下午好! 我試圖在我的網頁上註冊,我有一個問題 - 註冊正在發生,但它可以創建多個用戶使用相同的符號和相同的電子郵件,並且當密碼不匹配時不會給出錯誤。PHP mysql註冊頁面問題
這裏是形式 -
<form action = "register.php" method = "post">
Select username:<br>
<input type = "text" name = "username"><br>
Your e-mail:<br>
<input type = "email" name = "email"><br>
Set password:<br>
<input type = "password" name = "password1"><br>
Repeat password:<br>
<input type = "password" name = "password2"><br>
<button> </button>
</form>
這裏是PHP代碼 -
<?php
if (isset($_POST['username']) && isset($_POST['email']) && isset($_POST['password1']) && isset($_POST['password2'])){
$query = 'select * from users where username = "'.addslashes($_POST['username']).'"';
$numrows = mysqli_num_rows($link,$query);
if($numrows == 0){
$query_mail = 'select * from users where email = "'.addslashes($_POST['email']).'"';
$numrows_mail = mysqli_num_rows($link,$query_mail);
if($numrows_mail == 0){
if(isset($_POST['password1']) == isset($_POST['password2'])){
$sql = 'INSERT INTO users (username,password,email) VALUES("'.addslashes($_POST['username']).'","'.addslashes($_POST['password1']).'","'.addslashes($_POST['email']).'")';
$result = mysqli_query($link,$sql) or die(mysqli_error($link));
if($result){
echo 'Account sucsessfully created! You can now log in.';
}else{
var_dump($result);
}
}else {
echo 'Passwords must match!';
}
}else {
echo 'E-mail allready registered!';
}
}else{
echo 'Username allready in use!';
}
}
?>
有人能解釋一下什麼是不正確嗎?
W¯¯你的意思是「*具有相同符號的多個用戶*」嗎?你能舉一些例子嗎?而且你實際上並沒有運行查詢來檢查電子郵件,你使用'mysqli_num_rows($ link,$ query_mail);' - 這會引發你的錯誤。 – Qirel
您還應該注意,直接在查詢中使用變量,尤其是用戶輸入,是不安全的。你應該在你的查詢上使用帶有佔位符的'mysqli :: prepare()',而手冊上就是這樣的例子:http://php.net/mysqli.prepare – Qirel
而'if(isset($ _ POST ['password1']] )== isset($ _ POST ['password2']))'不檢查密碼是否匹配,只要它們都被設置。 – Qirel