关于PHP的快速问题我还在学习为什么在下面的代码中出现$ html [$ firstname]作为服务器错误日志中未定义的索引........ 快速回答会很棒......
嗨,这里是清晰的所有代码,让我知道PDO的代码是否足够好并且不需要转义,我猜测在我输出数据之前不需要html实体数据库通过php到浏览器。
<?php
$firstname = "";
$lastname = "";
$username = "";
$email = "";
$password = "";
$confirm_password = "";
$_POST['firstname'] = $firstname;
$_POST['lastname'] = $lastname;
$_POST['username'] = $username;
$_POST['email'] = $email;
$_POST['password'] = $password;
$_POST['confirm_password'] = $confirm_password;
$clean = array();
if(ctype_alnum($firstname)){
$clean[$firstname] = $firstname;
};
if(ctype_alnum($lastname)){
$clean[$lastname] = $lastname;
};
if(ctype_alnum($username)){
$clean[$username] = $username;
};
if(isset($email)){
filter_var($email, FILTER_SANITIZE_EMAIL);
};
//initialize an array for escaped data
$html = array();
//escape the filtered data
$html[$firstname] = htmlentities($clean[$firstname], ENT_QUOTES, 'UTF-8');
$html[$lastname] = htmlentities($clean[$lastname], ENT_QUOTES, 'UTF-8');
$html[$username] = htmlentities($clean[$username], ENT_QUOTES, 'UTF-8');
$html[$email] = htmlentities($email, ENT_QUOTES, 'UTF-8');
$html[$password] = htmlentities($password, ENT_QUOTES, 'UTF-8');
$html[$confirm_password] = htmlentities($confirm_password, ENT_QUOTES, 'UTF-8');
//
//write function to generate random salt for every password, + bcrypt allpasswords, then store in db
$salt = substr(str_replace('+', '.', base64_encode(pack('N4', mt_rand(), mt_rand(), mt_rand(), mt_rand()))), 0, 22);
$hash = crypt($html[$password], '$2a$10$'.$salt.'$');
$currentPassword = '$2a$15$Ku2hb./9aA71tPo/E015h.LsNjXrZe8pyRwXOCpSnGb0nPZuxeZP2';
$checkPassword = $password;
if(crypt($checkPassword, $currentPassword) === $currentPassword){
echo 'You are in!';
}else{
echo 'You entered the wrong password';
}
// store everything in the database execute prepare, then send back the email verification, do not send
//new password to email, and don't send forgotten password to email, just get them to remember it and click the link'
//connect to the database
$user = "*****";
$dbpassword = "****";
$db = new PDO('mysql:host=localhost;dbname=_virtualpiersclose', $user, $dbpassword);
$statement = $db->prepare("INSERT INTO users (firstname, lastname, username, email, password)
VALUES (:firstname, :lastname, :username, :email, :password)");
$statement->bindParam(':firstname', $html[$firstname]);
$statement->bindParam(':lastname', $html[$lastname]);
$statement->bindParam(':username', $html[$username]);
$statement->bindParam(':email', $html[$email]);
$statement->bindParam(':password',$html[$password]);
$statement->execute();
$db = NULL;
?>
答案 0 :(得分:3)
我认为你想要的是:
$html['firstname']
话虽如此,你的代码有点疯狂,并没有多大意义。以下是一些访问模式:
$ar = array(
'firstname' => 'Joe',
'hello' => 'Hi there!'
);
$n = 'firstname'; // assign the string 'firstname' to $n
$x = $ar['firstname']; // $x becomes 'Joe'
$x = $ar[$n]; // also $x becomes 'Joe', because $n is 'firstname'
$x = $ar[$firstname]; // doesn't return anything, because the variable $firstname is not assigned. Will trigger a warning, too.
$firstname = 'hello'; // assign 'hello' to $firstname
$x = $ar[$firstname]; // $x becomes 'Hi there!'
$ar['hello'] = 'Good Bye.'; // Change $ar['hello']
$ar[$firstname] = 'So long!'; // Also changes $ar['hello']
您还有向后的转让声明。等号左侧的变量从右侧接收值。我想您希望将$_POST['firstname']
的内容保存在变量$firstname
中。这里有几行可能需要修复:
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
// ... etc ...
if(ctype_alnum($firstname)){
$clean['firstname'] = $firstname;
};