MySQL 未添加到数据库

发布于 2024-10-21 12:17:50 字数 1039 浏览 2 评论 0原文

我有一个使用下面的代码进行注册的表单:

<form method="post">
Username<input type="text" size="12" maxlength="16" name="username"><br />
Password<input type="password" size="12" maxlength="32" name="password"><br />
<input type="submit" name="submit" value="Sign Up!" />
</form>

然后我也检查用户名是否包含任何特殊字符,如果不包含,则运行此代码:

define("DB_SERVER", "localhost");
define("DB_USER", "will");
define("DB_PASS", "blahblah");
define("DB_NAME", "blahblah");
define("TBL_USERS", "users");

$connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error());
mysql_select_db(DB_NAME, $connection) or die(mysql_error());

function addNewUser($username, $password){
   global $connection;
   $username =$POST['username'];
   $password =$_POST['password'];
   $password1 = md5($password);
   $q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password1')";
   return mysql_query($q, $connection);
}

这应该将用户名和密码添加到我的表中,密码为md5 哈希值,但它没有,有人可以帮助我吗?

谢谢!

I have a form to signup with the code below:

<form method="post">
Username<input type="text" size="12" maxlength="16" name="username"><br />
Password<input type="password" size="12" maxlength="32" name="password"><br />
<input type="submit" name="submit" value="Sign Up!" />
</form>

And then I have it too check if the username contains any special characters and if it doesn't it runs this code:

define("DB_SERVER", "localhost");
define("DB_USER", "will");
define("DB_PASS", "blahblah");
define("DB_NAME", "blahblah");
define("TBL_USERS", "users");

$connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error());
mysql_select_db(DB_NAME, $connection) or die(mysql_error());

function addNewUser($username, $password){
   global $connection;
   $username =$POST['username'];
   $password =$_POST['password'];
   $password1 = md5($password);
   $q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password1')";
   return mysql_query($q, $connection);
}

This should add the username and password to my table with the password as an md5 hash but it doesn't, could someone please help me.

Thanks!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

瑾兮 2024-10-28 12:17:50

首先:
不要使用连接字符串将值插入数据库。这是一个主要的安全漏洞,可以使用一种称为 SQL 注入的技术来利用它。您可以通过使用所谓的准备好的语句来防止这种情况。

这应该可以解决你的问题:
您可能没有真正调用 addNewUser 函数。您只需连接数据库即可。

试试这个:

define("DB_SERVER", "localhost");
define("DB_USER", "will");
define("DB_PASS", "blahblah");
define("DB_NAME", "blahblah");
define("TBL_USERS", "users");

function addNewUser($username, $password){
   global $connection;
   $password1 = md5($password);
   $username = mysql_real_escape_string($username);
   $q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password1')";
   return mysql_query($q, $connection);
}    

$connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error());
mysql_select_db(DB_NAME, $connection) or die(mysql_error());
addNewUser($_POST["text"], $_POST["password"]);

First of all:
Don't use concatenated strings to insert values to the database. This is a major security hole, it can be exploited using a technique called SQL-Injection. You can prevent this by using so called Prepared Statements.

And this should solve your problem:
You probably don't really call the addNewUser function. You just connect ot the database.

Try this:

define("DB_SERVER", "localhost");
define("DB_USER", "will");
define("DB_PASS", "blahblah");
define("DB_NAME", "blahblah");
define("TBL_USERS", "users");

function addNewUser($username, $password){
   global $connection;
   $password1 = md5($password);
   $username = mysql_real_escape_string($username);
   $q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password1')";
   return mysql_query($q, $connection);
}    

$connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error());
mysql_select_db(DB_NAME, $connection) or die(mysql_error());
addNewUser($_POST["text"], $_POST["password"]);
单挑你×的.吻 2024-10-28 12:17:50

看起来您实际上并没有在这里调用 addNewUser 。另外,作为未来的提示,使用准备好的语句来避免 SQL 注入可能是除了最简单的应用程序之外的任何方法。有关在 PHP 中使用 SQL 准备语句的教程是 这里

It doesn't look like you're actually calling addNewUser here. Also, as a future hint, using prepared statements to avoid SQL injections is probably the way to go for anything but the most trivial of applications. One tutorial on using SQL prepared statements in PHP is here

我要还你自由 2024-10-28 12:17:50

您是否正在调用 addNewUser 函数?

此外,请注意您的 SQL 语句中的SQL 注入

Are you calling the addNewUser function?

Also, watch your SQL-Statement for SQL-Injections.

爱*していゐ 2024-10-28 12:17:50

$username =$POST['username'] 错误。你忘了_。它必须是 $username = $_POST['username']。

$username =$POST['username'] is wrong. You forgot _ . It must be $username = $_POST['username'].

花海 2024-10-28 12:17:50

说得非常清楚......

你在那里有一个函数,但它从未被调用,正如每个人所说的那样。

要调用它,请在函数启动之前添加此行:

$var = addNewUser($_POST["username"], $_POST["password"]);

编辑:
更远...
在您的函数中,您已经有了 $username 和 $password,您可以删除这些行:

$username =$POST['username'];
$password =$_POST['password'];

最后但并非最不重要的一点是,仅使用 md5 存储密码不是一个好习惯。阅读:http://elbertf.com/2010 /01/store-passwords-safely-with-php-and-mysql/

To be ultra clear...

You have a function in there, but it's never called, as everyone has said.

To call it, Add this line before your function starts:

$var = addNewUser($_POST["username"], $_POST["password"]);

EDIT:
Further...
In your function, you already have $username and $password, you can delete these lines:

$username =$POST['username'];
$password =$_POST['password'];

And last but not least, storing your password with only md5 is not good practice. Read up: http://elbertf.com/2010/01/store-passwords-safely-with-php-and-mysql/

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文