php - 我的表单没有验证

时间:2013-10-21 20:32:43

标签: php validation

http://patti-bee2.dcccd.edu/coleman/wonder%20penguin/php/register.php

以下是表单应该如何工作---它应该为以前没有访问过该站点的人使用粘性标签,并为其提供一些默认值。当您提交表单时,它应该在页面上进行验证并刷新是否存在问题,如果一切正确,则应该将您重定向到另一个包含结果的页面。 (我不需要放在那里,因为我百分之百不是问题。)

你觉得怎么了?我接近老师的代码。

当我提交代码时,我所做的就是我的页面只是闪烁然后返回。

<?php


ob_start();
    if (isset($_POST['submit'])) {

    $valid = true;
    $validate = true;

    $username = trim($_REQUEST['username']);
    $email = trim($_REQUEST['email']);
    $password = trim($_REQUEST['password']);
}
else
{ 
    $username = "";
    $email = "";
    $password = "";
    $valid = false;
    $validate = false;
}
?>
<html>
<body>
<form method="post" action="register.php">
<label for="username"> Username </label><input type="text" name="username" id="username"
 value="<?php echo $username ?>">
<?php   if ($validate) {
    if (empty($username)) { 
        echo "<p> There must be a username! </p>";
        $valid = false;
        }
    if (strlen($username) > 15) { 
        echo "<p> This username is too long! It must be 8-15 characters long! </p>";
        $valid = false;
    }
    if (strlen($username) < 8) {
        echo "<p> This username is too short! It must be 8-15 characters long! </p>";
        $valid = false;
    }
    } 
    ?>
<label for="email">E-Mail </label><input type="email" name="email" id="email"
 value="<?php echo $email ?>">
<?php  if ($validate) {
    if (empty($email)) {
        echo "<p> We need an email! </p>";
        $valid = false;
    }
}
?>
<label for="password">Password </label><input type="text" name="password" id="password" 
value="<?php echo $password ?>">
<?php if ($validate) {
    if (empty($password)) {
        echo "<p> We need a password! </p>";
        $valid = false;
    }
}
?>
<input type="submit" value="Register!" />
</form>
<?php
    if ($valid) { 
        require_once 'config/connection.php';

        $query = "INSERT INTO user (username, email, password) values ( $username, $email, $password);";
        $result = mysql_query($query, $dbConn);     
        if ($result) {
            $userid = mysql_insert_id();        
            header("Location:success.php?userid=$userid");
            ob_end_clean();
            exit();
        } else {
            echo "<p> Unable to Update Database! </p>";
        }
    }
    ob_end_flush();
    ?>
</body>
</html>

4 个答案:

答案 0 :(得分:0)

看起来你没有success.php页面,但你有一个/registersuccessful.php页面

改变这个:

if ($result) {
            $userid = mysql_insert_id();        
            header("Location:success.php?userid=$userid");
            ob_end_clean();
            exit();

到这个

if ($result) {
            $userid = mysql_insert_id();        
            header("Location:registersuccessful.php?userid=$userid");
            ob_end_clean();
            exit();

答案 1 :(得分:0)

您检查$ _POST ['submit'],但此元素未提交。将name ='submit'添加到您的提交按钮(或更好,给它另一个名称,如btnSubmit,并在_POST中检查这一点):

答案 2 :(得分:0)

您的提交按钮似乎没有name属性,因此isset($_POST['submit'])永远不会为真。

尝试提交提交按钮name="submitted"并检查isset($_POST['submitted'])

编辑:

请参阅此帖子,了解为什么不建议命名提交按钮“提交”: Why Form Elements should not be named submit?

  

“......当你创建一个名为submit的元素时,它会覆盖表单   内置的submit()方法......“

答案 3 :(得分:0)

您容易受SQL injection attacks攻击,并且还有SQL语法错误。即使代码确实达到了您的INSERT查询,查询也会因错误而失败:

    $query = "INSERT [...snip...] values ('$username', '$email', '$password');";
                                          ^--       ^--^--    ^--^--       ^--

没有引用任何插入的值。

相关问题
最新问题