我已经构建了一个简单的注册表单,如下所示,我试图让用户加密他们的密码,然后输入我的数据库.我正在尝试使用md5加密.我还附加了数据库连接脚本.
我的目标是当我检查我的数据库时,我想看到以下内容:(id,name,username,encrypted password)
我遇到的问题是表单没有完全处理.我得到这个错误(错误:'字段列表'中的未知列'd8578edf8458ce06fbc5bb76a58c5ca4').
有些人可以告诉我或者告诉我"在我的代码或SQL插入和/或我的变量中需要纠正的是什么"才能使其正常工作.我知道它可能是一个非常非常简单的修复.我只是被困在这一点上.
我非常感谢你的帮助.
<?php
error_reporting(0);
if($_POST['submit'])
{ //Begining of full IF Statment
$name = $_POST['name'];
$username = $_POST['username'];
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];
// Encrypt Pasword
$enc_password = md5($password);
//$enc_password2 = md5($confirm_password);
// Confirm All feild were filled out when submit button was pressed
if($name && $username && $password && $confirm_password)
{
// Confirm that the NAME that you used is NOT greater than 30 characters
if(strlen($name)>24)
{
echo "<h2><center>YOUR NAME IS TOO LONG!!!!</center></h2><br>";
}
// Confirm that the USERNAME that you used is NOT greater than 10 characters
if(strlen($username)>10)
{
echo "<h2><center>YOUR USERNAME IS TOO LONG!!!!</center></h2><br>";
}
else {
// Confirm that the PASSWORD that you used MATCH & Between 6 and 15 characters
if(strlen($password)>10 || strlen($password)<6)
{
echo "<h2><center>YOUR PASSWORD MUST BE BETWEEN 6 and 15 CHARACTERS!!!!</center></h2><br>";
}
if($password == $confirm_password)
{
// Database Connection required
require "db_conncect.php";
// We Now connect to the Dabase and insert the Form input details
//------- ### ENTERING ALL INFORMATION INTO THE DATABASE BELOW ### --------//
// 1. Create a database connection
$con = mysql_connect("localhost","root",""); // <-- THIS IS WHERE YOU " CAN CHANGE " THE USERNAME IS "root", PASSWORD IS "" ONLY.
if (!$con) {
die('Database connection failed could not connect: ' . mysql_error());
}
// 2. Select a database to use
$db_select = mysql_select_db("registernow_2012",$con); // <-- THE "registernow_2012" IS THE NAME OF THE DATABASE.
if (!$db_select) {
die('Database selection failed could not connect: ' . mysql_error());
}
mysql_select_db("registernow_2012", $con); // <-- THE "registernow_2012" IS THE NAME OF THE DATABASE TO BE CONNECTED.
// <-- THE `registernow_2012` IS THE NAME OF THE DATABASE TO BE CONNECTED.... `visitors` IS THE TABLE WITH ALL THE FIELDS WITHI IN THE DATABASE.
$sql="INSERT INTO `registernow_2012`.`users` (`id` , `name` , `username` ,
`$enc_password` , `confirm_password` )
VALUES (NULL , '$_POST[name]', '$_POST[username]', '[$enc_password]', '$_POST[confirm_password]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
// 3. Close Connection
mysql_close($con);
header("Location: index.php"); // <-- THIS IS WHERE YOU CAN CHANGE THE "Location: Thank you / Index page" of the THANK YOU PAGE.
}
else
{
echo "<h2><center>PASSWORDS MUST MATCH!!!!!</center></h2><br>";
}
}
//echo "<h2><center>WORKING!!!!</center></h2>";
}
else echo "<h2><center>ALL FEILDS MUST BE COMPLETED</center></h2>";
} //Ending of full IF Statment
?>
<!DOCTYPE html>
<html lang='en'>
<head>
<title>THE FORM MY WAY NOW</title>
</head>
<body>
<div id='centerstage'>
<form name="myform" action="workingitoutproperly.php" method="POST">
<p>
<label>Name</label><br>
<input type='text' name='name' value=''><br>
<label>UserName</label><br>
<input type='text' name='username' value=''><br>
<label>Password</label><br>
<input type='password' name='password' value=''><br>
<label>Re-Enter Password</label><br>
<input type='password' name='confirm_password' value=''><br>
<br>
<input type='submit' name='submit' value='REGISTER NOW!!'>
</p>
</form>
</div>
</body>
您已$enc_password在insert语句的列列表中使用.它应该是保存加密密码的列的名称.不是加密密码的值.如果加密密码列的名称encrypted_password放在encrypted_password列列表中而不是$enc_password
INSERT INTO `registernow_2012`.`users` (`id` , `name` , `username` , `encrypted_password` , `confirm_password` )
始终清理用户输入.不要在查询中直接使用它们,这将允许攻击者注入任意SQL.至少mysql_real_escape_string用于mysql数据库.
$name = mysql_real_escape_string($_POST['name']);
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
加密密码的值不应该是[$enc_password].不要用方形braket包围它.它应该是$enc_password.
$sql="INSERT INTO `registernow_2012`.`users`
(`id` , `name` , `username` , `encrypted_password` , `confirm_password`)
VALUES
(NULL , '$name', '$username', '$enc_password', '$password')";
最好用种子加密你的密码,并使用像sha1这样的其他哈希
$enc_password = sha1($password. "my_secret_seed");