mysql中的PHP注册表
我在用php和mysq构建注册表时遇到了问题。 我有两个文件,contactus.php和home.php。 contactus.php的代码如下:mysql中的PHP注册表,php,mysql,Php,Mysql,我在用php和mysq构建注册表时遇到了问题。 我有两个文件,contactus.php和home.php。 contactus.php的代码如下: <?php session_start(); $db = mysqli_connect("localhost", "wadca2user", "password123", "p1514432db"); if(isset($_POST['register_btn'])){ ses
<?php
session_start();
$db = mysqli_connect("localhost", "wadca2user", "password123", "p1514432db");
if(isset($_POST['register_btn'])){
session_start();
$username = mysql_real_escape_string($_POST['username']);
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);
$password2 = mysql_real_escape_string($_POST['password2']);
if($password == $password2){
$password = md5($password); // stored before
$sql = "INSERT INTO users(username,email,password) Values('$username','$email','$password')";
mysqli_query($db, $sql);
$_SESSION['message'] = "Your are now logged in";
$_SESSION['username'] = $username;
header("location: home.php");
}else{
$_SESSION['message'] = "The two passwords do not match";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<link href="css/maincss.css" rel="stylesheet" type="text/css"/>
</head>
<body>
<div class="header">
<h1>Register</h1>
</div>
<form method="post" action="contactus.php">
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="username" class="textInput"></td>
</tr>
<tr>
<td>Email:</td>
<td><input type="email" name="email" class="textInput"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" class="textInput"></td>
</tr>
<tr>
<td>Password again:</td>
<td><input type="password" name="password2" class="textInput"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="register_btn" value="Register"></td>
</tr>
</table>
</form>
</body>
</html>
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<link href="css/maincss.css" rel="stylesheet" type="text/css"/>
</head>
<body>
<div class="header">
<h1>Register</h1>
</div>
<h1>Home</h1>
<div>
<h3>Welcome<?php echo $_SESSION['username']; ?></h3>
</div>
</body>
</html>
使用PDO,这(下面)应该可以完成任务,它可以防止sql注入(更多信息,请查看准备好的请求)。
您不能使用MD5,它已弃用,请尝试sha1()或sha256()。
编辑:您还有密码\u hash(),这非常好
<?php
session_start();
$servername = "localhost";
$username = "wadca2user";
$password = "password123";
$conn = null;
try {
$conn = new PDO("mysql:host=$servername;dbname=p1514432db", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo "Connected successfully";
}
catch(PDOException $e)
{
echo "Connection failed: " . $e->getMessage();
}
if(isset($_POST['register_btn']) && !is_null($conn)){
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
if($password === $password2){
$password = md5($password); // stored before
$request = $conn->prepare("INSERT INTO users (username,email,password) VALUES (:username, :email, :password)");
$request->bindParam(':username', $username);
$request->bindParam(':email', $email);
$request->bindParam(':password', $password);
$request->execute();
$_SESSION['message'] = "Your are now logged in";
$_SESSION['username'] = $username;
header("location: home.php");
}else{
$_SESSION['message'] = "The two passwords do not match";
}
}
?>
您正在混合使用API-mysqli和mysql->mysqli\u connect()
和mysql\u real\u escape\u string()
现在更改密码和用户名可能希望是唯一的