php注册表格复杂化 [英] php registration form complication

问题描述

我为我的网站创建了一个注册系统，但该系统无法正常工作.当我单击注册"时，它将带我到流程页面，并给我else语句，但是信息进入了数据库，但是却给了else语句.另外，当信息进入数据库时​​，会有一个以上的用户进入.

I created a registration system for my website but it is not working . When i click sign up it takes me to the process page and gives me the else statement but the information goes into the database but gives me the else statements. Also, when the information goes int the database more than one user goes in.

signup.php:

signup.php :

<html>
 <head>
<link rel="stylesheet" type="text/css" href="css.css">
 <title>Sign Up</title>
 </head>
   <body bgcolor="#E6E6FA">

  <h2 style="text-align: right"><b style="font-size: 25px">Sign Up Below</b></h2>
 <form name="registration" method="post" action="process2.php">
 <p align="right"><input type="text" name="username" size="35" id="Username" placeholder="User Name" /></p> 
 <br></br>
 <p align="right"><input type="password" name="password" size="35"  id="Password" placeholder="Password" /></p>
<br></br>
<p align="right"><input type="password" name="password2" size="35"  id="Password2" placeholder="Confirm Password" /></p>
<br></br>
<p align="right"><input type="text" name="email" size="35"  id="Email" placeholder="E-mail" /></p>
<p align="right"><input type="submit" name="submit" value="submit"></p>
 </form>

 <h3 style="font-size: 20px"><a href="register.php">Go Back To Home Screen</a></h3>  
</body>
</html>

process2.php:

process2.php:

  <?php
  include("db.php");

  if (isset($_POST['submit'])) {
    if ($_POST['password'] == $_POST['password2']) {
    $username = $_POST['username'];
    $pw = $_POST['password'];
    $pw2 = $_POST['password2'];
    $email = $_POST['email'];

    $pw = password_hash($pw, PASSWORD_BCRYPT, array('cost' => 10));
    $pw2 = password_hash($pw2, PASSWORD_BCRYPT, array('cost' => 8));

    $sql = "INSERT into users VALUES(null, '$username', '$pw', '$pw2', '$email')";
    mysqli_query($conn, $sql);
  }

 if($username > 0){
   echo"This username is in use";
  } else {

 }
 }
 ?>

推荐答案

这是一个建议，我相信老鹰眼的Fred-ii-会发现其中的错误，但是我相信这可以完全解决问题.

This is a suggestion and I am sure the eagle eyed Fred-ii- will spot the errors in it, but I believe this to handle the ifs and elses fully

       <?php
       include("db.php");

       if (isset($_POST['submit'])) {
                if ($_POST['password'] == $_POST['password2']) {
                     $username = $_POST['username'];
                     $pw = $_POST['password'];
                     $pw2 = $_POST['password2'];
                     $email = $_POST['email'];

           // validate and sanitize all of these inputs
           // and see that they are not blank at the same time

           // Do your MySql here to find the $username and 
           // bring out result of find in $username_result

                        if($username_result > 0){
                        $return_message = "This username is in use";
                        include("register.php");
                        exit;                           // exit; // or send them back to registration page
                        } else {
                        // it is not in use so put it in
                        $pw = password_hash($pw, PASSWORD_BCRYPT, array('cost' => 10));
                        $pw2 = password_hash($pw2, PASSWORD_BCRYPT, array('cost' => 8));

                        $sql = "INSERT into users VALUES(null, '$username', '$pw', '$pw2', '$email')";

                           if(mysqli_query($conn, $sql)){                                  
                           // if insert checked as successful echo username and password saved successfully
                           $return_message = "New user name and password created successfully.";        echo $return_message;   // stays on the same page
                           }else{
                           $return_message = "Sorry there has been an error, please try again.";   // and send them back to registration page 
                           include("register.php");
                           exit;
                           }   
                        }
                }else{
                $return_message = "The passwords do not match. Please re-enter them.";  // and send them back to registration page
                include("register.php");
                exit;
                }    
      }
      ?>

在将表单提交的所有内容移到数据库附近之前，请记住要关闭连接并对其进行清理.

Remember to close connection and sanitize anything submitted from your form before it goes anywhere near your database.

使用JavaScript在注册页面本身上评估不匹配的密码可能比提交页面进行验证更好.

It might be better to evaluate non-matching passwords on the registration page itself with JavaScript rather than submitting the page to validate.

当包含注册页面时，如果您愿意，可以在上面输入错误并将值保留在文本字段中-这样他们就可以编辑输入的内容.固定长度可以减少黑客提交虚假内容的余地.因此，您可以将其设置为$return_message =，而不在信息中回显，而是在注册页面上显示该信息. echo $return_message;，因为该值仍可用于页面，而无需重新发布该值，直到该值被用户更正并重新提交为止.

When registration page is included you could put the error on that and keep the values in the textfields if you wanted to - so they could edit what they put in. Fixing a length might give hackers less leeway to submit nasties. So, instead of echoing the message you could make it $return_message = and have an echo on the registration page for messages. echo $return_message; as the value is still available to the page without it having to be re-posted until it gets corrected and re-submitted by the user.

         <p align="right"><input type="text" name="username" size="35" id="Username" placeholder="User Name" value="<?php echo $username;?>" maxlength="30" /></p>  

这篇关于php注册表格复杂化的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！