下午好! 我试图在我的网页上注册,我有一个问题 - 注册正在发生,但它可以创建多个用户使用相同的符号和相同的电子邮件,并且当密码不匹配时不会给出错误。PHP mysql注册页面问题
这里是形式 -
<form action = "register.php" method = "post">
Select username:<br>
<input type = "text" name = "username"><br>
Your e-mail:<br>
<input type = "email" name = "email"><br>
Set password:<br>
<input type = "password" name = "password1"><br>
Repeat password:<br>
<input type = "password" name = "password2"><br>
<button> </button>
</form>
这里是PHP代码 -
<?php
if (isset($_POST['username']) && isset($_POST['email']) && isset($_POST['password1']) && isset($_POST['password2'])){
$query = 'select * from users where username = "'.addslashes($_POST['username']).'"';
$numrows = mysqli_num_rows($link,$query);
if($numrows == 0){
$query_mail = 'select * from users where email = "'.addslashes($_POST['email']).'"';
$numrows_mail = mysqli_num_rows($link,$query_mail);
if($numrows_mail == 0){
if(isset($_POST['password1']) == isset($_POST['password2'])){
$sql = 'INSERT INTO users (username,password,email) VALUES("'.addslashes($_POST['username']).'","'.addslashes($_POST['password1']).'","'.addslashes($_POST['email']).'")';
$result = mysqli_query($link,$sql) or die(mysqli_error($link));
if($result){
echo 'Account sucsessfully created! You can now log in.';
}else{
var_dump($result);
}
}else {
echo 'Passwords must match!';
}
}else {
echo 'E-mail allready registered!';
}
}else{
echo 'Username allready in use!';
}
}
?>
有人能解释一下什么是不正确吗?
W¯¯你的意思是“*具有相同符号的多个用户*”吗?你能举一些例子吗?而且你实际上并没有运行查询来检查电子邮件,你使用'mysqli_num_rows($ link,$ query_mail);' - 这会引发你的错误。 – Qirel
您还应该注意,直接在查询中使用变量,尤其是用户输入,是不安全的。你应该在你的查询上使用带有占位符的'mysqli :: prepare()',而手册上就是这样的例子:http://php.net/mysqli.prepare – Qirel
而'if(isset($ _ POST ['password1']] )== isset($ _ POST ['password2']))'不检查密码是否匹配,只要它们都被设置。 – Qirel