最受欢迎

回复:在集成我的验证码和我的 PHP 代码时遇到问题

Re:Having trouble integrating both my Captcha and my Php Code

本文关键字:我的 代码 PHP 问题 遇到 集成 验证 回复 | 更新日期: 2023-09-27

我在将我的 Php 注册表与验证码集成时遇到问题。我尝试将它们与我非常有限的编码知识集成在一起,但是当输入错误的验证码时,它会指示"不正确的验证码",但不幸的是,它也在我的Mysql Db上输入用户,而无需首先验证验证码。

所有相关代码如下所示,请协助,谢谢!

1.Registration.php

    <div class="form-title">Sign Up</div>
    <div class="form-sub-title">It's free and anyone can join</div>
        <form method="post" action="check.php" enctype="multipart/form-data">
        <table width="864" align="center" cellpadding = "15">

            <tr>
                <td>FirstName:</td>
                <td><input type="text" name="FirstName" maxlength="10" required="" ></td>
              .....................................................................................................................................................................................................
         <td>&nbsp;</td>
</td>
  </tr> </td>
  <td>
 <?php
session_start();
echo '<form action="check.php" method="post">';
$rand_int1 = substr(mt_rand(),0,2);
$rand_int2 = substr(mt_rand(),0,1);
$rand_int3 = substr(mt_rand(),0,1);
$captcha_answer = $rand_int1 + $rand_int2 - $rand_int3;
$_SESSION['captcha_answer'] = $captcha_answer;
echo 'What is '.$rand_int1.' + '.$rand_int2.' - '.$rand_int3.'?<br>
<input type="text" name="captcha">
<td><input type="submit" value="Submit" name="registration" class="greenButton"/><img id="loading" src="img/ajax-loader.gif" alt="working.." /></td>
</form>';
?>
</td>
</tr>

 2. Check.php

   <?php
session_start();
$captcha = $_POST['captcha'];
$captcha_answer = $_SESSION['captcha_answer'];
if($captcha != $captcha_answer) {
    echo 'Captcha is incorrect!';
}
else {
    echo 'Captcha is correct, congratulations! :)';
}
?>


<?php

if(isset($_POST['registration']))
{
    require "connection.php";
    $FirstName = strip_tags($_POST['FirstName']);
    $LastName = strip_tags($_POST['LastName']);
    $Msisdn = $_POST['Msisdn'];
    $month = $_POST['month'];
    $day = $_POST['day'];
    $year = $_POST['year'];
    $date = $year . "-" . $month . "-" . $day;
    $dob = date('y-m-d', strtotime($date));


$Gender = $_POST['Gender'];
$Faith = $_POST['Faith'];
$City = $_POST['City'];
$MarritalStatus = $_POST['MarritalStatus'];
$Profession =$_POST['Profession'];
$Country = $_POST['Country'];




$query="insert into users set FirstName='".$FirstName."',LastName='".$LastName
        ."',Msisdn='".$Msisdn."',dob='".$dob."',Gender='".$Gender."',Faith='".$Faith."',City='".$City."',MarritalStatus='".$MarritalStatus."',Profession='".$Profession."',Country='".$Country."'";

mysql_query($query)or  die("".mysql_error());   

    echo "Successful Registration!";

        }
?>
验证

码应该阻止机器人成功提交表单。 对于任何自动表单提交来说,x1 + x2 - x3都太容易了。

要解决您的任务,在 if 子句if(isset($_POST['registration']))您还需要检查验证码是否成功,将其更改为:

if (isset($_POST['registration']) && $captcha === $captcha_answer)

您也不应该使用mysql_函数,因为它们很快就会在较新的PHP版本中被打开。

你的代码看起来也是一个很好的黑客目标(SQL注入)。您应该验证$_POST变量,而不仅仅是将它们放入简单的查询中。

就像我在名字中输入';DROP TABLE users;--一样。

这里的代码不检查验证码是否成功。要做到这一点,请进行更改

if(isset($_POST['registration']))

if(isset($_POST['registration']) && $captcha == $captcha_answer)

相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习