PHP MySQL用户注册表不支持';t阻止空密码字段
我正在尝试使用PHP和MySQL创建一个简单的用户注册表单。一切正常,除了“请插入密码”消息外,如果密码输入字段为空且数据插入数据库时密码为空,则不会回显该消息。我怎样才能解决这个问题PHP MySQL用户注册表不支持';t阻止空密码字段,php,html,mysql,registration,Php,Html,Mysql,Registration,我正在尝试使用PHP和MySQL创建一个简单的用户注册表单。一切正常,除了“请插入密码”消息外,如果密码输入字段为空且数据插入数据库时密码为空,则不会回显该消息。我怎样才能解决这个问题 <?php if(isset($_SESSION['username'])){ header("Location: index.php"); } if(isset($_POST['register'])){ include_once('connect
<?php
if(isset($_SESSION['username'])){
header("Location: index.php");
}
if(isset($_POST['register'])){
include_once('connect.php');
$name = $surname = $email = $username = "";
$name = strip_tags($_POST['name']);
$surname = strip_tags($_POST['surname']);
$email = strip_tags($_POST['email']);
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$password_confirm = strip_tags($_POST['password_confirm']);
$name = stripslashes($name);
$surname = stripslashes($surname);
$email = stripslashes($email);
$username = stripslashes($username);
$password = stripslashes($password);
$password_confirm = stripslashes($password_confirm);
$name = mysqli_real_escape_string($conn, $name);
$surname = mysqli_real_escape_string($conn, $surname);
$email = mysqli_real_escape_string($conn, $email);
$username = mysqli_real_escape_string($conn, $username);
$password = mysqli_real_escape_string($conn, $password);
$password_confirm = mysqli_real_escape_string($conn, $password_confirm);
$password = md5($password);
$password_confirm = md5($password_confirm);
$sql_store = "insert into user (username, name, surname, email, password) values ('$username', '$name', '$surname', '$email', '$password')";
$sql_fetch_username = "select username from user where username = '$username'";
$sql_fetch_email = "select email from user where email = '$email'";
$query_username = mysqli_query($conn, $sql_fetch_username);
$query_email = mysqli_query($conn, $sql_fetch_email);
if (!empty($name) && !empty($surname) && !empty($email) && !empty($username) && !empty($password) && !empty($password_confirm)){
if(mysqli_num_rows($query_username)){
echo "That username is already in use.<br>";
}
else{
if(mysqli_num_rows($query_email)){
echo "That email is already in use.<br>";
}
else{
if($password != $password_confirm){
echo "The passwords do not match.<br>";
}
else{
mysqli_query($conn, $sql_store);
header("Location: index.php");
}
}
}
}
else{
if($name == ""){
echo "Please insert a name.<br>";
}
if($surname == ""){
echo "Please insert a surname.<br>";
}
if(mysqli_num_rows($query_username)){
echo "That username is already in use.<br>";
}
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
if($email == ""){
echo "Please insert an email.<br>";
}
else{
echo "The email is not valid.<br>";
}
}
if(mysqli_num_rows($query_email)){
echo "That email is already in use.<br>";
}
if($username == ""){
echo "Please insert an username.<br>";
}
if($password == "" || $password_confirm == ""){
echo "Please insert a password.<br>";
}
}
}
?>
<html>
<body>
<form action="register.php" method="POST">
<input placeholder="Name" name="name" type="text" value="<?php if(!empty($name)){echo $name;}?>">
<input placeholder="Surname" name="surname" type="text" value="<?php if(!empty($surname)){echo $surname;} ?>"><br><br>
<input placeholder="E-Mail Address" name="email" type="text" value="<?php if(!empty($email)){echo $email;} ?>">
<input placeholder="Username" name="username" type="text" value="<?php if(!empty($username)){echo $username;} ?>"><br><br>
<input placeholder="Password" name="password" type="password">
<input placeholder="Confirm Password" name="password_confirm" type="password">
<input name="register" type="submit" value="Register">
</form>
</body>
</html>
您不是在测试密码,而是在测试密码的md5哈希。空字符串的md5哈希值不是空的
也--
您的错误消息回显在
元素之外,这是不理想的。您应该设置一条验证消息(或者更好,为每个输入设置一系列验证消息,可能是在一个数组中),然后在
元素中输出
如果这是一个远程安全系统,你应该阅读安全密码散列。如果你打算上线,你也不应该使用此代码,这是不安全的。使用准备好的语句和密码\u hash()
。