Php 我的网页没有';t识别登记表中填写的数据
我目前正在做一个网页,现在我的重点是登录和注册表格。我还连接了一个sql数据库。当我使用注册表单注册新用户时,数据库将成功更新。问题是,当我尝试与该用户登录时,页面无法识别它。此外,如果我尝试使用我用Netbeans手动引入的用户登录,它会识别它Php 我的网页没有';t识别登记表中填写的数据,php,html,mysqli,Php,Html,Mysqli,我目前正在做一个网页,现在我的重点是登录和注册表格。我还连接了一个sql数据库。当我使用注册表单注册新用户时,数据库将成功更新。问题是,当我尝试与该用户登录时,页面无法识别它。此外,如果我尝试使用我用Netbeans手动引入的用户登录,它会识别它 $con = mysqli_connect("localhost", "root", "mypassword"); if(!$con) { exit('Connect Error (' . mysqli_connect_errno() .')
$con = mysqli_connect("localhost", "root", "mypassword");
if(!$con) {
exit('Connect Error (' . mysqli_connect_errno() .') ' . mysqli_connect_error());
}
mysqli_set_charset($con, 'utf-8');
mysqli_select_db($con, "my_database");
$user = mysqli_real_escape_string($con, htmlentities($_POST['new_mail']));
$password = mysqli_real_escape_string($con, htmlentities($_POST['new_passwd']));
$sql = "INSERT INTO usuarios (usuario, clave) VALUES ('". $user ."' , ' ".md5($password)."')";
mysqli_query($con, $sql);
if(mysqli_affected_rows($con) > 0) {
?>
<script type='text/javascript'>
alert('You have been registered succesfully. Now you can access our website');
</script>
<?php
header("Location: login_page.html");
echo "<br><br><a href='index.php'>Go back</a>";
} else {
if(mysqli_errno($con) == 1062) {
echo "The e-mail address introduced is already on the system.";
echo "<br><a href='register.html'>Try again</a>";
} else {
echo "Error: " .$sql . "<br>" . mysqli_error($con);
}
}
$con=mysqli_connect(“localhost”、“root”、“mypassword”);
如果(!$con){
退出('Connect Error('.mysqli_Connect_errno())'。mysqli_Connect_Error());
}
mysqli_set_charset($con,'utf-8');
mysqli_select_db($con,“我的数据库”);
$user=mysqli\u real\u escape\u字符串($con,htmlentities($\u POST['new\u mail']);
$password=mysqli\u real\u escape\u字符串($con,htmlentities($\u POST['new\u passwd']);
$sql=“插入到usuarios(usuario,clave)值(“$user.”,“.md5($password)。”)”;
mysqli_查询($con,$sql);
如果(mysqli\u受影响的行($con)>0){
?>
警报(“您已成功注册。现在您可以访问我们的网站”);
你在注册页面上犯了一些错误
您没有使用准备好的语句
您正在使用md5()
而不是password\u hash()
和password\u verify()
来保护密码
您正在对密码使用清除机制,但不应这样做,因为这可能会更改原始密码
根据以上内容,您应该使用准备好的语句,并利用密码散列和验证
因此,您的注册页面应如下所示:
<?php
$con = mysqli_connect("localhost", "root", "mypassword");
if (!$con) {
exit('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
}
mysqli_set_charset($con, 'utf-8');
mysqli_select_db($con, "my_database");
$user = $_POST['new_mail'];
$password = $_POST['new_passwd'];
$hash = password_hash($password, PASSWORD_DEFAULT);
//check if user is not registered already, I'm not sure if you have user_id, what I know you should have id which is auto increment, then select that id
$sql = "SELECT user_id FROM usuarios WHERE usuario = ? ";
$stmt = mysqli_prepare($con, $sql);
mysqli_stmt_bind_param($stmt, 's', $user);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$num_rows = mysqli_num_rows($result);
if ($num_rows > 0) {
//user exists
echo "The e-mail address introduced is already on the system.";
echo "<br><a href='register.html'>Try again</a>";
} else {
//user does not exist register the user
$query = "INSERT INTO usuarios (usuario, clave) VALUES (?,?)";
$insert = mysqli_prepare($con, $query);
mysqli_stmt_bind_param($insert, "ss", $user, $hash);
if (mysqli_stmt_execute($insert)):
?>
<script type='text/javascript'>
alert('You have been registered succesfully. Now you can access our website');
</script>
<?php
header("Location: login_page.html");
echo "<br><br><a href='index.php'>Go back</a>";
else:
printf("Error: %s.\n", mysqli_stmt_error($insert));
endif;
}
?>
说。了解for。即使是不安全的!也不应该在插入密码时更改密码。使用htmlentities会更改密码,从而导致巨大的麻烦。出于安全目的,MD5被认为已损坏,不足以进行密码散列。如果您使用的是5.5之前的PHP版本,请使用and,您可以使用。我已经修改了代码,但现在我在提交公式时收到HTTP错误500。我已经查找了代码中的错误,但它似乎很好,所以我不知道发生了什么。我还返回了旧代码,但没有收到错误。感谢您的帮助。问题是我没有正确的驱动程序来使用get_result functions(mysqlnd),所以一旦我安装了它,一切都很好。酷,如果有帮助@giovannicaabera,你可能会接受答案
<?php
$con = mysqli_connect("localhost", "root", "mypassword");
if (!$con) {
exit('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
}
mysqli_set_charset($con, 'utf-8');
mysqli_select_db($con, "my_database");
$user = $_POST['new_mail'];
$password = $_POST['new_passwd'];
$hash = password_hash($password, PASSWORD_DEFAULT);
//check if user is not registered already, I'm not sure if you have user_id, what I know you should have id which is auto increment, then select that id
$sql = "SELECT user_id FROM usuarios WHERE usuario = ? ";
$stmt = mysqli_prepare($con, $sql);
mysqli_stmt_bind_param($stmt, 's', $user);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$num_rows = mysqli_num_rows($result);
if ($num_rows > 0) {
//user exists
echo "The e-mail address introduced is already on the system.";
echo "<br><a href='register.html'>Try again</a>";
} else {
//user does not exist register the user
$query = "INSERT INTO usuarios (usuario, clave) VALUES (?,?)";
$insert = mysqli_prepare($con, $query);
mysqli_stmt_bind_param($insert, "ss", $user, $hash);
if (mysqli_stmt_execute($insert)):
?>
<script type='text/javascript'>
alert('You have been registered succesfully. Now you can access our website');
</script>
<?php
header("Location: login_page.html");
echo "<br><br><a href='index.php'>Go back</a>";
else:
printf("Error: %s.\n", mysqli_stmt_error($insert));
endif;
}
?>
<?php
session_start();
$con = mysqli_connect("localhost", "root", "mypassword");
if (!$con) {
exit('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
}
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_errno());
exit();
}
mysqli_set_charset($con, 'utf-8');
mysqli_select_db($con, "my_database");
$user = $_POST['username'];
$password = $_POST['password'];
#ONLY SELECT THE SPECIFIC COLUMNS YOU NEED, DON'T USE#
$sql = "SELECT clave,anotherColumn,anotherColumn FROM usuarios WHERE usuario= ? ";
$stmt = mysqli_prepare($con, $sql);
mysqli_stmt_bind_param($stmt, 's', $login);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$num_rows = mysqli_num_rows($result);
if ($num_rows > 0) {
$row = $row = mysqli_fetch_assoc($result);
if (password_verify($password, $row['clave'])) {
//passwords set sections, redirec
} else {
//user password does not match the stored hash return message
}
} else {
//username does not exist, do something
}
?>