1. 首页
  2. 问答
  3. '字段列表'中的未知列'a9162e80e079a0051c8b7f88195a94da'(加密密码)

'字段列表'中的未知列'a9162e80e079a0051c8b7f88195a94da'(加密密码)

2014-11-06 20 views
0

我已经检查并试图更改我的代码,但仍然出现同样的错误,我试图解决这个问题约2天, 3个小时的思考和改变。'字段列表'中的未知列'a9162e80e079a0051c8b7f88195a94da'(加密密码)

我对此很新,找不到错误所在的行。 我已经看过这个问题,但仍找不到答案。试图添加''仍然没有,我的MySQL表也存在,我确信它。

需要一些帮助。

if(isset($_POST["register"])){ 
    $username = protect($_POST['username']); 
    $password = protect($_POST['password']); 
    $email = protect($_POST['email']); 

    if(strlen($username) > 20){ 
     echo "Username must be less than 20 characters!"; 
    }elseif(strlen($email) > 100){ 
     echo "E-mail must be less than 100 characters!"; 
    }elseif(strlen($username) < 4){ 
     echo "Username must be more than 4 characters!"; 
    }elseif(strlen($password) < 4){ 
     echo "Password must be more than 4 characters!"; 
    }else{ 
     $register1 = @mysql_query("SELECT id FROM user WHERE username = '$username' ") or die(@mysql_error()); 
     $register2 = @mysql_query("SELECT id FROM user WHERE email = '$email' ") or die(@mysql_error()); 
     if(@mysql_num_rows($register1) > 0){ 
      echo "That username is already in use!"; 
     }elseif(mysql_num_rows($register2) > 0){ 
      echo "That e-mail address is already in use!"; 
     }else{ 
      $ins1 = @mysql_query("INSERT INTO stats (gold, attack, defense, food) VALUES (100,10,10,100)") or die(mysql_error()); 
      $ins2 = @mysql_query("INSERT INTO unit (worker, farmer, warrior, defender, archer, longbowmen, phalanxmen, knight, cavalary) VALUES (5, 5, 0, 0, 0, 0, 0, 0, 0)") or die(mysql_error()); 
      $ins3 = @mysql_query("INSERT INTO user (username, password, email) VALUES('$_POST[$username]', ".md5('$_POST[$password]')." ,'$_POST[$email]')") or die(mysql_error()); 
      $ins4 = @mysql_query("INSERT INTO weapon(sword, shield, bow, longbow, towershield, longsword, pike, horse) VALUES (0, 0, 0, 0, 0, 0, 0, 0)") or die(mysql_error()); 
      $ins5 = @mysql_query("INSERT INTO ranking (attack, defense, overall) VALUES (0,0,0)"); 
       echo("Congratulations, You have registered!"); 

     } 
    } 
}

来源

2014-11-06 Zuneec Zeroster aka Henry S.

+3

'”找不到错误所在的行“删除所有那些令人讨厌的错误抑制符号('@') – Steve 2014-11-06 11:35:31

+1

,当然还有关于使用不推荐使用的方法的常见说法。使用mysqli/pdo代替,保护所有对sql注入 – Olli 2014-11-06 11:38:59

+0

并请查看[password_hash()](http://www.php.net/manual/en/function.password-hash.php)函数, MD5算法不适合散列密码,因为它的速度太快了(每秒用通用硬件[8 Giga哈希值](http://hashcat.net/oclhashcat/#performance))。 – martinstoeckli 2014-11-06 14:02:53

回答

1

使用 '' 包围你的密码值,否则MySQL的解释文本作为列的名称,而不是值:

$ins3 = @mysql_query("INSERT INTO user (username, password, email) VALUES('$_POST[$username]', '".md5('$_POST[$password]')."' ,'$_POST[$email]')") or die(mysql_error());

来源

2014-11-06 11:35:40 Olli

0

取代".md5('$_POST[$password]')."'".md5('$_POST[$password]')."'(加引号)

来源

2014-11-06 11:35:51 David162795

相关问题

 相关问题