这次注册有什么问题?
以下是表格:




enableDOMEvents
以下是查询:
<form action="register2.php" method="post">
<div class="form-group">
<label for="username"> Username:</label>
<input type="text" name="username" id="username" class="form-control" value="" required/>
</div>
<div class="form-group">
<label for="fullname"> Full Name:</label>
<input type="text" name="fullname" id="fullname" class="form-control" value="" placeholder="John J. Doe" required/>
</div>
<div class="form-group">
<label for="email"> E-Mail:</label>
<input type="email" name="email" id="email" class="form-control" value="" placeholder="john.doe@yahoo.com" required/>
</div>
<div class="form-group">
<label for="phone"> Telephone Number:</label>
<input type="tel" name="phone" id="phone" class="form-control" placeholder="15551234567" required/>
</div>
<div class="form-group">
<label for="password"> Password:</label>
<input type="password" name="password" id="password" class="form-control" placeholder="password" required/>
</div>
<div class="form-group">
<label for="password"> Confirm Password:</label>
<input type="password" name="confirmpassword" id="confirmpassword" class="form-control" placeholder="password" required/>
</div>
<div class="form-group">
<label for="origin"> Country of Origin:</label>
<input type="text" name="origin" id="origin" class="form-control" value="" placeholder="United States of America" required/>
</div>
<div class="form-group">
<label for="dob"> Date of Birth:</label>
<input type="date" name="dob" id="dob" class="form-control" placeholder="07/04/1776" required/>
</div>
<div class="form-group">
<label for="cob"> City of Birth:</label>
<input type="text" name="cob" id="cob" class="form-control" value="" placeholder="Philadelphia" required/>
</div>
<div class="form-group">
<label for="sob"> State of Birth:</label>
<input type="text" name="sob" id="sob" class="form-control" value="" placeholder="Pennsylvania" required/>
</div>
<div class="form-group">
<label for="height"> Height:</label>
<input type="text" name="height" id="height" class="form-control" value="" placeholder="5ft 9in" required/>
</div>
<div class="form-group">
<label for="weight"> Weight:</label>
<input type="text" name="weight" id="weight" class="form-control" value="" placeholder="160lbs" required/>
</div>
<div class="form-group">
<label for="haircolor"> Hair Color:</label>
<input type="text" name="haircolor" id="haircolor" class="form-control" value="" placeholder="blond" required/>
</div>
<div class="form-group">
<label for="eyecolor"> Eye Color:</label>
<input type="text" name="eyecolor" id="eyecolor" class="form-control" value="" placeholder="blue" required/>
</div>
<div class="form-group">
<label for="currentcountry"> Current Country:</label>
<input type="text" name="currentcountry" id="currentcountry" class="form-control" placeholder="United States of America" value="" required/>
</div>
<div class="form-group">
<label for="currentcity"> Current City:</label>
<input type="text" name="currentcity" id="currentcity" class="form-control" placeholder="Washington D.C." value="" required/>
</div>
<div class="form-group">
<label for="currentstate"> Current State:</label>
<input type="text" name="currentstate" id="currentstate" class="form-control" placeholder="District of Columbia" value="" required/>
</div>
<div class="form-group">
<label for="profession"> Profession:</label>
<input type="text" name="profession" id="profession" class="form-control" placeholder="Plumber" value="" required/>
</div>
<div class="form-group">
<label for="religion"> Religion:</label>
<input type="text" name="religion" id="religion" class="form-control" placeholder="Christian, Muslim, Buddhist, Atheist, etc" value=""/>
</div>
<div class="form-group">
<label for="religion"> Political Views:</label>
<input type="text" name="religion" id="religion" class="form-control" placeholder="Conservative, Democrat, Libertarian, etc" value=""/>
</div>
<div class="form-group">
<label for="familynames"> Family Names:</label>
<textarea name="familynames" id="familynames" class="form-control" value="" placeholder="One name per line, example:
Doe
Smith
Johnson" wrap required></textarea>
</div>
<div class="form-group">
<label for="immediatefamily"> Immediate Family:</label>
<textarea name="immediatefamily" id="immediatefamily" class="form-control" value="" placeholder="One name per line, example:
John Doe
Jane Doe
Jimmy Doe" wrap required></textarea>
</div>
<label> Privacy Type:</label>
<p>Public, means accessible to everyone as soon as entries are submitted. Private, means entries are released at a later date.</p>
<br\><br\>
<div class="form-group">
<label for="privacy"> Public: </label><input type="radio" name="privacy" value="public" checked="checked" required/>
<p></p>
<label for="privacy"> Private: </label><input type="radio" name="privacy" value="private" required/>
</div>
<br /><br />
<button class="btn btn-primary btn-lg pull-right" type=submit>Register</button>
</form>连接正常,直到我添加
才有效<?php
require("config.php");
if(!empty($_POST))
{
// Ensure that the user has entered a non-empty username
if(empty($_POST['username']))
{
$error = 'Please enter a username.';
}
// Ensure that the user has entered a non-empty password
if(empty($_POST['password']))
{
$error = 'Please enter a password.';
}
// Ensure that the user has entered the same password in confirm password
if ($_POST["password"] == $_POST["confirm_password"]) {
// success!
}
else {
$error = 'Your passwords did not match.';
}
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
$error = 'You entered an invalid email address.';
}
// We will use this SQL query to see whether the username entered by the
// user is already in use. A SELECT query is used to retrieve data from the database.
// :username is a special token, we will substitute a real value in its place when
// we execute the query.
$query = "
SELECT
1
FROM members
WHERE
username = :username
";
$query_params = array(
':username' => $_POST['username']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
$error = 'Failed to run query: {$ex->getMessage()}}';
}
$row = $stmt->fetch();
if($row)
{
$error = 'This username is already in use.';
}
// Now we perform the same type of check for the email address, in order
// to ensure that it is unique.
$query = "
SELECT
1
FROM members
WHERE
email = :email
";
$query_params = array(
':email' => $_POST['email']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
$error = 'Failed to run query: {$ex->getMessage()}}';
}
$row = $stmt->fetch();
if($row)
{
$error = 'This email address is already registered.';
}
// An INSERT query is used to add new rows to a database table.
// Again, we are using special tokens (technically called parameters) to
// protect against SQL injection attacks.
$query = "
INSERT INTO members (
username,
password,
salt,
email,
dob,
politics,
religion,
familynames,
profession,
currentcity,
cob,
origin,
height,
weight,
haircolor,
eyecolor,
immediatefamily,
privacy
) VALUES (
:username,
:password,
:salt,
:email,
:dob,
:politics,
:religion,
:familynames,
:profession,
:currentcity,
:cob,
:origin,
:height,
:weight,
:haircolor,
:eyecolor,
:immediatefamily,
:privacy
)
";
// A salt is randomly generated here to protect again brute force attacks
// and rainbow table attacks. The following statement generates a hex
// representation of an 8 byte salt. Representing this in hex provides
// no additional security, but makes it easier for humans to read.
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
// This hashes the password with the salt so that it can be stored securely
// in your database. The output of this next statement is a 64 byte hex
// string representing the 32 byte sha256 hash of the password. The original
// password cannot be recovered from the hash.
$password = hash('sha256', $_POST['password'] . $salt);
// Next we hash the hash value 65536 more times. The purpose of this is to
// protect against brute force attacks. Now an attacker must compute the hash 65537
// times for each guess they make against a password, whereas if the password
// were hashed only once the attacker would have been able to make 65537 different
// guesses in the same amount of time instead of only one.
for($round = 0; $round < 65536; $round++)
{
$password = hash('sha256', $password . $salt);
}
// Here we prepare our tokens for insertion into the SQL query. We do not
// store the original password; only the hashed version of it. We do store
// the salt (in its plaintext form; this is not a security risk).
$query_params = array(
':username' => $_POST['username'],
':password' => $password,
':salt' => $salt,
':email' => $_POST['email'],
':dob' => $_POST['dob'],
':politics' => $_POST['politics'],
':religion' => $_POST['religion'],
':familynames' => $_POST['familynames'],
':profession' => $_POST['[profession'],
':currentcity' => $_POST['currentcity'],
':cob' => $_POST['cob'],
':origin' => $_POST['origin'],
':height' => $_POST['height'],
':weight' => $_POST['weight'],
':haircolor' => $_POST['haircolor'],
':eyecolor' => $_POST['eyecolor'],
':immediatefamily' => $_POST['immediatefamily'],
':privacy' => $_POST['privacy']
);
try
{
// Execute the query to create the user
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
$error = 'Failed to run query: {$ex->getMessage()}}';
}
// This redirects the user back to the login page after they register
header("Location: index.php");
}
?>
和
$query = "
INSERT INTO members (
username,
password,
salt,
email,
dob,
politics,
religion,
familynames,
profession,
currentcity,
cob,
origin,
height,
weight,
haircolor,
eyecolor,
immediatefamily,
privacy
) VALUES (
:username,
:password,
:salt,
:email,
:dob,
:politics,
:religion,
:familynames,
:profession,
:currentcity,
:cob,
:origin,
:height,
:weight,
:haircolor,
:eyecolor,
:immediatefamily,
:privacy
)
";
我猜测问题在于我添加的额外字段,但这里是截图行:
1 个答案:
答案 0 :(得分:1)
您只需要删除&#39;:&#39;来自$query_params其他一切看起来还不错。
$query_params = array(
'username' => $_POST['username'],
'password' => $password,
'salt' => $salt,
'email' => $_POST['email'],
'dob' => $_POST['dob'],
'politics' => $_POST['politics'],
'religion' => $_POST['religion'],
'familynames' => $_POST['familynames'],
'profession' => $_POST['[profession'],
'currentcity' => $_POST['currentcity'],
'cob' => $_POST['cob'],
'origin' => $_POST['origin'],
'height' => $_POST['height'],
'weight' => $_POST['weight'],
'haircolor' => $_POST['haircolor'],
'eyecolor' => $_POST['eyecolor'],
'immediatefamily' => $_POST['immediatefamily'],
'privacy' => $_POST['privacy']
);
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?