我对php场景很新,但是因为我一直在搜索这段代码可能出错的几个小时,所以我很茫然。出于某种原因,db中的FILTER_VALIDATE_EMAIL和唯一电子邮件检查不起作用,它们将被完全跳过。我知道这一点,因为当提交表单时,它会在最后catch(PDOExceptions $ex)上显示错误(未显示听到但在下面的最后一段代码之后),而不是之前显示的任何其他错误(显示在此处) )。在尝试将表单数据插入db之前,不会发生错误(或显示错误)。由于电子邮件索引是唯一的,因此不允许重复插入。所以查询很难运行die()。我试图发布电子邮件无效或已在表单上使用过但没有die()的消息。
首先,我设置提交空输入的条件,并对所有其他输入重复错误处理,如'fname'所示。
if (isset($_POST['submit'])) {
if(empty($_POST['fname']) ||
empty($_POST['lname']) ||
empty($_POST['email']) ||
empty($_POST['password']))
{
if(empty($_POST['fname']))
{
$fnamerr = "<font color=\"red\">Please enter your first name</font>";
}
然后我验证!空:
}
else if (!empty($_POST['fname']) &&
!empty($_POST['lname']) &&
!empty($_POST['email']) &&
!empty($_POST['password']))
{
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
$emailerr = "<font color=\"red\">Please enter a valid email address</font>";
}
$query = "
SELECT
1
FROM users
WHERE
email = :email
";
$query_params = array(
':email' => $_POST['email']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die ("Failed to run query: " . $ex->getMessage());
}
$row = $stmt->fetch();
if($row)
{
$emailerr = "<font color=\"red\">This email address is already registered</font>";
}
这段代码有什么问题?或者可能是完全跳过db中的FILTER_VALIDATE_EMAIL和唯一电子邮件检查的原因? 提前谢谢。
答案 0 :(得分:0)
http://php.net/manual/en/function.filter-var.php会返回过滤后的值,所以
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if(false !== $email) {
$query = "
SELECT
1
FROM users
WHERE
email = :email
";
$query_params = array(
':email' => $email
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die ("Failed to run query: " . $ex->getMessage());
}
$row = $stmt->fetch();
if($row) {
$emailerr = "<font color=\"red\">This email address is already registered</font>";
}
else {
// ...insert record...
}
}
else {
$emailerr = "<font color=\"red\">Please enter a valid email address</font>";
}
答案 1 :(得分:0)
对于那些可能正在寻找相同信息的人来说,我终于想通了。
if (isset($_POST['submit']))
{
if(empty($_POST['fname']) ||
empty($_POST['lname']) ||
empty($_POST['email']) ||
empty($_POST['password']))
{
if(empty($_POST['fname']))
{
$fnamerr = "<font color=\"red\">Please enter your first name</font>";
}
同样,如果它们是空的,我为姓氏,电子邮件和密码做了同样的事情。然后:
} else if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
$emailerr = "<font color=\"red\">Please enter a valid email address</font>";
$submitted_firstname = htmlentities($_POST['fname'], ENT_QUOTES, 'UTF-8');
$submitted_lastname = htmlentities($_POST['lname'], ENT_QUOTES, 'UTF-8');
$submitted_email = htmlentities($_POST['email'], ENT_QUOTES, 'UTF-8');
} else if (!empty($_POST['fname']) &&
!empty($_POST['lname']) &&
!empty($_POST['email']) &&
!empty($_POST['password']))
{
$query = "
SELECT
1
FROM users
WHERE
email = :email
";
$query_params = array(
':email' => $_POST['email']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die ("Failed to run query: " . $ex->getMessage());
}
$row = $stmt->fetch();
if ($row)
{
$emailerr2 = "<font color=\"red\">This email address is already registered</font>";
$submitted_firstname = htmlentities($_POST['fname'], ENT_QUOTES, 'UTF-8');
$submitted_lastname = htmlentities($_POST['lname'], ENT_QUOTES, 'UTF-8');
$submitted_email = htmlentities($_POST['email'], ENT_QUOTES, 'UTF-8');
} else
{
然后我运行代码将信息插入到db表中。这非常有效。希望没有别的东西出现。感谢您的评论和帮助。