表单处理导致apache崩溃？

发布于 2024-09-15 03:31:05 字数 1722 浏览 2 评论 0原文

我使用以下代码在我的网站上注册用户。问题是，当用户注册时，apache 没有响应并崩溃。

我的代码有问题还是我做错了什么？？？

<?php

include ('../includes/db_connect.php');

$firstname = $_POST['firstname'];
$email = $_POST['email'];    
$username = $_POST['username'];
$password = md5($_POST['password']);

// lets check to see if the username already exists

$checkuser = mysql_query("SELECT username FROM users WHERE username='$username'");

$username_exist = mysql_num_rows($checkuser);

if($username_exist > 0){
    echo "I'm sorry but the username you specified has already been taken.  Please pick another one.";
    unset($username);
    //include 'register.html';
    exit();
}

// lf no errors present with the username
// use a query to insert the data into the database.

$query = "INSERT INTO users (firstname, email, username, password)
VALUES('$firstname', '$email', '$username', '$password')";
mysql_query($query) or die(mysql_error());
mysql_close();

echo "You have successfully Registered";

// mail user their information

//$yoursite = ‘www.blahblah.com’;
//$webmaster = ‘yourname’;
//$youremail = ‘youremail’;
//    
//$subject = "You have successfully registered at $yoursite...";
//$message = "Dear $firstname, you are now registered at our web site.  
//    To login, simply go to our web page and enter in the following details in the login form:
//    Username: $username
//    Password: $password
//    
//    Please print this information out and store it for future reference.
//    
//    Thanks,
//    $webmaster";
//    
//mail($email, $subject, $message, "From: $yoursite <$youremail>\nX-Mailer:PHP/" . phpversion());
//    
//echo "Your information has been mailed to your email address.";

?>

原文

I use the following code to register users on my site. The problem is that when a user registers apache doesn't respond and crashes.

Is there a break in my code or something I am doing wrong????

<?php

include ('../includes/db_connect.php');

$firstname = $_POST['firstname'];
$email = $_POST['email'];    
$username = $_POST['username'];
$password = md5($_POST['password']);

// lets check to see if the username already exists

$checkuser = mysql_query("SELECT username FROM users WHERE username='$username'");

$username_exist = mysql_num_rows($checkuser);

if($username_exist > 0){
    echo "I'm sorry but the username you specified has already been taken.  Please pick another one.";
    unset($username);
    //include 'register.html';
    exit();
}

// lf no errors present with the username
// use a query to insert the data into the database.

$query = "INSERT INTO users (firstname, email, username, password)
VALUES('$firstname', '$email', '$username', '$password')";
mysql_query($query) or die(mysql_error());
mysql_close();

echo "You have successfully Registered";

// mail user their information

//$yoursite = ‘www.blahblah.com’;
//$webmaster = ‘yourname’;
//$youremail = ‘youremail’;
//    
//$subject = "You have successfully registered at $yoursite...";
//$message = "Dear $firstname, you are now registered at our web site.  
//    To login, simply go to our web page and enter in the following details in the login form:
//    Username: $username
//    Password: $password
//    
//    Please print this information out and store it for future reference.
//    
//    Thanks,
//    $webmaster";
//    
//mail($email, $subject, $message, "From: $yoursite <$youremail>\nX-Mailer:PHP/" . phpversion());
//    
//echo "Your information has been mailed to your email address.";

?>

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

只是偏爱你 2024-09-22 03:31:05

这个脚本不会导致 apache 死掉。这方面没有什么问题。
但是我不知道 db_connect.php 中的内容是什么，

邮件已被停用，如果服务器设置不正确，这确实可能需要很长时间。例如，如果服务器无法按照您的评论建议找到其完全限定的域名。

您有活动会话吗？这可以解释为什么当另一个网站仍在运行并发送邮件时您无法访问任何网站，并且您可能会认为 apache 崩溃了。
因为您没有调用 session_write_close 并且会话一次只能激活一次以进行写入。

绝对错误的是 mysql 注入漏洞。
您绝对需要按以下方式更改变量：

$firstname = mysql_real_escape_string($_POST['firstname']);
$email = mysql_real_escape_string($_POST['email']);
$username = mysql_real_escape_string($_POST['用户名']);

此外，我建议在用户名上设置一个唯一的 que，然后尝试插入，看看是否出现错误或是否收到 mysq_insert_id。让 mysql 来做这个工作。
但你的检查也很好..但你也应该在数据库中有一个约束，只是作为预防措施。
并且您应该修剪您的值，并且可能只允许某些字符，如果网站上的用户名是 &%DTRFG$ä←↓ff ，这很烦人