我需要有关PHP验证的帮助
我需要有关PHP验证的帮助
提问于 2016-04-29 13:05:11
我正在尝试执行表单注册验证,但我不知道这样做是否正确。
首先,我为表单中的每个空白域存储了一条错误消息。之后,如果我的字段不是空的,我想验证用户名字段(从无效字符),密码和电子邮件
问题是,当我删除用户名验证条件中的die();行时,它确实显示了错误消息和成功消息,并且无效的用户名被插入到我的数据库中。
我很确定问题出在我的if($numrows==0)条件中,但是我不知道为什么。
<?php
session_start();
$con=mysql_connect('localhost','root','') or die(mysql_error());
mysql_select_db('user_registration') or die("cannot select DB");
if(isset($_POST["submit"])){
$arrErrors = array();
unset($_SESSION['errors']);
if($_POST['user'] == ''){
$arrErrors['user_not_completed'] = "Username is not completed!";
$_SESSION['errors'] = $arrErrors;
header("Location: register.php");
}
if($_POST['pass'] == ''){
$arrErrors['pass_not_completed'] = "Password is not completed!";
$_SESSION['errors'] = $arrErrors;
header("Location: register.php");
}
if($_POST['email'] == ''){
$arrErrors['email_not_completed'] = "Email is not completed!";
$_SESSION['errors'] = $arrErrors;
header("Location: register.php");
}
if(!empty($_POST['user']) && !empty($_POST['pass']) && !empty($_POST['email'])) {
$user=$_POST['user'];
$pass=$_POST['pass'];
$email=$_POST['email'];
if(!preg_match("/^[a-zA-Z'-]+$/",$user)) {
$arrErrors['invalid_user'] = "Username is invalid!";
$_SESSION['errors'] = $arrErrors;
header("Location: register.php");
die();
}
$query=mysql_query("SELECT * FROM users WHERE username='".$user."'");
$numrows=mysql_num_rows($query);
if($numrows==0){
$sql="INSERT INTO users(username,password, email) VALUES('$user','$pass', '$email')";
$result=mysql_query($sql);
if($result){
$arrErrors['succes'] = 'Account successfuly created!';
$_SESSION['errors'] = $arrErrors;
header("Location: register.php");
}
} else {
$arrErrors['already_exists'] = 'That username already exists!';
$_SESSION['errors'] = $arrErrors;
header("Location: register.php");
}
}
}
?>回答 1
Stack Overflow用户
发布于 2016-04-29 13:59:55
我建议你这样做:
<?php
//FIRST I WOULD CHECK IF SESSION EXIST BEFORE STARTING IT:
if (session_status() == PHP_SESSION_NONE || session_id() == '') {
session_start();
}
//NEXT I'D USE PDO AS MY DATABASE ABSTRACTION LAYER: IT HAS A LOT OF ADVANTAGES, REALLY:
//DATABASE CONNECTION CONFIGURATION:
defined("HOST") or define("HOST", "localhost"); //REPLACE WITH YOUR DB-HOST
defined("DBASE") or define("DBASE", "user_registration"); //REPLACE WITH YOUR DB NAME
defined("USER") or define("USER", "root"); //REPLACE WITH YOUR DB-USER
defined("PASS") or define("PASS", ""); //REPLACE WITH YOUR DB-PASS
if(isset($_POST["submit"])){
//THEN CLEAN UP THE SUBMITTED DATA TO AVOID POSSIBLE ATTACKS...
$user = isset($_POST['user']) ? htmlspecialchars(trim($_POST['user'])) : null; //PROTECT AGAINST ATTACKS
$pass = isset($_POST['pass']) ? htmlspecialchars(trim($_POST['pass'])) : null; //PROTECT AGAINST ATTACKS
$email = isset($_POST['email']) ? htmlspecialchars(trim($_POST['email'])) : null; //PROTECT AGAINST ATTACKS
$passRX = '#(^[a-zA-z0-9\-\+_\}\{\(\)])([\w\.\-\\:\;\+\(\)\/\}\{\(\)\ ])*\w*$#';
$userRX = '#(^[a-zA-z])([\w\.\-\(\)\ ])*\w*$#';
$arrErrors = array();
unset($_SESSION['errors']);
//CHECK IF USERNAME CONFORMS TO THE CUSTOM USERNAME REG-EXP...
if(!preg_match($userRX, $user)){
$arrErrors['user_not_completed'] = "Username is either not completed or is invalid!";
//SAVE ERRORS TO SESSION
$_SESSION['errors'] = $arrErrors;
//REDIRECT BACK TO REGISTER PAGE
header("Location: register.php");
exit;
}
//CHECK IF PASSWORD CONFORMS TO THE CUSTOM PASSWORD REG-EXP...
if(!preg_match($passRX, $pass)){
$arrErrors['pass_not_completed'] = "Password is not completed!";
//SAVE ERRORS TO SESSION
$_SESSION['errors'] = $arrErrors;
//REDIRECT BACK TO REGISTER PAGE
header("Location: register.php");
exit;
}
//CHECK IF E-MAIL CONFORMS TO THE STANDARD E-MAIL FORMAT USING BUILT-FUNCTIONS...
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$arrErrors['email_not_completed'] = "Email is not completed!";
//SAVE ERRORS TO SESSION
$_SESSION['errors'] = $arrErrors;
//REDIRECT BACK TO REGISTER PAGE
header("Location: register.php");
exit;
}
//BECAUSE WE HAVE SANITIZED VERSIONS OF OUR $user, $pass & $email VARIABLES
//WE CAN JUST USE THEM DIRECTLY HERE:
if($user && $pass && $email) {
//HERE WE BEGIN THE PDO HIGH-LEVEL MAGIC... ;-)
try {
$dbh = new PDO('mysql:host='.HOST.';dbname='. DBASE,USER,PASS);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $dbh->prepare("SELECT * FROM users WHERE username = :user");
$stmt->execute(['user' => $user]);
$objUser = $stmt->fetch(PDO::FETCH_OBJ);
//THIS USER DOES NOT ALREADY EXIST SO WE GO AHEAD AND CREATE A CORRESPONDING RECORD IN THE DB TABLE
if(!$objUser){
$stmt = $dbh->prepare("INSERT INTO users (username, password, email) VALUES(:user, :pass, :email)");
$stmt->bindParam(':user', $user);
$stmt->bindParam(':pass', $pass);
$stmt->bindParam(':email', $email);
$insertStatus = $stmt->execute();
if($insertStatus){
$arrErrors['succes'] = 'Account successfuly created!';
$_SESSION['errors'] = $arrErrors;
header("Location: register.php");
exit;
}
}else {
$arrErrors['already_exists'] = 'That username already exists!';
$_SESSION['errors'] = $arrErrors;
header("Location: register.php");
exit;
}
//GARBAGE COLLECTION
$dbh = null;
}catch(PDOException $e){
//YOU HANDLE YOUR EXCEPTIONS HERE IN YOUR OWN UNIQUE MANNER...
echo $e->getMessage();
}
}
}
?>页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/36939153
复制相关文章
![Windows 安装svn(出错已解决)和MySQL安装[通俗易懂]](https://ask.qcloudimg.com/http-save/yehe-8223537/6a3d013595cf9d14251888eb46343409.jpg)
点击加载更多
相似问题
尝试安装Acumos时出错
尝试安装shinyapps时出错
尝试安装MSMQ时出错
尝试安装cldr时出错
尝试安装PyCrypto时出错
添加站长 进交流群
领取专属 10元无门槛券
AI混元助手 在线答疑
关注 腾讯云开发者公众号
洞察 腾讯核心技术
剖析业界实践案例
腾讯云开发者
