How to get OpenID through front-end registration and store it to the database?

Safe and efficiently implement front-end registration and OpenID database storage

This article describes how to use PHP and MySQL to build a secure and reliable user registration function, including obtaining user name, mobile phone number, and OpenID and storing it to the database. We will optimize the code to enhance security and enhance user experience.

Requirements Analysis

The goal is to implement a front-end user registration form, collect user names, mobile phone numbers, and OpenID, and store this information securely in the MySQL database. The backend uses PHP to process data.

Improved PHP code

The following code example enhances security and includes more comprehensive error handling:

 <?php if (isset($_POST[&#39;submit&#39;])) {
    // 1. Securely obtain user input $name = filter_input(INPUT_POST, &#39;name&#39;, FILTER_SANITIZE_STRING);
    $phone = filter_input(INPUT_POST, &#39;phone&#39;, FILTER_SANITIZE_STRING);
    $openid = filter_input(INPUT_POST, &#39;openid&#39;, FILTER_SANITIZE_STRING);

    // 2. Database connection (replace with your database information)
    $conn = new mysqli("localhost", "username", "password", "database");
    if ($conn->connect_error) {
        die("Database connection failed: " . $conn->connect_error);
    }

    // 3. Preprocess SQL statements to prevent SQL injection $stmt = $conn->prepare("INSERT INTO users (name, phone, openid) VALUES (?, ?, ?)");
    $stmt->bind_param("sss", $name, $phone, $openid);

    // 4. Execute SQL statement if ($stmt->execute()) {
        echo "Registered successfully!";
    } else {
        die("Register failed: " . $stmt->error);
    }

    // 5. Close the database connection $stmt->close();
    $conn->close();
}
?>
<title>User registration</title>

Code improvement instructions

1. Prevent SQL injection: Use preprocessing statements ( prepare and bind_param ) to effectively prevent SQL injection vulnerabilities, which is a crucial security measure. No longer directly splicing user input into SQL statements.

2. Input filtering: Use filter_input function to filter and clean user input to further enhance security and prevent XSS and other attacks.

3. Error handling: The improved error handling mechanism provides more detailed error information, which is convenient for debugging and troubleshooting.

4. Database connection object: Use object-oriented mysqli method to connect databases, which is easier to manage and maintain.

5. User feedback: Provide users with feedback information about successful or failed registration to improve user experience.

OpenID Getting: This code assumes that OpenID has been obtained through the front-end (for example, using the WeChat JavaScript SDK) and submitted as form data. You need to integrate the corresponding OpenID acquisition logic in the front-end code and pass the obtained OpenID to the back-end. This part of the code is not reflected in this example because it relies on the API of specific third-party login platforms (such as WeChat, QQ, etc.).

This optimized code is safer, more robust and provides a better user experience. Be sure to replace the database credentials in the code for your actual information. Remember, security is always a priority in development.

The above is the detailed content of How to get OpenID through front-end registration and store it to the database?. For more information, please follow other related articles on the PHP Chinese website!