如果字段无效,则阻止PHP输入输入

时间:2014-04-20 17:25:46

标签: php forms security

所以这是我的代码

    <?php
$con = mysqli_connect("localhost", "root", "xxx", "s");

// Check connection

if (mysqli_connect_errno())
    {
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }

$name = $con->real_escape_string($_POST['name']);
$username = $con->real_escape_string($_POST['username']);
$email = $con->real_escape_string($_POST['email']);
$password1 = $con->real_escape_string($_POST['pass1']);
$password2 = $con->real_escape_string($_POST['pass2']);

if (empty($name) || empty($username) || empty($email) || empty($password1) || empty($password2))
    {
    echo "Complete all fields";

    // you can stop it here instead of putting the curly brace ALL the way at the bottom :)

    return;
    }

if (!filter_var($email, FILTER_VALIDATE_EMAIL))
    {
    echo $emailvalid = "Enter a  valid email";
    }

if (strlen($password1) <= 6)
    {
    echo $passlength = "Password must be at least 6 characters long";
    }

// Password numbers

if (!preg_match("#[0-9]+#", $password1))
    {
    echo $passnum = "Password must include at least one number!";
    }

if (!preg_match("#[a-zA-Z]+#", $password1))
    {
    echo $passletter = "Password must include at least one letter!";
    }

if ($password1 <> $password2)
    {
    echo $passmatch = "Passwords don't match";
    }

mysqli_query($con, "INSERT INTO pass (Name,Username,Email,Password) VALUES ('$name','$username','$email','$password1')");
mysqli_close($con);
?>

即使字段有效,输入也会发送到数据库。有没有办法防止这种情况发生?所以说我的密码不匹配,它会将表单发送到数据库。我希望PHP停止这样做。有什么想法吗?

4 个答案:

答案 0 :(得分:0)

if(!(isset($emailvalid) || isset($passlength) || isset($passnum) || isset($passletter) || isset($passmatch))) {
    mysqli_query(...);
}

如果存在任何包含错误的变量,则大括号之间的代码不会运行。

答案 1 :(得分:0)

您的代码应该是:

    <?php
$con = mysqli_connect("localhost", "root", "xxx", "s");

// Check connection

if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

$name = $con->real_escape_string($_POST['name']);
$username = $con->real_escape_string($_POST['username']);
$email = $con->real_escape_string($_POST['email']);
$password1 = $con->real_escape_string($_POST['pass1']);
$password2 = $con->real_escape_string($_POST['pass2']);

if (empty($name) || empty($username) || empty($email) || empty($password1) || empty($password2))
{
echo "Complete all fields";

// you can stop it here instead of putting the curly brace ALL the way at the bottom :)

return;
}

if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
echo $emailvalid = "Enter a  valid email";
return;
}

if (strlen($password1) <= 6)
{
echo $passlength = "Password must be at least 6 characters long";
return;
}

// Password numbers

if (!preg_match("#[0-9]+#", $password1))
{
echo $passnum = "Password must include at least one number!";
return;
}

if (!preg_match("#[a-zA-Z]+#", $password1))
{
echo $passletter = "Password must include at least one letter!";
return;
}

if ($password1 <> $password2)
{
echo $passmatch = "Passwords don't match";
return;
}

mysqli_query($con, "INSERT INTO pass (Name,Username,Email,Password) VALUES         ('$name','$username','$email','$password1')");
mysqli_close($con);
?>

你忘了回报;每一个if语句。

答案 2 :(得分:0)

你可以尝试这样

   if (!$name < '' || ....)
   {
     echo "Complete all fields";

     return;      
   }

答案 3 :(得分:0)

您的代码应该像我正在做的事情。所以我准备错误,如果没有,我只是执行查询,如果有错误我显示它们。当然这是简化的,但你应该进行练习。 

<?php
$con = mysqli_connect("localhost", "root", "xxx", "s");

// Check connection

if (mysqli_connect_errno())
{
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

$name = $con->real_escape_string($_POST['name']);
$username = $con->real_escape_string($_POST['username']);
$email = $con->real_escape_string($_POST['email']);
$password1 = $con->real_escape_string($_POST['pass1']);
$password2 = $con->real_escape_string($_POST['pass2']);

$canExecute = true;
$errors = array();

if (empty($name) || empty($username) || empty($email) || empty($password1) || empty($password2))
{
    echo "Complete all fields";

    // you can stop it here instead of putting the curly brace ALL the way at the bottom :)
    return;
}

if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
    $errors[] = "Enter a  valid email";
    $canExecute = false;
}

if (strlen($password1) <= 6)
{
    $errors[] = "Password must be at least 6 characters long";
    $canExecute = false;
}

// Password numbers

if (!preg_match("#[0-9]+#", $password1))
{
    $errors[]= "Password must include at least one number!";
    $canExecute = false;
}

if (!preg_match("#[a-zA-Z]+#", $password1))
{
    $errors[] = "Password must include at least one letter!";
    $canExecute = false;
}

if ($password1 <> $password2)
{
    $errors[]= "Passwords don't match";
    $canExecute = false;
}

if ($canExecute)
{
    mysqli_query($con, "INSERT INTO pass (Name,Username,Email,Password) VALUES         ('$name','$username','$email','$password1')");
    mysqli_close($con);
}
else
{
    echo '<ul>';
    foreach ($errors as $error)
        echo '<li>'.$error.'</li>';
    echo '</ul>';
}
相关问题
最新问题