我想问一下,当我使用header()重定向到表单页面时,如果有错误,我是否应该将PHP验证放在同一个HTML表单上,或者是一个带有会话变量的单独文件来显示错误。
将问题放入会话变量中的主要问题是,即使关闭标签页并返回表单(浏览器必须关闭重置),这些错误仍然存在。如果有一个新页面,则会出现错误,说会话数组为空。
<?php session_start() ?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Login</title>
</head>
<body>
<form action="formprocess.php" method="POST">
<h1>Register For An Account!</h1></br>
<?php echo $_SESSION['usernameerr']; ?>
<p>Username: </p><input type="text" name="username"></br></br>
<?php echo $_SESSION['passworderr']; ?>
<p>Password: </p><input type="text" name="password"></br></br>
<?php echo $_SESSION['emailerr']; ?>
<p>E-mail Address</p><input type="text" name="email"></br></br>
<input type="submit" name="Submit">
</form>
</body>
</html>
这是php验证码:
<?php
session_start();
/*
* VALIDATING FORM DATA
*/
// Setting validation variables and functions
$username = $password = $email = "";
$usernameerr = $passworderr = $emailerr = "";
function data_get($param){
if(isset($_POST[$param])){
$param = $_POST[$param];
}
return $param;
}
function sanitize_data($string){
$sanitized_string = trim($string);
$sanitized_string = strip_tags($sanitized_string);
$sanitized_string = htmlspecialchars($sanitized_string);
$sanitized_string = stripslashes($sanitized_string);
return $sanitized_string;
}
// Validation of form data
if(data_get("Submit")){
//Username validation
if(empty(data_get("username")) || strlen(data_get("username"))>50){
$usernameerr = "Please enter a valid username that is less than 50 characters long";
$_SESSION['usernameerr'] = $usernameerr;
}
else{
$username = sanitize_data(data_get("username"));
$_SESSION['username'] = $username;
}
//Password validation
if(empty(data_get("password")) || strlen(data_get("username")) > 50){
$passworderr = "Please enter a valid password that is less than 50 characters long";
$_SESSION['passworderr'] = $passworderr;
}
else{
$password = password_hash(sanitize_data(data_get("password")), PASSWORD_DEFAULT);
$_SESSION['password'] = $password;
}
//Email validation
if(!filter_var(data_get("email"), FILTER_VALIDATE_EMAIL)){
$emailerr = "Please enter a valid email";
$_SESSION['emailerr'] = $emailerr;
}
else{
$email = filter_var(data_get("email"), FILTER_SANITIZE_EMAIL);
$_SESSION['email'] = $email;
}
}
//Redirects to database handler
if(empty($usernameerr) and empty($passworderr) and empty($emailerr)){
header("Location: dbconn.php");
exit;
}
else{
header("Location: index.php");
exit;
}
?>
另外,我是否正确处理了密码加密?或者我错过了一些可能妨碍安全的非常重要的事情?如果一切顺利,我对header()做了dbconn.php,它会将其插入到数据库中。