注册脚本,需要一个数据库输入被检查,然后删除注册
注册脚本,需要一个数据库输入被检查,然后删除注册
提问于 2011-12-08 19:51:02
我的脚本有问题。它应该做的是,当用户向表单注册时,它应该插入表单,但前提是“密钥”与我设置的不同表中的密钥匹配。验证通过后,应将用户信息插入数据库,然后删除密钥。我似乎不知道出了什么问题,当“密钥”表中只有一个输入时,它就能工作了,但当我插入更多的输入时,它就停止工作了。任何帮助都将不胜感激!
代码如下:
<?php
session_start();
if ($_SESSION['auth'] == true)
{
header('location: ../../index.php');
}
else
{
include($_SERVER['DOCUMENT_ROOT']."/skole/system/db/DbConnector.php");
new DbConnector();
if ($_POST)
{
$navn = mysql_real_escape_string($_POST['name']);
$brukernavn = mysql_real_escape_string($_POST['username']);
$passord = md5(mysql_real_escape_string($_POST['password']));
$siste_logginn = date("d/m/y H:i:s");
$logginn_ip = $_SERVER['REMOTE_ADDR'];
$email = mysql_real_escape_string($_POST['email']);
$passkey = mysql_real_escape_string($_POST['passkey']);
$qGetPasskey = mysql_query("SELECT * FROM passkey");
$rGetPasskey = mysql_fetch_array($qGetPasskey);
if($rGetPasskey['passkey'] == $passkey)
{
mysql_query("INSERT INTO brukere SET navn = '{$navn}', brukernavn = '{$brukernavn}', passord = '{$passord}', siste_logginn = '{$siste_logginn}', logginn_ip= '{$logginn_ip}', email = '{$email}', passkey = '{$passkey}'");
mysql_query("DELETE FROM passkey WHERE passkey = '{$passkey}'");
echo 'Success';
}
//header('location: ../../index.php');
}
else
{
echo 'Failure';
//header('location: ../../index.php?aksjon=register&feil=1');
}
}
?>回答 3
Stack Overflow用户
回答已采纳
发布于 2011-12-08 20:09:17
我认为它不匹配,因为没有循环来检查数组中的多个记录:
$qGetPasskey = mysql_query("SELECT * FROM passkey");
while($rGetPasskey = mysql_fetch_array($qGetPasskey)) {
if($rGetPasskey['passkey'] == $passkey) {
mysql_query("INSERT INTO brukere SET navn = '{$navn}', brukernavn = '{$brukernavn}', passord = '{$passord}', siste_logginn = '{$siste_logginn}', logginn_ip= '{$logginn_ip}', email = '{$email}', passkey = '{$passkey}'");
mysql_query("DELETE FROM passkey WHERE passkey = '{$passkey}'");
echo 'Success';
}
}Stack Overflow用户
发布于 2011-12-08 19:56:07
使用or die(mysql_error());
查看您的查询中是否有任何MySQL错误。
示例:
mysql_query("INSERT INTO brukere SET navn = '{$navn}', brukernavn = '{$brukernavn}', passord = '{$passord}', siste_logginn = '{$siste_logginn}', logginn_ip= '{$logginn_ip}', email = '{$email}', passkey = '{$passkey}'") or die("Error ->".mysql_error());Stack Overflow用户
发布于 2011-12-08 20:05:29
存储和检查密码的推荐方法是使用加盐哈希函数。
永远不要在数据库中存储未加密的密码!请参阅:Secure hash and salt for PHP passwords
存储用户数据,包括密码
INSERT INTO user (username, salt, passhash)
VALUES ('$username','$salt',SHA2(concat('$salt','$password'),512))检查有效的用户名和密码的
SELECT id FROM user
WHERE username = '$username' AND passhash = SHA2(concat('$salt','$password'),512)当且仅当用户存在时,才会将数据插入到表中
$passkey = mysql_real_escape_string($_POST['passkey']);
mysql_query("INSERT INTO brukere
(navn, brukernavn, passord, sisteloginn, loginn_ip, email, passhash)
SELECT
'$navn','$brukernavn','$passord', '$siste_logginn', '{$logginn_ip}', '{$email}', id
FROM user u
WHERE u.username = '$brukernavn'
AND passhash = SHA2(concat(u.salt,'$passkey'),512) ";请注意,查询中不需要{},只有在计算表达式时才需要这些only。如果你只是想注入一个$var,'$var'和{'$var'}是一样的。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/8430607
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号