PHP register script с шифрованием sha256

Question

Я создаю скрипт регистра, который позволяет пользователю зарегистрироваться для учетной записи на веб-сайте. Я решил использовать sha256 для шифрования пароля.

Вот мой код:

// Set error message as blank upon arrival to page 
$errorMsg = ""; 
// First we check to see if the form has been submitted 
if (isset($_POST['Submit'])){ 
    //Connect to the database through our include 
    require_once ('includes/connect.inc.php'); 
    // Filter the posted variables 
    $forename = $_POST['forename']; 
    $surname = $_POST['surname']; 
    $email = stripslashes($_POST['email']); 
    $password = preg_replace("[^A-Za-z0-9]", "", $_POST['password']); // filter everything but numbers and letters 
    $email = strip_tags($email); 
    $town = preg_replace("[^A-Z a-z0-9]", "", $_POST['town']); // filter everything but spaces, numbers, and letters 

    // Check to see if the user filled all fields with 
    // the "Required"(*) symbol next to them in the join form 
    // and print out to them what they have forgotten to put in 
    if((!$forename) || (!$surname) || (!$email) || (!$password) || (!$town)){ 

     $errorMsg = "You did not submit the following required information!<br /><br />"; 
     if(!$forename){ 
      $errorMsg .= "--- Forename"; 
     } else if(!$surname){ 
      $errorMsg .= "--- Surname"; 
     } else if(!$email){ 
      $errorMsg .= "--- email"; 
     } else if(!$password){ 
      $errorMsg .= "--- password"; 
     } else if(!$town){ 
      $errorMsg .= "--- town"; 
     } 
    } else { 

      $hash = hash("sha256", $password); 

      $sql = "INSERT INTO customers (forename, surname, email, password, town, registeredDate, active) 
      VALUES('$forename','$surname','$email', '$hash', '$town', GETDATE(), 'True')" ; 
      $stmt2 = sqlsrv_query($conn,$sql); 


    } // Close else after missing vars check 
} //Close if $_POST 
?> 

<form action="join_form.php" method="post" enctype="multipart/form-data"> 
    <tr> 
     <td colspan="2"><font color="#FF0000"><?php echo "$errorMsg"; ?></font></td> 
    </tr> 

    <tr> 
     <td width="163"><div align="right">Forename:</div></td> 
     <td width="409"><input name="forename" type="text"/></td> 
    </tr> 

    <tr> 
     <td width="163"><div align="right">Surname:</div></td> 
     <td width="409"><input name="surname" type="text"/></td> 
    </tr> 

    <tr> 
     <td><div align="right">Email: </div></td> 
     <td><input name="email" type="text" /></td> 
    </tr> 

    <tr> 
     <td><div align="right"> Password: </div></td> 
     <td><input name="password" type="password" /> 
     <font size="-2" color="#006600">(letters or numbers only, no spaces no symbols)</font></td> 
    </tr> 

    <tr> 
     <td><div align="right">Town: </div></td> 
     <td> 
     <input name="town" type="text" /> 
     </td> 
    </tr> 

    <tr> 
     <td><div align="right"></div></td> 
     <td><input type="submit" name="Submit" value="Submit Form" /></td> 
    </tr> 
    </form> 

При нажатии кнопки ничего не происходит Submit. Я не получаю сообщение об ошибке, но запись также не добавляется в базу данных.

Я знаю, что есть что-то делать со мной, используя

$hash = hash("sha256", $password); 

Может быть, я положил его в неправильном месте или что-то? Я очень новичок в PHP.

Answer 1

Я изменил код целиком и используется Params для того, чтобы добавить запись в базу данных

<?php 
require_once ('includes/connect.inc.php'); 

if ($_POST['Register'] == "register") 
{ 

$params = array($_POST['email']); 

$sql= "SELECT * FROM customers WHERE Email=?"; 
$stmt = sqlsrv_query($conn,$sql,$params); 

if(sqlsrv_has_rows($stmt)) 
{ 
// echo"<h2>You have already signed up with this email </h2>"; 
    header('Location: register_login_forms.php?error=2'); 
    die(); 
} else if($_POST['password'] != $_POST['password2']) 
{ 
// echo"<h2>Wrong Passwod</h2>"; 
    header('Location: register_login_forms.php?error=3'); 
    die(); 
} 

$pass = hash("sha256", $_POST['password']); 

$params = array($_POST['forename'],$_POST['surname'],$_POST['email'],$pass, $_POST['phone'], $_POST['question'], 
$_POST['answer']); 

$sql="INSERT INTO customers (forename,surname,email,password,phone,secret_question, secret_answer,active,registeredDate) 
VALUES (?,?,?,?,?,?,?,'True',GETDATE())"; 
    $stmt=sqlsrv_query($conn,$sql,$params); 
header('Location: registerSuccess.php');  

} 

?> 

А вот форма

<Form name = "Register" action="register.php" method="POST" > 

        <label>Forename</label><br /> 
        <input required title="Please only use Letters" type="text" pattern="\s*[A-z]+\s*" name="forename" /><br/> 
        <label>Surname</label><br /> 
        <input required title="Please only use Letters" type="text" pattern="\s*[A-z]+\s*" name="surname" /><br/> 
        <label>Email</label><br /> 
        <input required title="Please enter a Valid Email Address" type="email" name="email" /></br> 
        <label>Password</label><br /> 
        <input required title="Please have a Password of Minimum of 6 Characters with Numbers" type="password" pattern="[A-z0-9]{6,20}" name="password" /></br> 
        <label>Confirm Password</label><br /> 
        <input required title="Confirm Password" type="password" pattern="[A-z0-9]{6,20}" name="password2" /></br> 
        <label>Secret Question</label><br /> 
        <input required type="text" name="question" /></br> 
        <label>Secret Answer</label><br /> 
        <input required type="text" name="answer" /></br> 
        <label>Phone Number</label><br /> 
        <input required title="Please only use numbers" type="text" pattern="\d+" name="phone" /></br> 

        <input type="hidden" name="Register" value="register"> 
        <input class="button" type = "submit"/> 

      </Form>