-1
我有一個註冊表格,它有一個密碼字段和一個確認密碼字段。我想密碼和確認密碼字段是相同的,所以它可以註冊新的用戶信息。以註冊形式確認密碼
形式:
<form class="form-signin" name="Register_Form" method="post" action="regcheck.php">
<h2 class="form-signin-heading">Please sign in</h2>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" id="inputPassword" name="inputPassword" class="form-control" placeholder="Password" required>
<label for="CPassword" class="sr-only">Confirm Password</label>
<input type="password" id="CPassword" name="CPassword" class="form-control" placeholder="Confirm Password" required>
<button class="btn btn-lg btn-primary btn-block" type="reg" name="reg" value="Register">Register</button>
</form>
require_once 'connect.php';
if (isset($_POST['reg'])){
//$dob = $_POST['date'];
$dob = date('Y-m-d', strtotime($_POST['date']));
$Student_ID = $_POST['Student_ID'];
$gender = $_POST['gender'];
$course = $_POST['Course'];
$email = $_POST['inputEmail'];
$password = $_POST['inputPassword'];
$cpassword = $_POST['CPassword'];
$FN = $_POST['FirstName'];
$SN = $_POST['SecondName'];
if ($password === $cpassword) {
// success!
$sql = "INSERT INTO tblaccounts (Email, Password, Student_ID, FirstName, SecondName, Course, Gender, DoB) VALUES ('".$email."','".$password."','".$Student_ID."','".$FN."','".$SN."','".$course."','".$gender."','".$dob."')";
$result = mysqli_query($connection, $sql) or die("Database Connection Failed" . mysqli_error($connection));
//$count = mysqli_num_rows($result);
echo "Registeration Successful!:";
header('Location: login.php');
}
else {
// failed :(
}
} else {
echo "Registeration Failed!:";#
?><br/><a href ="login.php">Go back to the login screen.</a><?php
}
這段代碼會發生什麼?你開放SQL注入,參數化。您還需要散列密碼,不要存儲純文本密碼。 – chris85
@ chris85我想讓表單按照我的意願去做。然後,我將致力於安全性等工作。 – helloworld999
你的問題是關於這個條件,如果($密碼=== $ cpassword){',不工作,對不對?它做什麼,拋出一個錯誤,永遠不匹配,總是匹配,其他? – chris85