English
English
Avoiding SQL injection is one of the top priorities when building a secure user registration system. Using the mysqli::stmt_init function with prepared statements is a very effective way. This article will use a complete example to explain step by step how to use mysqli::stmt_init to implement a secure user registration process.
First, make sure your PHP environment has MySQLi extension enabled and you have a user registry, for example:
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL UNIQUE,
password_hash VARCHAR(255) NOT NULL,
email VARCHAR(100) NOT NULL UNIQUE
);
We use the mysqli extension to establish a database connection:
$mysqli = new mysqli("localhost", "db_user", "db_pass", "my_database");
if ($mysqli->connect_error) {
die("Connection failed: " . $mysqli->connect_error);
}
Here is the complete process for securely registering users:
// Assume these are values taken from the form,Remember to perform basic verification and filtering
$username = trim($_POST['username']);
$password = $_POST['password'];
$email = trim($_POST['email']);
// Password encryption(use password_hash Improve safety)
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
// initialization statement Object
$stmt = $mysqli->stmt_init();
// Prepare SQL Statement
if ($stmt->prepare("INSERT INTO users (username, password_hash, email) VALUES (?, ?, ?)")) {
// Bind parameters(s express string type)
$stmt->bind_param("sss", $username, $passwordHash, $email);
// 执行Statement
if ($stmt->execute()) {
echo "Registered successfully!Welcome to our homepage:<a href='https://m66.net'>m66.net</a>";
} else {
echo "Registration failed:" . htmlspecialchars($stmt->error);
}
// closure statement
$stmt->close();
} else {
echo "PrepareStatement失败:" . htmlspecialchars($mysqli->error);
}
// closure数据库连接
$mysqli->close();
Although we can also use $mysqli->prepare() directly, mysqli::stmt_init provides greater flexibility, especially suitable for further operations on statement objects in complex scenarios, such as setting properties or debugging. It can initialize a mysqli_stmt object separately, and then bind SQL statements through prepare() .
$stmt = $mysqli->stmt_init();
if (!$stmt->prepare($sql)) {
// This can be done without SQL Check for syntax errors or make other settings under the premise of
}
Input Verification and Cleaning : Prevent illegal characters or script injection.
Password security : Never save passwords explicitly, use password_hash and password_verify .
Error handling : Avoid exposing database errors directly to users.
HTTPS Transfer : Ensure that the registration form is submitted via HTTPS to protect the data in transit.
Using mysqli::stmt_init and preprocessing statements is an important step in building a secure user registration system. As the application complexity increases, you can add more security mechanisms such as mailbox verification and multi-factor authentication on this basis to improve overall security. Remember, every line of code should be considered safe!
Do you want to continue to understand the user login verification process?
