1. 首頁
  2. 問答
  3. PHP註冊問題

PHP註冊問題

2013-04-20 130 views
0

我想知道在這段代碼中是否有錯誤/漏洞利用,也有人可以幫助我,因爲我註冊了它,但它並沒有將數據插入到數據庫中。如果有任何錯誤,請您糾正。我想要它,所以如果用戶名存在,將它們重定向到錯誤?= 1,以此類推,密碼不匹配。任何幫助表示讚賞。PHP註冊問題

Register.php

<form action="register_acc.php" method="post"> 
          <input type="text" name="username" class="input" value="" autocomplete="off" placeholder="Username" maxlength="25" /><br /> 
           <br /> 
          <input type="password" name="password" class="input" value="" autocomplete="off" placeholder="Password" maxlength="20" /><br /> 
           <br /> 
          <input type="password" name="password2" class="input" value="" autocomplete="off" placeholder="Password again" maxlength="20" /><br /> 
           <br /> 
          <input type="text" name="email" class="input" value="" autocomplete="off" placeholder="Email" maxlength="255" /><br /> 
           <br /> 
           <input type="submit" name="submit "class="submit" value="Sign up"> 
         </form>

register_acc.php

<?php 
    error_reporting(1); 
    include 'site/inc/config.php'; 

     if (isset($_POST['submit'])) { 
session_start(); 

$username = $_POST['username']; 
$password = md5($_POST['password']); 
$pass_conf = md5($_POST['password2']); 
$email = $_POST['email']; 
$ip = $_SERVER['REMOTE_ADDR']; 
$date= date("d-m-Y"); 


$q = "SELECT * FROM `users` WHERE username = '$username'"; 
$r = mysql_query($q); 

if (empty($username)) { 
    header("Location: register.php?error=1"); 
     exit; 
} 

if ($password != $pass_conf) { 
    header("Location: /site/register.php?error=2"); 
     exit; 
} 

if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { 
    header("Location: /site/register.php?error=3"); 
     exit; 
} 

if (mysql_num_rows($r) == 0) { 
    // Continue w/ registration, username is available! 
    $query = "INSERT INTO `users` (id, username, password, email, ip, rank, reg_date) 
    VALUES (0, '$username', '$password', '$email', '$ip', 1, '$date'())"; 
    $run = mysql_query($query); 
    header("Location: /site/register.php?succsess=1"); 

} 
      } 
     else { 
    header("Location: register.php?error=4"); 
      } 
     ?>

來源

2013-04-20 Elizabeth Edge

+2

爲什麼你插入這樣的:$查詢=「INSERT INTO'users'(ID,...) VALUES(0,... )「; 如果設置在數據庫中的auto_increment 此外,喲有另一個錯誤INT可以ommit插入他的ID插入:VALUES(...,「$日期」()),你不需要「()」後「 $ date' – 2013-04-20 11:55:41

+0

你的腳本容易受到[SQL注入](http://php.net/manual/en/security.database.sql-injection.php),'mysql_ *'函數也被棄用,並且在新代碼中應該使用'PDO'或'MySQLi'代替 – kero 2013-04-20 12:04:40

+0

感謝您的幫助,更新它 @Kingkero你能修補漏洞或者告訴我他們在哪裏,而且我會很快切換到庫MySQLi。由於 – 2013-04-20 12:06:58

回答

0

你不串聯的$ username變量到查詢。 試試這個:

"SELECT * FROM `users` WHERE username = '".$username."'"

而且您的INSERT查詢看起來有點怪異的日期()函數。試試這個:

$date = date("Y-m-d"); 
"INSERT INTO `users` (id, username, password, email, ip, rank, reg_date) 
    VALUES (0, '$username', '$password', '$email', '$ip', 1, '".$date."')"

編輯:腳本示例

<?php 
if(!isset($_POST['username'])||!isset($_POST['email'])||!isset($_POST['password']))//enter more values if necessary 
{ 
header("Location: error_page.php?error=1"); 
} 
else 
{ 
//do whatever, eg execute query 
} 
?>

來源

2013-04-20 11:54:04 imulsion

+0

解析錯誤:語法錯誤,在C意想不到T_VARIABLE:上線17 錯誤\ XAMPP \ htdocs中\網站\ register_acc.php然後發生對不起 – 2013-04-20 11:55:12

+0

,編輯。 – imulsion 2013-04-20 11:57:07

+0

現在應該工作 – imulsion 2013-04-20 11:57:30

相關問題

 相關問題