1
I’m developing a dynamic site and in one of forms of registration a user was saved so:
Page php code:
<?php
session_start();
ob_start();
$btnCadUsuario = filter_input(INPUT_POST, 'btnCadUsuario', FILTER_SANITIZE_STRING);
if($btnCadUsuario){
include_once 'conexao.php';
$dados_rc = filter_input_array(INPUT_POST, FILTER_DEFAULT);
$erro = false;
$dados_st = array_map('strip_tags', $dados_rc);
$dados = array_map('trim', $dados_st);
if(in_array('',$dados)){
$erro = true;
$_SESSION['msg'] = "Necessário preencher todos os campos";
}elseif((strlen($dados['senha'])) < 6){
$erro = true;
$_SESSION['msg'] = "A senha deve ter no minímo 6 caracteres";
}elseif(stristr($dados['senha'], "'")) {
$erro = true;
$_SESSION['msg'] = "Caracter ( ' ) utilizado na senha é inválido";
}else{
$result_usuario = "SELECT id FROM users WHERE usuario='". $dados['usuario'] ."'";
$resultado_usuario = mysqli_query($conn, $result_usuario);
if(($resultado_usuario) AND ($resultado_usuario->num_rows != 0)){
$erro = true;
$_SESSION['msg'] = "Este usuário já está sendo utilizado";
}
$result_usuario = "SELECT id FROM users WHERE email='". $dados['email'] ."'";
$resultado_usuario = mysqli_query($conn, $result_usuario);
if(($resultado_usuario) AND ($resultado_usuario->num_rows != 0)){
$erro = true;
$_SESSION['msg'] = "Este e-mail já está cadastrado";
}
}
//var_dump($dados);
if(!$erro){
//var_dump($dados);
$dados['senha'] = password_hash($dados['senha'], PASSWORD_DEFAULT);
$result_usuario = "INSERT INTO users (nome, email, usuario, senha) VALUES (
'" .$dados['nome']. "',
'" .$dados['email']. "',
'" .$dados['usuario']. "',
'" .$dados['senha']. "'
)";
$resultado_usario = mysqli_query($conn, $result_usuario);
if(mysqli_insert_id($conn)){
$_SESSION['msgcad'] = "Usuário cadastrado com sucesso";
header("Location: login.php");
}else{
$_SESSION['msg'] = "Erro ao cadastrar o usuário";
}
}
}
?>
I have a lot of difficulty using this tool here. Follow alternative in Hastebin.
After performing an input using accent and special fonts type the following was recorded:
- Some code failure may have sent these characters?
- The user tried some kind of injection/crack on my website?
- These characters are harmful?
- If so, what measures should I take?
Or maybe it’s not duplicate? When reading again I was in doubt... The questions contained here at the end of the text do not aim to remedy the problem, only understand it and its impact on user experience
– Jefferson Quesado
@Jeffersonquesado if the problem is the coding is duplicate. But this doesn’t seem like it, so I’ll wait for Lucas to confirm so I can remove my duplicate vote.
– gato
Does this happen often? Every time you register values like
èéóúçñ?– gato
@Jeffersonquesado I will simulate a register using accents to detect if the problem is the encoding.
– Rytter
@cat among 20 registers this was the only one that presented these characters.
– Rytter
But you can engrave characters with an accent?
– gato
Added information.
– Rytter
try to make your password record only characters or numbers, sometimes it may have been some special character or even accent
– Victor
Lucas try to debug like this
$dados_rc = filter_input_array(INPUT_POST, FILTER_DEFAULT);will look like thisvar_dump($dados_rc);– Guilherme Nascimento