-1
我有一个注册表格,它有一个密码字段和一个确认密码字段。我想密码和确认密码字段是相同的,所以它可以注册新的用户信息。以注册形式确认密码
形式:
<form class="form-signin" name="Register_Form" method="post" action="regcheck.php">
<h2 class="form-signin-heading">Please sign in</h2>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" id="inputPassword" name="inputPassword" class="form-control" placeholder="Password" required>
<label for="CPassword" class="sr-only">Confirm Password</label>
<input type="password" id="CPassword" name="CPassword" class="form-control" placeholder="Confirm Password" required>
<button class="btn btn-lg btn-primary btn-block" type="reg" name="reg" value="Register">Register</button>
</form>
require_once 'connect.php';
if (isset($_POST['reg'])){
//$dob = $_POST['date'];
$dob = date('Y-m-d', strtotime($_POST['date']));
$Student_ID = $_POST['Student_ID'];
$gender = $_POST['gender'];
$course = $_POST['Course'];
$email = $_POST['inputEmail'];
$password = $_POST['inputPassword'];
$cpassword = $_POST['CPassword'];
$FN = $_POST['FirstName'];
$SN = $_POST['SecondName'];
if ($password === $cpassword) {
// success!
$sql = "INSERT INTO tblaccounts (Email, Password, Student_ID, FirstName, SecondName, Course, Gender, DoB) VALUES ('".$email."','".$password."','".$Student_ID."','".$FN."','".$SN."','".$course."','".$gender."','".$dob."')";
$result = mysqli_query($connection, $sql) or die("Database Connection Failed" . mysqli_error($connection));
//$count = mysqli_num_rows($result);
echo "Registeration Successful!:";
header('Location: login.php');
}
else {
// failed :(
}
} else {
echo "Registeration Failed!:";#
?><br/><a href ="login.php">Go back to the login screen.</a><?php
}
这段代码会发生什么?你开放SQL注入,参数化。您还需要散列密码,不要存储纯文本密码。 – chris85
@ chris85我想让表单按照我的意愿去做。然后,我将致力于安全性等工作。 – helloworld999
你的问题是关于这个条件,如果($密码=== $ cpassword){',不工作,对不对?它做什么,抛出一个错误,永远不匹配,总是匹配,其他? – chris85