希望有新眼睛的人可以帮忙。谢谢-R
检查提交的BUTTOM是否被点击---安全(signup.php文件中的按钮类型) - /
if (isset($_POST['submit'])) {
/*INCLUDE DATABASE FILE--*/
include_once 'dbh.inc.php';
/ 创建一个变量 - (第一个调用) - (是注册表格中的第一个输入)(允许将代码转换为文本)[[无法将代码输入到框中}} - < / EM> /
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//ERROR HANDLERS
//CHECK FOR EMPTY FIELDS---(double pipes means or in php)
if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
//CHECK IF INPUT CHARACTERS ARE VALID
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
} else {
//CHECK IF EMAIL IS VALID
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0){
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
//HASHING PASSWORD---
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//INSERT USER INTO DATABASE
$sql= "INSERT INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first','$last', '$email', '$uid','$hashedPwd' );";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
} else{
/*COLON MUST NOT HAVE SPACE BETWEEN LOCATION---SPACE BETWEEN ../---(TAKES BACK A DIRECTORY)--PREVENTS GOING TO URL TO ACCESS FILE PAGE.--TAKES USER
BACK TO SIGNUP PAGE*/
header("Location: ../signup.php");
/*exit--closes off script from running--(IF ANYTHING AFTER EXIT FUNCTION)*/
exit();
}
答案 0 :(得分:0)
请在下次正确格式化您的代码,以便将来可以避免此类错误:
<?php
if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
if(empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
header("Location: ../signup.php?signup=empty");
exit();
}else{
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
}elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)){
header("Location: ../signup.php?signup=email");
exit();
}else{
$sql = "SELECT user_uid FROM users WHERE user_uid='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck > 0){
header("Location: ../signup.php?signup=usertaken");
exit();
}else{
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
$sql= "INSERT INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first','$last', '$email', '$uid','$hashedPwd' );";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}else{
header("Location: ../signup.php");
exit();
}
我更改了这部分代码:
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
} else {
//CHECK IF EMAIL IS VALID
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
} else {
由于您可以在使用email检查用户的first和last名称后查看else if。
P.S我不想成为这类网站的用户,因为每次输入错误时它都会重定向。理想情况下,如果你能够告诉他们输入中的错误,那么最好是他们仍然处于这样的形式,即他们不必在重定向后重新输入所有内容,并且每次都弄清楚他们做错了什么。
HTML5电子邮件输入已经检查电子邮件的格式是否有效,因此您也可以使用它。
您的代码中的问题是在最终}语句之前缺少else