我正在为我的网站构建一个登录系统,我需要一种方法来检查表单中的所有字段是否都填写完毕。我也遇到错误消息的问题,说我的电子邮件格式不正确。
<?php
$con = mysql_connect(localhost, 262096, 9201999);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("262096", $con);
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$password = $_POST['password'];
$passwordconf = $_POST['passwordconf'];
$email = $_POST['email'];
$securityq = $_POST['securityq'];
$qanswer = $_POST['qanswer'];
if(empty($firstname) || empty($lastname) || empty($username) || empty($password) ||
empty($passwordconf) || empty($email) || empty($securityq) || empty($qanswer))
{
echo "You did not fill out the required fields.";
}
$uname = "SELECT * FROM users WHERE username='{$username}'";
$unamequery = mysql_query($uname) or die(mysql_error());
if(mysql_num_rows($unamequery) > 0)
{
echo "The username you entered is already taken";
}
$emailfind = "SELECT * FROM users WHERE email='{$email}'";
$emailquery = mysql_query($emailfind) or die(mysql_error());
if(mysql_num_rows($emailquery) > 0)
{
echo "The email you entered is already registered";
}
if($password != $passwordconf)
{
echo "The passwords you entered do not match";
}
$regex = "/^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+.[a-z]{2,}$/i";
if(!preg_match($regex, $email))
{
echo "The email you entered is not in name@domain format";
}
答案 0 :(得分:12)
使用大表格时,我建议使用表单字段创建一个数组:
$fields = array('firstname', 'lastname', 'username', 'password', 'passwordconf', 'email', 'securityq', 'qanswer');
$error = false; //No errors yet
foreach($fields AS $fieldname) { //Loop trough each field
if(!isset($_POST[$fieldname]) || empty($_POST[$fieldname])) {
echo 'Field '.$fieldname.' misses!<br />'; //Display error with field
$error = true; //Yup there are errors
}
}
if(!$error) { //Only create queries when no error occurs
//Create queries....
}
答案 1 :(得分:2)
通过查看代码,您似乎正在使用服务器端验证进行基本验证。
为什么不使用Jquery
尝试客户端验证http://docs.jquery.com/Plugins/Validation#Options_for_the_validate.28.29_method
答案 2 :(得分:2)
首先使用mysql_real_escape_string()来避免MYSQL注入:
...
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
...
要检查字段是否为空以便返回错误或消息只是这样做(简要示例):
if (!(empty($_POST['firstname']))){
execute some code....
}
else {
execute some code...
}
希望有所帮助
答案 3 :(得分:1)
使用简单的if语句查看用户提交的任何字段是否为空。例如,要检查用户名字段是否为空:
$username = $_POST['username'];
if ($username == "") {
echo "Username field is empty! <a href='page.php'>Go Back</a>
{
else {
echo "The username field has text in it. It is not empty.";
}
答案 4 :(得分:1)
此代码存在多个问题:
所以,你必须在这里停止
if(empty($firstname) || empty($lastname) || empty($username) || empty($password) || empty($passwordconf) || empty($email) || empty($securityq) || empty($qanswer))
{
echo "You did not fill out the required fields.";
die(); // Note this
}
答案 5 :(得分:1)
如果您正在对数据库执行任何操作,则应清理输入。 至于检查POST值。如果您需要完成该页面上的所有帖子,您可以尝试循环遍历$ _POST并检查每个帖子。如果您回应出现错误,也应该停止执行。并且请不要听人们说使用javascript,你需要强大的服务器端验证才能担心javascript!
foreach($_POST as $key => $value) {
if(empty($value)) {
echo "Error, not all values given.";
die;
}
}
但我建议你更深入地查看个别帖子。确保他们的用户名和密码具有正确的字符..如果您要查询数据库,请使用mysql_escape_string($str)。
答案 6 :(得分:0)
你可能想使用isset()和empty()函数
//! means NOT so: exists and NOT empty
if(isset($_POST['firstname']) && !empty($_POST['firstname'])) {
$firstname = $_POST['firstname'];
//Do something with $firstname
}
请记住,上面的代码只是一个例子。它很开始,但实时你将不得不做更多关于安全性。还要确保在验证失败时让代码终止或跳过查询
答案 7 :(得分:0)
if(in_array("",$_POST)){
//this will check the whole post data if any field is empty.
echo 'form is empty';
echo 'some error message';
exit;
}else{
echo "form is not empty";
//some code
}