Php 为什么我的最后两个变量没有插入数据库?
由于某种原因,我的最后两个变量将不会输入数据库。我指的是Php 为什么我的最后两个变量没有插入数据库?,php,mysql,Php,Mysql,由于某种原因,我的最后两个变量将不会输入数据库。我指的是$verifyKey和$keyExpire。这是我的代码和注释。我正在添加整个页面,以确保在不应该出现的地方没有错误的字符。实际上,这是一个注册页面,它将信息插入数据库,并为以后的电子邮件验证提供验证密钥 我有与数据库中的代码匹配的字段,它们被设置为longtext和text。我不想直接插入,因为我正试图让这个方法处理所有5个变量 <?php // This is not seen by the end user so this f
$verifyKey$keyExpire<?php
// This is not seen by the end user so this file is placed in the unseen folder
// Check if the user used the sign up button
if (isset($_POST['signup-submit'])) {
// uses the database handler
require 'dbh.php';
$username=$_POST['uid'];
$email=$_POST['mail'];
$password=$_POST['pwd'];
$passwordcnfrm=$_POST['pwd-cnfrm'];
$verifyKey=md5(time().$username);
$keyExpire=date("U")+ 86400;
// Checks to see if any field are empty
if(empty($username)||empty($email)||empty($password)||empty($passwordcnfrm)) {
// This header returns the username and/or email address so the user doesn't have to retype it
header("Location:../signup.php?error=emptyfields&uid=".$username."&mail=".$email);
exit();
}
// Checks if both the user and email are invalid
else if (!filter_var($email, FILTER_VALIDATE_EMAIL)&&!preg_match("/^[a-zA-Z0-9]*$/",$username)) {
header("Location:../signup.php?error=invalidmailuid");
exit();
}
// Checks if the email is valid
else if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location:../signup.php?error=invalidmail&uid=".$username);
exit();
}
// Checks if the username is valid.
else if (!preg_match("/^[a-zA-Z0-9]*$/",$username)) {
header("Location:../signup.php?error=invaliduid&mail=".$email);
exit();
}
// Checks to see if the password and confirm password match
else if ($password !== $passwordcnfrm){
header("Location:../signup.php?error=passwordcheck&uid=".$username."&mail=".$email);
exit();
}
// Checks to see if the username is already in use or password is invalid
else {
$sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt,$sql)) {
header("Location:../signup.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt,"s",$username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows();
if ($resultCheck < 0){
header("Location:../signup.php?error=usertaken&mail=".$email);
exit();
}
else {
//Inserts into database
$sql = "INSERT INTO users (uidUsers,emailUsers,pwdUsers,verify,expires) VALUES (?,?,?,?,?);";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt,$sql)) {
header("Location:../signup.php?error=sqlerror");
exit();
}
else {
$hashedPwd =password_hash($password,PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt,"sssss",$username,$email,$hashedPwd,$verifyKey,$keyExpire);
mysqli_stmt_execute($stmt);
header("Location:../signup.php?signup=success");
}
}
}
}
//Closes session to db
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
else {
header("Location:../signup.php");
}
在mysqli_stmt::bind_parammysqli\u stmt\u send\u long\u data()实际上,这意味着对于每个longtext(和blob)字段,您必须在
mysqli\u stmt\u bind\u参数之后额外调用mysqli\u stmt\u send\u long\u data
。否则,当一切正常,但未设置字段时,就会出现这种奇怪的行为。在mysqli\u stmt::bind\u param的描述中,有一个脚本注释:
如果变量的数据大小超过允许的最大数据包大小
(max_allowed_packet),您必须在类型和使用中指定b
mysqli\u stmt\u send\u long\u data()
以数据包的形式发送数据
实际上,这意味着对于每个longtext(和blob)字段,您必须在mysqli\u stmt\u bind\u参数之后额外调用mysqli\u stmt\u send\u long\u data
。否则,当一切正常,但未设置字段时,就会出现这种奇怪的行为。标题(“位置:../signup.php?error=invaliduid&mail=“.$email”)
可能易于并基本上可用于交叉脚本攻击。。。我相信这个漏洞是在我刚刚切换到7.3的更现代的PHP版本(5.4.38+)中修补的。很好看<代码>标题(“位置:../signup.php?错误=invaliduid&mail=“..$email”)
可能易于并基本上可用于交叉脚本攻击。。。我相信这个漏洞是在我刚刚切换到7.3的更现代的PHP版本(5.4.38+)中修补的。很好看!我添加了这些和相同的结果。我在密码重置表单上也使用了同样的方法,它将散列信息放入数据库。我添加了这些和相同的结果。我在密码重置表单上也使用了同样的方法,它将散列信息放入数据库。