1. 首页
  2. 问答
  3. 添加验证码以形成php/mysql

添加验证码以形成php/mysql

2015-11-03 88 views
0

我想将Google验证码添加到我的php表单中。表单将数据添加到我的mysql数据库。如何将代码的两部分添加到一起,以便表单首先检查验证码,并在检查完成后将其发送。添加验证码以形成php/mysql

$servername = ""; 
$username = ""; 
$password = ""; 
$database = ""; 


$conn = new mysqli($servername, $username, $password, $database); 

if ($conn->connect_error) { 
die("Connection failed: " . $conn->connect_error); 
} 


    $email = $_SESSION['userName']; 
    $contact = $_POST['naar']; 
    $address = $_POST['bericht']; 


$sql = "INSERT INTO messages (to_user, from_user, message) 
     VALUES ('".$contact."', '".$email."', '".$address."')"; 


$conn->close(); 






    if($_SERVER["REQUEST_METHOD"] === "POST") 
    { 
    //form submitted 

    //check if other form details are correct 

    //verify captcha 
    $recaptcha_secret = "xxxxxxxxxxxxxx"; 
    $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$recaptcha_secret."&response=".$_POST['g-recaptcha-response']); 
    $response = json_decode($response, true); 
    if($response["success"] === true) 
    { 
     echo "Logged In Successfully"; 
    } 
    else 
    { 
     echo "You are a robot"; 
    } 
}

来源

2015-11-03 Sebastiaan N

+2

你很容易受到[SQL注入攻击(http://bobby-tables.com) ,如果你想要求验证码,那么也许如果你做了验证码检查的东西**之前**你将数据填入数据库中...... –

+1

只需将你想运行的代码移到括号内的验证码成功 – 2015-11-03 21:51:54

回答

0

由于@Dagon和@Marc的B上述评论人士建议,试试这个:

$servername = ""; 
$username = ""; 
$password = ""; 
$database = ""; 

    if($_SERVER["REQUEST_METHOD"] === "POST") 
    { 
    //form submitted 

    //check if other form details are correct 

    //verify captcha 
    $recaptcha_secret = "xxxxxxxxxxxxxx"; 
    $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$recaptcha_secret."&response=".$_POST['g-recaptcha-response']); 
    $response = json_decode($response, true); 
    if($response["success"] === true) 
    { 

     //$conn = new mysqli($servername, $username, $password, $database); 
     try{ 
       $db = new PDO('mysql:host='.$servername.';dbname='.$database,$username,$password); 
       $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
     } 
     catch(PDOException $e){ 
       echo "Error connecting to DB"; 
       echo $e->getMessage(); 
       exit(); 
     } 

     if ($conn->connect_error) { 
      die("Connection failed: " . $conn->connect_error); 
     } 

     $email = $_SESSION['userName']; 
     $contact = $_POST['naar']; 
     $address = $_POST['bericht']; 


     $sql_pdo = "INSERT INTO messages (to_user, from_user, message) 
       VALUES (:contact, :email, :address)"; 

     $stmt = $conn->prepare($sql_pdo); 

     try { 
      $result = $stmt->execute(array(
       ':contact' => $contact, 
       ':email' => $email, 
       ':address' => $address 
       )); 
      if (count($result) > 0) { 
       // Insert has gone well. Do your things here. 
       echo "Logged In Successfully"; 
      } 
      else { 
       // Insert error. Report, check, ... 
      } 
     } 
     catch(PDOException $e){ 
      echo 'could not insert in DB'; 
      echo 'Error: ' . $e->getMessage(); 
      return false; 
     } 

     $conn->close(); 
    } 
    else 
    { 
     echo "You are a robot"; 
    } 
}

来源

2015-11-03 23:40:52 Giuseppe

相关问题

 相关问题