Fatal编程技术网
  • php/
  • Php 我的网页没有';t识别登记表中填写的数据

Php 我的网页没有';t识别登记表中填写的数据

php html

Php 我的网页没有';t识别登记表中填写的数据,php,html,mysqli,Php,Html,Mysqli,我目前正在做一个网页,现在我的重点是登录和注册表格。我还连接了一个sql数据库。当我使用注册表单注册新用户时,数据库将成功更新。问题是,当我尝试与该用户登录时,页面无法识别它。此外,如果我尝试使用我用Netbeans手动引入的用户登录,它会识别它 $con = mysqli_connect("localhost", "root", "mypassword"); if(!$con) { exit('Connect Error (' . mysqli_connect_errno() .')

我目前正在做一个网页,现在我的重点是登录和注册表格。我还连接了一个sql数据库。当我使用注册表单注册新用户时,数据库将成功更新。问题是,当我尝试与该用户登录时,页面无法识别它。此外,如果我尝试使用我用Netbeans手动引入的用户登录,它会识别它

$con = mysqli_connect("localhost", "root", "mypassword");
if(!$con) {
    exit('Connect Error (' . mysqli_connect_errno() .') ' . mysqli_connect_error());
}

mysqli_set_charset($con, 'utf-8');

mysqli_select_db($con, "my_database");

$user = mysqli_real_escape_string($con, htmlentities($_POST['new_mail']));
$password = mysqli_real_escape_string($con, htmlentities($_POST['new_passwd']));
$sql = "INSERT INTO usuarios (usuario, clave) VALUES ('". $user ."' , ' ".md5($password)."')";
mysqli_query($con, $sql);
if(mysqli_affected_rows($con) > 0) {
     ?>
    <script type='text/javascript'>
        alert('You have been registered succesfully. Now you can access our website');
    </script>
    <?php
    header("Location: login_page.html");

    echo "<br><br><a href='index.php'>Go back</a>";
} else {
    if(mysqli_errno($con) == 1062) {
        echo "The e-mail address introduced is already on the system.";
        echo "<br><a href='register.html'>Try again</a>";
    } else {
        echo "Error: " .$sql . "<br>" . mysqli_error($con);
    }
}

$con=mysqli_connect(“localhost”、“root”、“mypassword”);
如果(!$con){
退出('Connect Error('.mysqli_Connect_errno())'。mysqli_Connect_Error());
}
mysqli_set_charset($con,'utf-8');
mysqli_select_db($con,“我的数据库”);
$user=mysqli\u real\u escape\u字符串($con,htmlentities($\u POST['new\u mail']);
$password=mysqli\u real\u escape\u字符串($con,htmlentities($\u POST['new\u passwd']);
$sql=“插入到usuarios(usuario,clave)值(“$user.”,“.md5($password)。”)”;
mysqli_查询($con,$sql);
如果(mysqli\u受影响的行($con)>0){
?>
警报(“您已成功注册。现在您可以访问我们的网站”);

你在注册页面上犯了一些错误


  • 您没有使用准备好的语句
    • 

  • 您正在使用
    md5()
    而不是
    password\u hash()
    password\u verify()
    来保护密码
    • 

  • 您正在对密码使用清除机制,但不应这样做,因为这可能会更改原始密码
    • 
根据以上内容,您应该使用准备好的语句,并利用密码散列和验证
    
因此,您的注册页面应如下所示:
    

    <?php
$con = mysqli_connect("localhost", "root", "mypassword");
if (!$con) {
    exit('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
}

mysqli_set_charset($con, 'utf-8');

mysqli_select_db($con, "my_database");

$user     = $_POST['new_mail'];
$password = $_POST['new_passwd'];

$hash = password_hash($password, PASSWORD_DEFAULT);

//check if user is not registered already, I'm not sure if you have user_id, what I know you should have id which is auto increment, then select that id
$sql  = "SELECT user_id FROM usuarios WHERE usuario = ? ";
$stmt = mysqli_prepare($con, $sql);
mysqli_stmt_bind_param($stmt, 's', $user);
mysqli_stmt_execute($stmt);
$result   = mysqli_stmt_get_result($stmt);
$num_rows = mysqli_num_rows($result);

if ($num_rows > 0) {
    //user exists

    echo "The e-mail address introduced is already on the system.";
    echo "<br><a href='register.html'>Try again</a>";
} else {
    //user does not exist register the user
    $query  = "INSERT INTO usuarios (usuario, clave) VALUES (?,?)";
    $insert = mysqli_prepare($con, $query);
    mysqli_stmt_bind_param($insert, "ss", $user, $hash);

    if (mysqli_stmt_execute($insert)):
?>

        <script type='text/javascript'>
        alert('You have been registered succesfully. Now you can access our website');
    </script>
    <?php
        header("Location: login_page.html");

        echo "<br><br><a href='index.php'>Go back</a>";
    else:
        printf("Error: %s.\n", mysqli_stmt_error($insert));
    endif;
}
?>

    

    

    说。了解for。即使是不安全的!也不应该在插入密码时更改密码。使用htmlentities会更改密码,从而导致巨大的麻烦。出于安全目的,MD5被认为已损坏,不足以进行密码散列。如果您使用的是5.5之前的PHP版本,请使用and,您可以使用。我已经修改了代码,但现在我在提交公式时收到HTTP错误500。我已经查找了代码中的错误,但它似乎很好,所以我不知道发生了什么。我还返回了旧代码,但没有收到错误。感谢您的帮助。问题是我没有正确的驱动程序来使用get_result functions(mysqlnd),所以一旦我安装了它,一切都很好。酷,如果有帮助@giovannicaabera,你可能会接受答案

    <?php
$con = mysqli_connect("localhost", "root", "mypassword");
if (!$con) {
    exit('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
}

mysqli_set_charset($con, 'utf-8');

mysqli_select_db($con, "my_database");

$user     = $_POST['new_mail'];
$password = $_POST['new_passwd'];

$hash = password_hash($password, PASSWORD_DEFAULT);

//check if user is not registered already, I'm not sure if you have user_id, what I know you should have id which is auto increment, then select that id
$sql  = "SELECT user_id FROM usuarios WHERE usuario = ? ";
$stmt = mysqli_prepare($con, $sql);
mysqli_stmt_bind_param($stmt, 's', $user);
mysqli_stmt_execute($stmt);
$result   = mysqli_stmt_get_result($stmt);
$num_rows = mysqli_num_rows($result);

if ($num_rows > 0) {
    //user exists

    echo "The e-mail address introduced is already on the system.";
    echo "<br><a href='register.html'>Try again</a>";
} else {
    //user does not exist register the user
    $query  = "INSERT INTO usuarios (usuario, clave) VALUES (?,?)";
    $insert = mysqli_prepare($con, $query);
    mysqli_stmt_bind_param($insert, "ss", $user, $hash);

    if (mysqli_stmt_execute($insert)):
?>

        <script type='text/javascript'>
        alert('You have been registered succesfully. Now you can access our website');
    </script>
    <?php
        header("Location: login_page.html");

        echo "<br><br><a href='index.php'>Go back</a>";
    else:
        printf("Error: %s.\n", mysqli_stmt_error($insert));
    endif;
}
?>

    

    <?php
session_start();
$con = mysqli_connect("localhost", "root", "mypassword");
if (!$con) {
    exit('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
}


if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_errno());
    exit();
}

mysqli_set_charset($con, 'utf-8');

mysqli_select_db($con, "my_database");

$user     = $_POST['username'];
$password = $_POST['password'];


#ONLY SELECT THE SPECIFIC COLUMNS YOU NEED, DON'T USE#

$sql  = "SELECT clave,anotherColumn,anotherColumn  FROM usuarios WHERE usuario= ? ";
$stmt = mysqli_prepare($con, $sql);
mysqli_stmt_bind_param($stmt, 's', $login);
mysqli_stmt_execute($stmt);
$result   = mysqli_stmt_get_result($stmt);
$num_rows = mysqli_num_rows($result);

if ($num_rows > 0) {

    $row = $row = mysqli_fetch_assoc($result);

    if (password_verify($password, $row['clave'])) {

        //passwords set sections, redirec
    } else {

        //user password does not match the stored hash return message
    }


} else {

    //username does not exist, do something
}


?>