在 php 中检查密码确认
checking password confirmation in php
<?php
include("../../config/database_connection.php");
if( isset($_POST) )
{
$user_name =$_POST['user_name'];
$email = $_POST['email'];
$user_pass_init = $_POST['password'];
$user_pass_conf = $_POST['passconfirm'];
$full_name = $_POST['full_name'];
$gender = $_POST['gender'];
if ($user_name!="" && $email!="" && $full_name!="" && $gender!="") {
if ($_POST['password']!= $_POST['passconfirm']) {
header("location:../index.php?err= password do not match");
}else{
$query = "INSERT into admin_users (user_name,email,user_pass,full_name,gender) VALUES('" . $user_name . "','" . $email . "','" . md5($user_pass_init) . "','" . $full_name . "','" . $gender . "')";
$success = $conn->query($query);
}
if (!$success) {
die("Couldn't enter data: ".$conn->error);
} else{
header("location:../index.php");
}
} else{
header("location:../index.php?err= Enter all the fields");
}
} else{
header("location:../index.php?err= couldnot enter data");
}
?>
这是我尝试执行的代码,用于检查两个密码是否匹配...但是在输入相同的密码时,我得到的密码值不匹配
有什么问题吗?帮我解决一下
这是我的建议,这可能无法完全解决您的问题,但它会使您的代码更加安全,因为您的代码容易受到 SQL 注入的影响:
<?php
include("../../config/database_connection.php");
if( isset($_POST) )
{
$user_name = $conn->real_escape_string($_POST['user_name']);
$email = $conn->real_escape_string($_POST['email']);
$user_pass_init = $conn->real_escape_string($_POST['password']);
$user_pass_conf = $conn->real_escape_string($_POST['passconfirm']);
$full_name = $conn->real_escape_string($_POST['full_name']);
$gender = $conn->real_escape_string($_POST['gender']);
if (!empty($user_name) && !empty($email) && !empty($full_name) && !empty($gender)) {
if ($user_pass_init != $user_pass_conf) {
header("location:../index.php?err= password do not match");
}else{
$user_pass = md5($user_pass_init);
$query = "INSERT into admin_users (user_name,email,user_pass,full_name,gender) VALUES('$user_name', '$email', '$user_pass', '$full_name', '$gender')";
$success = $conn->query($query);
if (!$success) {
die("Couldn't enter data: ".$conn->error);
} else{
header("location:../index.php");
}
}
} else{
header("location:../index.php?err= Enter all the fields");
}
} else{
header("location:../index.php?err= couldnot enter data");
}
?>
我也建议使用 password_hash()
而不是 md5()
<?php
include("../../config/database_connection.php");
if( isset($_POST) )
{
$user_name =$_POST['user_name'];
$email = $_POST['email'];
$user_pass_init = $_POST['password'];
$user_pass_conf = $_POST['passconfirm'];
$full_name = $_POST['full_name'];
$gender = $_POST['gender'];
if ($user_name!="" && $email!="" && $full_name!="" && $gender!="") {
if ($_POST['password']!= $_POST['passconfirm']) {
header("location:../index.php?err= password do not match");
}else{
$query = "INSERT into admin_users (user_name,email,user_pass,full_name,gender) VALUES('" . $user_name . "','" . $email . "','" . md5($user_pass_init) . "','" . $full_name . "','" . $gender . "')";
$success = $conn->query($query);
}
if (!$success) {
die("Couldn't enter data: ".$conn->error);
} else{
header("location:../index.php");
}
} else{
header("location:../index.php?err= Enter all the fields");
}
} else{
header("location:../index.php?err= couldnot enter data");
}
?>
这是我尝试执行的代码,用于检查两个密码是否匹配...但是在输入相同的密码时,我得到的密码值不匹配 有什么问题吗?帮我解决一下
这是我的建议,这可能无法完全解决您的问题,但它会使您的代码更加安全,因为您的代码容易受到 SQL 注入的影响:
<?php
include("../../config/database_connection.php");
if( isset($_POST) )
{
$user_name = $conn->real_escape_string($_POST['user_name']);
$email = $conn->real_escape_string($_POST['email']);
$user_pass_init = $conn->real_escape_string($_POST['password']);
$user_pass_conf = $conn->real_escape_string($_POST['passconfirm']);
$full_name = $conn->real_escape_string($_POST['full_name']);
$gender = $conn->real_escape_string($_POST['gender']);
if (!empty($user_name) && !empty($email) && !empty($full_name) && !empty($gender)) {
if ($user_pass_init != $user_pass_conf) {
header("location:../index.php?err= password do not match");
}else{
$user_pass = md5($user_pass_init);
$query = "INSERT into admin_users (user_name,email,user_pass,full_name,gender) VALUES('$user_name', '$email', '$user_pass', '$full_name', '$gender')";
$success = $conn->query($query);
if (!$success) {
die("Couldn't enter data: ".$conn->error);
} else{
header("location:../index.php");
}
}
} else{
header("location:../index.php?err= Enter all the fields");
}
} else{
header("location:../index.php?err= couldnot enter data");
}
?>
我也建议使用 password_hash()
而不是 md5()