastname')";
mysqli_query($db, $query);
$_SESSION['email'] = $email;
$_SESSION['success'] = "You are now logged in";
}
?>
我建议您不要告诉用户数据库中已经存在此密码。我附上代码,以检查电子邮件是否存在
<?php
$email = "";
$passwords = "";
$firstname = "";
$lastname = "";
$errors = array();
$db = mysqli_connect('localhost', 'root', '', 'wdt_assignment');
if (isset($_POST['email']))
{
$email = mysqli_real_escape_string($db, $_POST['email']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$firstname = mysqli_real_escape_string($db, $_POST['firstname']);
$lastname = mysqli_real_escape_string($db, $_POST['lastname']);
if (empty($email)) { array_push($errors, "email is required"); }
if (empty($password)) { array_push($errors, "password is required"); }
if (empty($firstname)) { array_push($errors, "firstname is required"); }
if (empty($lastname)) { array_push($errors, "lastname is required"); }
if (count($errors) == 0)
{
$user_check_query = "SELECT * FROM customer WHERE email='$Email' OR password='$Password' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$affected_rows = mysqli_affected_rows($db);
if ($affected_rows > 0)
{
array_push($errors, "email already exists");
}
else
{
$query = "INSERT INTO customer (email, password, firstname, lastname)
VALUES('$email', '$password', '$firstname','$lastname')";
mysqli_query($db, $query);
$_SESSION['email'] = $email;
$_SESSION['success'] = "You are now logged in";
}
}
}
?>
Hi,谢谢你,伙计,但是当我输入exists email时,错误并没有显示“email ready exists”。这背后的逻辑导致了糟糕的用户体验。如果电子邮件不存在,但有人使用相同的密码,则您会告诉用户该电子邮件存在。您应该重定向用户,以显示该电子邮件是否存在。非常感谢您您的代码存在安全问题。首先,您可以接受SQL注入。预先准备好的语句是解决问题的方法,因为转义是。而且,似乎您正在以纯文本形式存储密码。你应该不惜一切代价避免那样。PHP提供了一种可以安全抵御多种不同类型攻击的方法,并且使用起来并不复杂。