-2
我無法連接我的PHP頁面到我的數據庫在PHPMyAdmin .. 它是一個註冊頁面,我試圖插入數據到名爲admin的表中,但它不是加工。和輸出中的屏幕phpmyadmin數據庫連接到一個表格在PHP
<?php
$q= mysqli_connect("localhost","root","","saramadani");
if (mysqli_connect_errno())
{
echo("Error In connection");
}
else
{
echo("<center><h1>Database Connected</h1>");
}
$ufname=($_POST['ufname']);
$ulname=($_POST['ulname']);
$username=($_POST['username']);
$uemail=($_POST['uemail']);
$umobile=($_POST['umobile']);
$password=($_POST['password']);
$sql="INSERT INTO admin(ufname,ulname,username,uemail,umobile,password)VALUES('$ufname','$ulname','$username','$uemail','$umobile','$password')";
if(mysqli_query($q,$sql))
{echo "<center><h1>Record added successfully</h1>";}
else
{echo "error in insertion";}
mysqli_close($q);
**And here is the form part code where the post function:**
<form action="signup1.php" method="post">
<input type="text" name="ufname" required>
<input type="text" name="ulname" required>
<input type="text" name="username" required>
<input type="email" name="uemail" required>
<input type="phone" name="umobile" required>
<input type="password" name="password" required>
<button type="submit">Sign up</button>
</form>
[小博](http://bobby-tables.com/)說***腳本是在對SQL注入攻擊的風險。(http://stackoverflow.com/questions/60174/how- ***)瞭解[MySQLi](http://php.net)的[prepared](http://en.wikipedia.org/wiki/Prepared_statement)語句/manual/en/mysqli.quickstart.prepared-statements.php)。即使[轉義字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! –
**切勿存儲純文本密碼!**請使用***的[內置函數](http://jayblanchard.net/proper_password_hashing_with_PHP.html)***來處理密碼安全性。如果您使用的PHP版本低於5.5,則可以使用'password_hash()'[兼容包](https://github.com/ircmaxell/password_compat)。 ***在散列之前,不需要[escape passwords](http://stackoverflow.com/q/36628418/1011527)***或使用其他任何清理機制。這樣做會改變密碼並導致不必要的附加編碼。 –