0
我有一個小問題。我有一個註冊表格。它幾乎完美的工作,我可以檢查輸入字段的值,我可以檢查天氣我們在數據庫中有相同的用戶名,但如果一切正常,我不能發送數據到我的數據庫。我使用它作爲管理員/根,所以我有權限。問題是什麼?請幫忙!我無法發送從輸入字段中的數據,以我的MySQL數據庫
<?php
// declaring variables from input fields
$email = $_POST['email'];
$username=$_POST['username'];
$password=$_POST['password'];
$password2=$_POST['password2'];
function registration ($username, $email, $password) {
//new user registering
//return true or errormessage
//connecting to database, YEAH IT WORKS!
$connection = connecting_to_db();
//checking unique of username and IT WORKS!
$result = $connection->query("SELECT * FROM user WHERE username='".$username."'");
if (!$result) {
throw new Exception ('We couldnt query. Sorry.');
}
if ($result->num_rows>0) {
throw new Exception ('We have already this username! Choose something else!');
}
// if it is OK send it to the DB AND THIS IS NOT WORKING :-(
$result = $connection->query("INSERT INTO user VALUES'".$username."', shal('".$password."'), '".$email."')");
// I get alwasy this way and get this message.
if (!$result) {
throw new Exception ('We couldnt save your datas in our database. Try it later!');
}
return true;
}
?>
***您不應該使用[SHA1哈希密碼(https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1)***或*** [MD5密碼哈希](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure)***,你真的應該使用PHP的[內置函數](http: //jayblanchard.net/proper_password_hashing_with_PHP.html)來處理密碼安全性。在散列之前,請確保你[不要越過密碼](http://stackoverflow.com/q/36628418/1011527)或使用其他任何清理機制。這樣做*更改密碼並導致不必要的附加編碼。 –
[Little Bobby](http://bobby-tables.com/)說*** [你的腳本存在SQL注入攻擊風險。](http://stackoverflow.com/questions/60174/how-can- I-防止-SQL注入式-PHP)***。即使[轉義字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! –
DD [錯誤報告](http://stackoverflow.com/questions/845021/how-to-get-useful-error-messages-in-php/845025#845025)到 頂部的文件(S)_while testing_就在您打開PHP標記之後,例如 '<?php error_reporting(E_ALL); ini_set('display_errors',1);'看看它是否產生任何東西。 – RiggsFolly