-1
PHP와 MySQL을 사용하여 간단한 사용자 등록 양식을 만들려고합니다. "비밀번호를 넣으세요."라는 메시지를 제외하고는 모두 정상적으로 작동합니다. 암호 입력 필드가 비어 있고 데이터가 빈 암호로 데이터베이스에 삽입되는 경우 절대로 울리지 않습니다. 이 문제를 어떻게 해결할 수 있습니까?PHP MySQL 사용자 등록 양식이 빈 암호 필드를 차단하지 않습니다.
<?php
if(isset($_SESSION['username'])){
header("Location: index.php");
}
if(isset($_POST['register'])){
include_once('connect.php');
$name = $surname = $email = $username = "";
$name = strip_tags($_POST['name']);
$surname = strip_tags($_POST['surname']);
$email = strip_tags($_POST['email']);
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$password_confirm = strip_tags($_POST['password_confirm']);
$name = stripslashes($name);
$surname = stripslashes($surname);
$email = stripslashes($email);
$username = stripslashes($username);
$password = stripslashes($password);
$password_confirm = stripslashes($password_confirm);
$name = mysqli_real_escape_string($conn, $name);
$surname = mysqli_real_escape_string($conn, $surname);
$email = mysqli_real_escape_string($conn, $email);
$username = mysqli_real_escape_string($conn, $username);
$password = mysqli_real_escape_string($conn, $password);
$password_confirm = mysqli_real_escape_string($conn, $password_confirm);
$password = md5($password);
$password_confirm = md5($password_confirm);
$sql_store = "insert into user (username, name, surname, email, password) values ('$username', '$name', '$surname', '$email', '$password')";
$sql_fetch_username = "select username from user where username = '$username'";
$sql_fetch_email = "select email from user where email = '$email'";
$query_username = mysqli_query($conn, $sql_fetch_username);
$query_email = mysqli_query($conn, $sql_fetch_email);
if (!empty($name) && !empty($surname) && !empty($email) && !empty($username) && !empty($password) && !empty($password_confirm)){
if(mysqli_num_rows($query_username)){
echo "That username is already in use.<br>";
}
else{
if(mysqli_num_rows($query_email)){
echo "That email is already in use.<br>";
}
else{
if($password != $password_confirm){
echo "The passwords do not match.<br>";
}
else{
mysqli_query($conn, $sql_store);
header("Location: index.php");
}
}
}
}
else{
if($name == ""){
echo "Please insert a name.<br>";
}
if($surname == ""){
echo "Please insert a surname.<br>";
}
if(mysqli_num_rows($query_username)){
echo "That username is already in use.<br>";
}
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
if($email == ""){
echo "Please insert an email.<br>";
}
else{
echo "The email is not valid.<br>";
}
}
if(mysqli_num_rows($query_email)){
echo "That email is already in use.<br>";
}
if($username == ""){
echo "Please insert an username.<br>";
}
if($password == "" || $password_confirm == ""){
echo "Please insert a password.<br>";
}
}
}
?>
<html>
<body>
<form action="register.php" method="POST">
<input placeholder="Name" name="name" type="text" value="<?php if(!empty($name)){echo $name;}?>">
<input placeholder="Surname" name="surname" type="text" value="<?php if(!empty($surname)){echo $surname;} ?>"><br><br>
<input placeholder="E-Mail Address" name="email" type="text" value="<?php if(!empty($email)){echo $email;} ?>">
<input placeholder="Username" name="username" type="text" value="<?php if(!empty($username)){echo $username;} ?>"><br><br>
<input placeholder="Password" name="password" type="password">
<input placeholder="Confirm Password" name="password_confirm" type="password">
<input name="register" type="submit" value="Register">
</form>
</body>
</html>
로직이 꺼져 있습니다 –
라이브로 넘어갈 예정이라면이 코드를 사용하지 않아야합니다. 안전하지 않습니다. 준비된 문장과'password_hash()'를 사용하십시오. –