-2

我正在制作一个注册脚本,让用户在网站上注册一个帐户。我决定使用 sha256 来加密密码。

这是我的代码:

    // Set error message as blank upon arrival to page
$errorMsg = "";
// First we check to see if the form has been submitted 
if (isset($_POST['Submit'])){
    //Connect to the database through our include 
    require_once ('includes/connect.inc.php');
    // Filter the posted variables
    $forename = $_POST['forename'];
    $surname = $_POST['surname'];
    $email = stripslashes($_POST['email']);
    $password = preg_replace("[^A-Za-z0-9]", "", $_POST['password']); // filter everything but numbers and letters
    $email = strip_tags($email);
    $town = preg_replace("[^A-Z a-z0-9]", "", $_POST['town']); // filter everything but spaces, numbers, and letters

    // Check to see if the user filled all fields with
    // the "Required"(*) symbol next to them in the join form
    // and print out to them what they have forgotten to put in
    if((!$forename) || (!$surname) || (!$email) || (!$password) || (!$town)){

        $errorMsg = "You did not submit the following required information!<br /><br />";
        if(!$forename){
            $errorMsg .= "--- Forename";
        } else if(!$surname){
            $errorMsg .= "--- Surname"; 
        } else if(!$email){ 
            $errorMsg .= "--- email"; 
       } else if(!$password){ 
           $errorMsg .= "--- password"; 
       } else if(!$town){ 
           $errorMsg .= "--- town"; 
       }
    } else {

           $hash = hash("sha256", $password);

            $sql = "INSERT INTO customers (forename, surname, email, password, town, registeredDate, active) 
            VALUES('$forename','$surname','$email', '$hash', '$town', GETDATE(), 'True')" ;
            $stmt2 = sqlsrv_query($conn,$sql);


  } // Close else after missing vars check
} //Close if $_POST
?>

<form action="join_form.php" method="post" enctype="multipart/form-data">
    <tr>
      <td colspan="2"><font color="#FF0000"><?php echo "$errorMsg"; ?></font></td>
    </tr>

    <tr>
      <td width="163"><div align="right">Forename:</div></td>
      <td width="409"><input name="forename" type="text"/></td>
    </tr>

    <tr>
      <td width="163"><div align="right">Surname:</div></td>
      <td width="409"><input name="surname" type="text"/></td>
    </tr>

    <tr>
      <td><div align="right">Email: </div></td>
      <td><input name="email" type="text" /></td>
    </tr>

     <tr>
      <td><div align="right"> Password: </div></td>
      <td><input name="password" type="password" /> 
      <font size="-2" color="#006600">(letters or numbers only, no spaces no symbols)</font></td>
    </tr>

    <tr>
      <td><div align="right">Town: </div></td>
      <td>
        <input name="town" type="text" />
      </td>
    </tr>

    <tr>
      <td><div align="right"></div></td>
      <td><input type="submit" name="Submit" value="Submit Form" /></td>
    </tr>
  </form>

当我按下提交按钮时,没有任何反应。我没有收到错误消息,但记录也没有添加到数据库中。

我知道这与我使用有关

$hash = hash("sha256", $password);

也许我把它放在错误的地方或什么的?我对 PHP 很陌生。

4

1 回答 1

1

我完全改变了我的代码并使用了参数来向数据库添加一条记录

<?php
require_once ('includes/connect.inc.php');

if ($_POST['Register'] == "register")
{

 $params = array($_POST['email']);

 $sql= "SELECT * FROM customers WHERE Email=?";
 $stmt = sqlsrv_query($conn,$sql,$params);

 if(sqlsrv_has_rows($stmt))
 {
// echo"<h2>You have already signed up with this email </h2>";
  header('Location: register_login_forms.php?error=2');
  die();
 } else if($_POST['password'] != $_POST['password2'])
 {
 // echo"<h2>Wrong Passwod</h2>";
  header('Location: register_login_forms.php?error=3');
  die();
 }

 $pass = hash("sha256", $_POST['password']);

 $params = array($_POST['forename'],$_POST['surname'],$_POST['email'],$pass, $_POST['phone'], $_POST['question'],
 $_POST['answer']);

 $sql="INSERT INTO customers (forename,surname,email,password,phone,secret_question, secret_answer,active,registeredDate)
 VALUES (?,?,?,?,?,?,?,'True',GETDATE())";
    $stmt=sqlsrv_query($conn,$sql,$params);
header('Location: registerSuccess.php');    

}

?>

这是表格

<Form name = "Register" action="register.php" method="POST" >

                    <label>Forename</label><br />
                    <input required title="Please only use Letters"  type="text" pattern="\s*[A-z]+\s*" name="forename" /><br/>
                    <label>Surname</label><br />
                    <input required title="Please only use Letters"  type="text" pattern="\s*[A-z]+\s*" name="surname" /><br/>
                    <label>Email</label><br />
                    <input required title="Please enter a Valid Email Address"  type="email" name="email" /></br>
                    <label>Password</label><br />
                    <input required title="Please have a Password of Minimum of 6 Characters with Numbers"   type="password" pattern="[A-z0-9]{6,20}" name="password" /></br>
                    <label>Confirm Password</label><br />
                    <input required title="Confirm Password"   type="password" pattern="[A-z0-9]{6,20}" name="password2" /></br>
                    <label>Secret Question</label><br />
                    <input required  type="text" name="question" /></br>
                    <label>Secret Answer</label><br />
                    <input required  type="text" name="answer" /></br>
                    <label>Phone Number</label><br />
                    <input required title="Please only use numbers"  type="text" pattern="\d+" name="phone" /></br>

                    <input type="hidden" name="Register" value="register">
                    <input class="button" type = "submit"/>

            </Form>
于 2012-05-07T23:50:46.890 回答