1. 首頁
  2. 問答
  3. 添加驗證碼以形成php/mysql

添加驗證碼以形成php/mysql

2015-11-03 84 views
0

我想將Google驗證碼添加到我的php表單中。表單將數據添加到我的mysql數據庫。如何將代碼的兩部分添加到一起,以便表單首先檢查驗證碼,並在檢查完成後將其發送。添加驗證碼以形成php/mysql

$servername = ""; 
$username = ""; 
$password = ""; 
$database = ""; 


$conn = new mysqli($servername, $username, $password, $database); 

if ($conn->connect_error) { 
die("Connection failed: " . $conn->connect_error); 
} 


    $email = $_SESSION['userName']; 
    $contact = $_POST['naar']; 
    $address = $_POST['bericht']; 


$sql = "INSERT INTO messages (to_user, from_user, message) 
     VALUES ('".$contact."', '".$email."', '".$address."')"; 


$conn->close(); 






    if($_SERVER["REQUEST_METHOD"] === "POST") 
    { 
    //form submitted 

    //check if other form details are correct 

    //verify captcha 
    $recaptcha_secret = "xxxxxxxxxxxxxx"; 
    $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$recaptcha_secret."&response=".$_POST['g-recaptcha-response']); 
    $response = json_decode($response, true); 
    if($response["success"] === true) 
    { 
     echo "Logged In Successfully"; 
    } 
    else 
    { 
     echo "You are a robot"; 
    } 
}

來源

2015-11-03 Sebastiaan N

+2

你很容易受到[SQL注入攻擊(http://bobby-tables.com) ,如果你想要求驗證碼,那麼也許如果你做了驗證碼檢查的東西**之前**你將數據填入數據庫中...... –

+1

只需將你想運行的代碼移到括號內的驗證碼成功 – 2015-11-03 21:51:54

回答

0

由於@Dagon和@Marc的B上述評論人士建議,試試這個:

$servername = ""; 
$username = ""; 
$password = ""; 
$database = ""; 

    if($_SERVER["REQUEST_METHOD"] === "POST") 
    { 
    //form submitted 

    //check if other form details are correct 

    //verify captcha 
    $recaptcha_secret = "xxxxxxxxxxxxxx"; 
    $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$recaptcha_secret."&response=".$_POST['g-recaptcha-response']); 
    $response = json_decode($response, true); 
    if($response["success"] === true) 
    { 

     //$conn = new mysqli($servername, $username, $password, $database); 
     try{ 
       $db = new PDO('mysql:host='.$servername.';dbname='.$database,$username,$password); 
       $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
     } 
     catch(PDOException $e){ 
       echo "Error connecting to DB"; 
       echo $e->getMessage(); 
       exit(); 
     } 

     if ($conn->connect_error) { 
      die("Connection failed: " . $conn->connect_error); 
     } 

     $email = $_SESSION['userName']; 
     $contact = $_POST['naar']; 
     $address = $_POST['bericht']; 


     $sql_pdo = "INSERT INTO messages (to_user, from_user, message) 
       VALUES (:contact, :email, :address)"; 

     $stmt = $conn->prepare($sql_pdo); 

     try { 
      $result = $stmt->execute(array(
       ':contact' => $contact, 
       ':email' => $email, 
       ':address' => $address 
       )); 
      if (count($result) > 0) { 
       // Insert has gone well. Do your things here. 
       echo "Logged In Successfully"; 
      } 
      else { 
       // Insert error. Report, check, ... 
      } 
     } 
     catch(PDOException $e){ 
      echo 'could not insert in DB'; 
      echo 'Error: ' . $e->getMessage(); 
      return false; 
     } 

     $conn->close(); 
    } 
    else 
    { 
     echo "You are a robot"; 
    } 
}

來源

2015-11-03 23:40:52 Giuseppe

相關問題

 相關問題