-2

ユーザーがWebサイトのアカウントに登録できるようにする登録スクリプトを作成しています。パスワードの暗号化にはsha256を使用することにしました。

これが私のコードです:

    // Set error message as blank upon arrival to page
$errorMsg = "";
// First we check to see if the form has been submitted 
if (isset($_POST['Submit'])){
    //Connect to the database through our include 
    require_once ('includes/connect.inc.php');
    // Filter the posted variables
    $forename = $_POST['forename'];
    $surname = $_POST['surname'];
    $email = stripslashes($_POST['email']);
    $password = preg_replace("[^A-Za-z0-9]", "", $_POST['password']); // filter everything but numbers and letters
    $email = strip_tags($email);
    $town = preg_replace("[^A-Z a-z0-9]", "", $_POST['town']); // filter everything but spaces, numbers, and letters

    // Check to see if the user filled all fields with
    // the "Required"(*) symbol next to them in the join form
    // and print out to them what they have forgotten to put in
    if((!$forename) || (!$surname) || (!$email) || (!$password) || (!$town)){

        $errorMsg = "You did not submit the following required information!<br /><br />";
        if(!$forename){
            $errorMsg .= "--- Forename";
        } else if(!$surname){
            $errorMsg .= "--- Surname"; 
        } else if(!$email){ 
            $errorMsg .= "--- email"; 
       } else if(!$password){ 
           $errorMsg .= "--- password"; 
       } else if(!$town){ 
           $errorMsg .= "--- town"; 
       }
    } else {

           $hash = hash("sha256", $password);

            $sql = "INSERT INTO customers (forename, surname, email, password, town, registeredDate, active) 
            VALUES('$forename','$surname','$email', '$hash', '$town', GETDATE(), 'True')" ;
            $stmt2 = sqlsrv_query($conn,$sql);


  } // Close else after missing vars check
} //Close if $_POST
?>

<form action="join_form.php" method="post" enctype="multipart/form-data">
    <tr>
      <td colspan="2"><font color="#FF0000"><?php echo "$errorMsg"; ?></font></td>
    </tr>

    <tr>
      <td width="163"><div align="right">Forename:</div></td>
      <td width="409"><input name="forename" type="text"/></td>
    </tr>

    <tr>
      <td width="163"><div align="right">Surname:</div></td>
      <td width="409"><input name="surname" type="text"/></td>
    </tr>

    <tr>
      <td><div align="right">Email: </div></td>
      <td><input name="email" type="text" /></td>
    </tr>

     <tr>
      <td><div align="right"> Password: </div></td>
      <td><input name="password" type="password" /> 
      <font size="-2" color="#006600">(letters or numbers only, no spaces no symbols)</font></td>
    </tr>

    <tr>
      <td><div align="right">Town: </div></td>
      <td>
        <input name="town" type="text" />
      </td>
    </tr>

    <tr>
      <td><div align="right"></div></td>
      <td><input type="submit" name="Submit" value="Submit Form" /></td>
    </tr>
  </form>

[送信]ボタンを押しても何も起こりません。エラーメッセージは表示されませんが、レコードもデータベースに追加されません。

私はそれが私と関係があることを知っています

$hash = hash("sha256", $password);

多分私はそれを間違った場所か何かに置いたのですか?私はPHPにとても慣れていません。

4

1 に答える 1

1

コードを完全に変更し、データベースにレコードを追加するためにparamsを使用しました

<?php
require_once ('includes/connect.inc.php');

if ($_POST['Register'] == "register")
{

 $params = array($_POST['email']);

 $sql= "SELECT * FROM customers WHERE Email=?";
 $stmt = sqlsrv_query($conn,$sql,$params);

 if(sqlsrv_has_rows($stmt))
 {
// echo"<h2>You have already signed up with this email </h2>";
  header('Location: register_login_forms.php?error=2');
  die();
 } else if($_POST['password'] != $_POST['password2'])
 {
 // echo"<h2>Wrong Passwod</h2>";
  header('Location: register_login_forms.php?error=3');
  die();
 }

 $pass = hash("sha256", $_POST['password']);

 $params = array($_POST['forename'],$_POST['surname'],$_POST['email'],$pass, $_POST['phone'], $_POST['question'],
 $_POST['answer']);

 $sql="INSERT INTO customers (forename,surname,email,password,phone,secret_question, secret_answer,active,registeredDate)
 VALUES (?,?,?,?,?,?,?,'True',GETDATE())";
    $stmt=sqlsrv_query($conn,$sql,$params);
header('Location: registerSuccess.php');    

}

?>

そしてここにフォームがあります

<Form name = "Register" action="register.php" method="POST" >

                    <label>Forename</label><br />
                    <input required title="Please only use Letters"  type="text" pattern="\s*[A-z]+\s*" name="forename" /><br/>
                    <label>Surname</label><br />
                    <input required title="Please only use Letters"  type="text" pattern="\s*[A-z]+\s*" name="surname" /><br/>
                    <label>Email</label><br />
                    <input required title="Please enter a Valid Email Address"  type="email" name="email" /></br>
                    <label>Password</label><br />
                    <input required title="Please have a Password of Minimum of 6 Characters with Numbers"   type="password" pattern="[A-z0-9]{6,20}" name="password" /></br>
                    <label>Confirm Password</label><br />
                    <input required title="Confirm Password"   type="password" pattern="[A-z0-9]{6,20}" name="password2" /></br>
                    <label>Secret Question</label><br />
                    <input required  type="text" name="question" /></br>
                    <label>Secret Answer</label><br />
                    <input required  type="text" name="answer" /></br>
                    <label>Phone Number</label><br />
                    <input required title="Please only use numbers"  type="text" pattern="\d+" name="phone" /></br>

                    <input type="hidden" name="Register" value="register">
                    <input class="button" type = "submit"/>

            </Form>
于 2012-05-07T23:50:46.890 に答える