0
我有一个小问题。我有一个注册表格。它几乎完美的工作,我可以检查输入字段的值,我可以检查天气我们在数据库中有相同的用户名,但如果一切正常,我不能发送数据到我的数据库。我使用它作为管理员/根,所以我有权限。问题是什么?请帮忙!我无法发送从输入字段中的数据,以我的MySQL数据库
<?php
// declaring variables from input fields
$email = $_POST['email'];
$username=$_POST['username'];
$password=$_POST['password'];
$password2=$_POST['password2'];
function registration ($username, $email, $password) {
//new user registering
//return true or errormessage
//connecting to database, YEAH IT WORKS!
$connection = connecting_to_db();
//checking unique of username and IT WORKS!
$result = $connection->query("SELECT * FROM user WHERE username='".$username."'");
if (!$result) {
throw new Exception ('We couldnt query. Sorry.');
}
if ($result->num_rows>0) {
throw new Exception ('We have already this username! Choose something else!');
}
// if it is OK send it to the DB AND THIS IS NOT WORKING :-(
$result = $connection->query("INSERT INTO user VALUES'".$username."', shal('".$password."'), '".$email."')");
// I get alwasy this way and get this message.
if (!$result) {
throw new Exception ('We couldnt save your datas in our database. Try it later!');
}
return true;
}
?>
***您不应该使用[SHA1哈希密码(https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1)***或*** [MD5密码哈希](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure)***,你真的应该使用PHP的[内置函数](http: //jayblanchard.net/proper_password_hashing_with_PHP.html)来处理密码安全性。在散列之前,请确保你[不要越过密码](http://stackoverflow.com/q/36628418/1011527)或使用其他任何清理机制。这样做*更改密码并导致不必要的附加编码。 –
[Little Bobby](http://bobby-tables.com/)说*** [你的脚本存在SQL注入攻击风险。](http://stackoverflow.com/questions/60174/how-can- I-防止-SQL注入式-PHP)***。即使[转义字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! –
DD [错误报告](http://stackoverflow.com/questions/845021/how-to-get-useful-error-messages-in-php/845025#845025)到 顶部的文件(S)_while testing_就在您打开PHP标记之后,例如 '<?php error_reporting(E_ALL); ini_set('display_errors',1);'看看它是否产生任何东西。 – RiggsFolly