我创建了一个 php 注册表单。它工作正常。但是当我将它修改为 md5 密码时,它没有运行。此外,我可以通过哪些方式保护/修改它以消除 SQL 注入攻击。
require_once("functions/validation_employee_signup.php");
if( isset($_POST['send']) && (!validateName($_POST['name']) || !validateEmail($_POST['email']) || !validatePasswords($_POST['pass1'], $_POST['pass2']) || !validateContact($_POST['contact']) || !validateAge($_POST['age'])) ):?>
<div id="error">
<ul>
<? if(!validateName($_POST['name'])):?>
<li><strong>Invalid Name:</strong> We want names with more than 3 letters.</li>
<? endif?>
<? if(!validateEmail($_POST['email'])):?>
<li><strong>Invalid E-mail:</strong> Type a valid e-mail please.</li>
<? endif?>
<? if(!validatePasswords($_POST['pass1'], $_POST['pass2'])):?>
<li><strong>Passwords are invalid:</strong> Passwords doesnt match or are invalid!</li>
<? endif?>
<? if(!validateContact($_POST['contact'])):?>
<li><strong>Please enter a valid number.</strong></li>
<? endif?>
<? if(!validateAge($_POST['age'])):?>
<li><strong>Please enter a valid age</strong></li>
<? endif?>
</ul>
</div>
<?php elseif(isset($_POST['send'])):?>
<div id="error" class="valid">
<ul>
<?php
require_once('functions/connection.php');
$query = "INSERT INTO employee (name, md5(password), email, contact, age, gender, location, skill, work) VALUES ";
$query .= "('".$_POST['name']."', '".$_POST['pass1']."', '".$_POST['email']."','".$_POST['contact']."','".$_POST['age']."','".$_POST['gender']."','".$_POST['location']."','".$_POST['skill']."','".$_POST['work']."')";
// run the query
mysql_query($query);?>
<li><strong>Congratulations!</strong> You have been successfully registered!</li>
</ul>
</div>
<?php endif?>