PHP sql md5注册

Question

我已经创建了一个php注册表单。它工作得很好。但当我将其修改为md5 password时，它并没有运行。另外，有哪些方法可以保护/修改它以消除SQL注入攻击。

      require_once("functions/validation_employee_signup.php");

if( isset($_POST['send']) && (!validateName($_POST['name']) || !validateEmail($_POST['email']) || !validatePasswords($_POST['pass1'], $_POST['pass2']) || !validateContact($_POST['contact']) || !validateAge($_POST['age'])) ):?>
            <div id="error">    
                <ul>
                    <? if(!validateName($_POST['name'])):?>
                        <li><strong>Invalid Name:</strong> We want names with more than 3 letters.</li>
                    <? endif?>
                    <? if(!validateEmail($_POST['email'])):?>
                        <li><strong>Invalid E-mail:</strong> Type a valid e-mail please.</li>
                    <? endif?>
                    <? if(!validatePasswords($_POST['pass1'], $_POST['pass2'])):?>
                        <li><strong>Passwords are invalid:</strong> Passwords doesnt match or are invalid!</li>
                    <? endif?>
                    <? if(!validateContact($_POST['contact'])):?>
                        <li><strong>Please enter a valid number.</strong></li>
                    <? endif?>
                    <? if(!validateAge($_POST['age'])):?>
                        <li><strong>Please enter a valid age</strong></li>
                    <? endif?>
                    </ul>
            </div>
        <?php elseif(isset($_POST['send'])):?>
            <div id="error" class="valid">
                <ul>
                <?php
                require_once('functions/connection.php'); 
                $query = "INSERT INTO employee (name, md5(password), email, contact, age, gender, location, skill, work) VALUES ";                           
                $query .= "('".$_POST['name']."', '".$_POST['pass1']."', '".$_POST['email']."','".$_POST['contact']."','".$_POST['age']."','".$_POST['gender']."','".$_POST['location']."','".$_POST['skill']."','".$_POST['work']."')";
                // run the query
                mysql_query($query);?>
                <li><strong>Congratulations!</strong> You have been successfully registered!</li>
                </ul>
            </div>
    <?php endif?>

Answer 1

我认为您在错误的位置添加了MD5。它应该用在字符串上，而不是列名上。所以你的值部分应该是这样的：

$query .= "('".$_POST['name']."', MD5('".$_POST['pass1']."'), etc...