$_SESSION['email'] = $_POST['remail'];
$_SESSION['first_name'] = $_POST['firstname'];
$_SESSION['last_name'] = $_POST['lastname'];
$first_name = $mysqli->escape_string($_POST['firstname']));
$last_name = $mysqli->escape_string($_POST['lastname']);
$email = $mysqli->escape_string($_POST['remail']);
$password = $mysqli->escape_string(password_hash($_POST['rpassword'], PASSWORD_BCRYPT));
$confirmPassword = $mysqli->escape_string(password_hash($_POST['confirmPassword'], PASSWORD_BCRYPT));
$hash = $mysqli->escape_string(md5(rand(0,1000)));
$result = $mysqli->query("SELECT * FROM users WHERE email='$email'") or die($mysqli->error());
if ($result->num_rows > 0)
{
$_SESSION['message'] = '<div class="info-alert">User with this email already exists!</div>';
header("location: error.php");
}
else {
$sql = "INSERT INTO users (first_name, last_name, email, password, hash)"
."VALUES ('$first_name','$last_name','$email','$password', '$hash')"; ---This is only part of registration.php ---
'
Hello guys i am new in world of world of website creating, php learning, and english speaking. Actually i have downloaded one registration and this is registration.php I just dont know how to use htmlspecialchars to prevent basic XSS atack. Can somebody help me with this?
Aucun commentaire:
Enregistrer un commentaire