如何使用php命令使注册表高度安全? [英] How to make register form highly secure using php command?

问题描述

我想使代码对用户真正安全.下面的代码显示了

I want to make the code really secure for the users. The code below shows the php code that

我已将其用于我的网站.现在，我已经使用了一些验证，例如password和repeatPassword必须匹配，并且用户必须输入所有字段.

I have used it for my website. Right now I have used some validation such as password and repeatPassword has to match and the users has to input all the fields.

为了使其更加安全，我想插入安全命令，例如PDO，mysqli，crypto或MD5

To make it more secure, I want to insert secure command such as PDO, mysqli, crypto or MD5

但是我不知道该怎么做，因为我是php新手.

But I do not know how to since I have new to php.

我该怎么做?

我的代码在这里:

 <?php       
      include"config.php";
  if (isset($_POST['submit']))
{
    $user_name = $_POST['name']; 
    $user_surname = $_POST['surname']; 
    $user_email = $_POST['email']; 
    $user_academic = $_POST['academic_institute']; 
    $user_username = $_POST['username']; 
    $user_pass = ($_POST['password']); 
    $user_pass2 = ($_POST['repeatPassword']); 

    if($user_name && $user_username)
        {
    if($user_pass==$user_pass2)
    {
  $query = mysql_query("INSERT INTO members (name, surname, email, academic_institute,   username, password, repeatPassword) 
   VALUES ('$user_name', '$user_surname', '$user_email', '$user_academic',     '$user_username', '$user_pass', '$user_pass2')");
   mysql_query($query); 


 echo '<script type="text/javascript">alert("You have been registered");</script>';
    }
    else
    {
        echo '<script type="text/javascript">alert("Password must match");</script>';
    }
}
else {
        echo '<script type="text/javascript">alert("All fields required");</script>';
}
  }
   ?>

推荐答案

答案不是"true"，但是对于注释部分来说太长了，因此我将其迁移到答案:

Not a "true" answer, but too long for the comment section, so I'll migrate it to an answer:

我的原始评论(略有改进)

您可能想从以下内容开始:如何我可以防止在PHP中进行SQL注入吗?

You probably want to start with: How can I prevent SQL injection in PHP?

然后继续:为PHP密码保护哈希和盐.

然后您要修复您的代码样式.样式良好的代码更易于阅读.易于阅读的代码更易于理解.而且，您对代码的了解越深入，就可以更好地推理出安全性(或者，实际上，通常是正确性).

And then you want to fix your code style. Well-styled code is easier to read. Easy to read code is easier to understand. And the better you understand code, the better you can reason about security (or, indeed, correctness in general).

还要确保您通过SSL连接为网站提供服务.

Also make sure you serving the site over an SSL connection.

您的回复

@Carpetsmoker，您能快速编辑我的代码并尝试确保其安全吗?我阅读了您给我的链接.由于我是php的新手，所以我很难理解.如果您有时间，请快速编辑我的代码.谢谢–

@Carpetsmoker, Can you quickly edit my code and try to make it secure. I read the links you gave it to me. Since I am new to php, I am struggling to understand. If you have time can you please quickly edit my code. Thank you –

我的答复

对不起，但没有:-)
这不是请编写我的代码"网站，您确实必须自己做.

I'm sorry, but no :-)
This is not a 'Please write my code'-site, you really have to do it yourself.

别误会我，我真的很感谢这项任务可能令人生畏，并且您正在努力掌握所有概念.我已经做了很多努力，但有时还是会这样做，但是(不幸的是)这是学习过程的一部分.我知道别无他法.

Don't get me wrong, I really appreciate that this task can be daunting, and that you're struggling to grasp all the concepts. I've did plenty of struggling, and still do on occasion, but (unfortunately) this is part of the learning process. I know of no other way of doing it.

首先，请记住，这两个链接只是起点，它们指出了您可以改进的地方.随时进行更多研究，搜索互联网等.

First, remember those two links are just starting points which point out what you can improve. Feel free to do more research, search the internet, etc.

其次，一次修复一件事.因此，首先要关注SQL问题，在对问题进行排序时，继续进行密码哈希处理，在对问题进行排序时，继续使用SSL.

Second, Fix one thing at a time. So first concentrate on the SQL problems, when you sorted that, go ahead to the password hashing, when you sorted that, move on to SSL.

您的评论是在我发表评论后约15分钟到达的；您应该期望为此花费几天的时间，这不是一个简单的问题，您可以使用简单的代码行来解决.如果您想正确地做，就需要掌握更深的概念.

Your reply came about 15 minutes after my comment; you should expect to invest several days into this, this is not a simple problem you can fix with a simple line of code. You will need to grasp deeper concepts if you want to do it correctly.

继续努力！不要失去希望！所有程序员都在奋斗！并且，如果您有问题/无法解决问题，请不要害怕在StackOverflow上提出更多(特定的)问题.并且请记住，在所有这些操作的最后，您将成为一个更好的程序员.这几天的投资将使您终生受益！

Keep at it! Don't lose hope! All programmers struggle! And if you have problems/can't figure something out, don't be afraid to ask more (specific) questions on StackOverflow. And remember, at the end of all of this, you will be a better programmer. These few days of investment will benefit you for life!

这篇关于如何使用php命令使注册表高度安全?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！