这与何时使用引号和反引号不重复。我的问题是如何将我的注册页面中的password_hash和password_verify中的新mysqli和php函数集成到我的登录页面。
这是我的注册页码:
<?php
require('db.php');
// should add better validation of form submission
if (isset($_POST['username'])) {
$hash = password_hash($_POST['password'], PASSWORD_BCRYPT, array('cost' => 10));
$stmt = $con->prepare('INSERT into users (username, password, email, trn_date) VALUES (?, ?, ?, ?)');
$stmt->bind_param('ssss', $_POST['username'], $hash, $_POST['email'], date("Y-m-d H:i:s"));
$result = $stmt->execute();
if($result){
echo "<div class='content_landing'><div class='form'><h3>You are registered successfully.</h3><p>Click here to <a href='login_page.php'>Login</a></p></div></div>";
}
}else{ ?>
<!-- header ends here -->
<!-- ****************************************** -->
<!-- enquiry / newsletter / login / register goes here -->
<div class="container">
</div>
<div class="clear"></div>
<!-- Main page content goes here -->
<div class="content_landing">
<p><div class="form">
<h1>Registration</h1>
<form name="registration" action="" method="post">
<input type="text" name="username" placeholder="Username" required /><br>
<input type="email" name="email" placeholder="Email" required /><br>
<input type="password" name="password" placeholder="Password" required /><br>
<input type="submit" name="submit" value="Register" />
</form>
</div></p>
<?php } ?>
</div>
</div>
<!-- Ends here -->
<!-- ****************************************** -->
<div class="clear"></div>
<!-- *Footer goes here -->
<?php include_once("footer.php");?>
<!-- Footer ends here -->
它似乎工作正常,因为它创建用户和散列密码。 我被一些人告知我需要保护这段代码以进行SQL注入,并且不知道如何做到这一点或者甚至在哪里添加代码。
其次我在将此注册密码_hash集成到我的登录信息时出现问题...显然,我必须添加一个verify_password或其他东西。
这是我的登录页面:
<?php
require('db.php');
// If form submitted, insert values into the database.
if (isset($_POST['username'])){
$username = stripslashes($_REQUEST['username']); // removes backslashes
$username = mysqli_real_escape_string($con,$username); //escapes special characters in a string
$password = stripslashes($_REQUEST['password']);
$password = mysqli_real_escape_string($con,$password);
//Checking is user existing in the database or not
$query = "SELECT 'username' FROM 'users' WHERE username='?'";
$result = mysqli_query($con,$query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if($rows==1);
if (password_verify($password, $row['password'])) {
$_SESSION['username'] = $username;
header("Location: shows.php"); // Redirect user to index.php
}else{
echo "<div class='form'><h3>Username/password is incorrect.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
}
}else{
?>
<div class="form">
<h2>Log In to view Prices and Specials</h2>
<form action="" method="post" name="login">
<input type="text" name="username" placeholder="Username" required /><br>
<input type="password" name="password" placeholder="Password" required /><br>
<input name="submit" type="submit" value="Login" />
</form>
<p>Not registered yet? <a href='registration.php'>Register Here</a></p>
</div>
<?php } ?>
我刚开始使用learnig php和mysqli,并且只在旧的mysql和md5哈希上找到了教程等。
请帮助我正常工作,如果有确切的指南或教程,请指示我。