我有以下PHP代码用于注册到网站.我正在尝试哈希密码以确保安全性,但每当我提交虚拟注册时,密码都不会在phpMyAdmin中进行哈希处理.它们看似正常.这是我的代码:
<?php
//get the values from the form
$Name = $_POST['name'];
$Username = $_POST['username'];
$Password = $_POST['password'];
$RepeatPassword = $_POST['repeatpassword'];
//encrypt the passwords
md5($Password);
md5($RepeatPassword);
//query the database
$query = "INSERT INTO users VALUES ('', '$Name', '$Username', '$Password')";
if (!mysql_query($query)) {
die('Error ' . mysql_error() . ' in query ' . $query);
}
//check passwords match
if ($Password !== $RepeatPassword) {
echo "Your passwords do not match. <a href='login.php'>Return to login page</a>";
}
//check to see if fields are blank
if ($Name=="") {
echo "Name is a required field. <a href='login.php'>Return to login page</a>";
}
else if ($Username=="") {
echo "Username is a required field. <a href='login.php'>Return to login page</a>";
}
else if ($Password=="") {
echo "Password is a required field. <a href='login.php'>Return to login page</a>";
}
else if ($RepeatPassword=="") {
echo "Repeat Password is a required field. <a href='login.php'>Return to login page</a>";
}
else {
$_SESSION["message"] = "You have successfully registered! Please login using your username and password.";
header("Location: login.php");
}
?>
我在网上阅读的教程都按照上述说法做了.我已经尝试将两行md5代码放在很多地方,但无济于事.
md5($Password);
md5($RepeatPassword);
这段代码基本上什么都不做 你要:
$Password = md5($Password);
$RepeatPassword = md5($RepeatPassword);
但最终,MD5对安全性没有太大作用.考虑使用bcrypt,停止使用这些mysql_*函数,并开始学习SQL注入攻击.