我有jQuery的客户端验证表单,效果很好。但是出于安全原因,我想为没有JavaScript的用户添加服务器端验证(php)。我创建了一些函数和数组" errors",其中记录了错误。提交后我想运行验证。如果未记录任何错误,请继续,如果有错误退出脚本。但是那部分不起作用,它总是继续下去。我的剧本:
if (isset($_POST['submit'])) {
require_once 'verify_form.php';
$errors = array(
'username' => null,
'password1' => null,
'password2' => null,
'email1' => null,
'email2' => null,
'age' => null
);
validate_all($errors);
if(empty($errors['username']) && empty($errors['password1']) && empty($errors['password2']) && empty($errors['email1']) && empty($errors['email2']) && empty($errors['age'])) {
//do something
} else {
$_SESSION['errorsArray'] = $errors;
header('Location: /registracia');
exit;
}
}
verify_form.php
<?php
function validate_all($errors)
{
validUsername($errors);
validPassword1($errors);
validPassword2($errors);
validEmail1($errors);
validEmail2($errors);
validAge($errors);
}
function validUsername($errors)
{
include 'config.php';
$username=$_POST['usernameReg'];
if (strlen($username) < 3 || strlen($username) > 16) {
$errors['username'] = "Zadajte uživateľské meno v rozmedzí 3 - 16 znakov.";
}
$query = "SELECT * FROM `users` WHERE `username` = '$username'";
$result = mysqli_query($link, $query) or die(mysqli_error($link));
if (mysqli_num_rows($result) > 1) {
$errors['username'] = "Toto uživateľské meno už niekto používa.";
}
}
function validPassword1($errors)
{
$password1=$_POST['password1Reg'];
$regex = '/^([a-zA-Z]|[0-9]|[-]|[_]|[/]|[.])+([a-zA-Z]|[0-9]|[-]|[_]|[/]|[.])+([a-zA-Z]|[0-9]|[-]|[_]|[/]|[.])$/';
if (!preg_match($regex, $password1)) {
$errors['password1'] = 'Vaše heslo obsahuje nepovolené znaky.';
}
if (strlen($password1) < 6) {
$errors['password1'] = 'Heslo musí obsahovať minimálne 6 znakov.';
}
}
function validPassword2($errors)
{
$password2=$_POST['password2'];
if ($password1 != $password2) {
$errors['password2'] = 'Zadané heslá sa nezhodujú.';
}
}
function validEmail1($errors)
{
include 'config.php';
$email1=$_POST['email1'];
$regex = "/[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?/";
if (!preg_match($regex, $email1)) {
$errors['email1'] = 'Neplatná e-mailová adresa.';
}
$query = "SELECT * FROM `users` WHERE `email` = '$email1'";
$result = mysqli_query($link, $query) or die(mysqli_error($link));
if (mysqli_num_rows($result) > 1) {
$errors['email1'] = "Tento e-mail už niekto používa.";
}
}
function validEmail2($errors)
{
$email2=$_POST['email2'];
if ($email1 != $email2) {
$errors['email2'] = 'Zadané e-maily sa nezhodujú.';
}
}
function validAge($errors)
{
$age=$_POST['age'];
$regex = "/^([0-9]|[0-9][0-9])$/";
if (!preg_match($regex, $age)) {
$errors['age'] = 'Vek musí byť číslo v rozsahu od 0-99.';
}
}
?>
为什么脚本会一直继续?
答案 0 :(得分:2)
您已将$errors数组传递到validUsername()函数中。该函数实际上并没有接收原始数组,而是获得了它的副本。您正在修改副本,但永远不会修改原始副本。以下是一个较小的示例,向您展示其工作原理:
function addCheese(Array $arr)
{
$arr[] = 'cheese';
}
$a = array();
addCheese($a);
var_dump($a);
// Outputs:
// array(0) {
// }
解决此问题的一种方法是修改每个验证函数以返回修改后的数组:
function validSomething($errors)
{
// ... do validation checks
return $errors;
}
...然后将更新后的版本分配给外部值:
function validate_all($errors)
{
$errors = validUsername($errors);
$errors = validPassword1($errors);
$errors = validPassword2($errors);
$errors = validEmail1($errors);
$errors = validEmail2($errors);
$errors = validAge($errors);
return $errors;
}
或者,您可以返回本地错误数组并将它们组合在一起,或者只是通过引用传递(尽管这可能会在以后引起其他问题)。
我强烈建议您使用某种框架进行验证:从长远来看,这将为您节省大量时间。
答案 1 :(得分:1)
函数validEmail2($ errors)没有定义... $ email1未定义且永远是!= $ _POST [&#39; email2&#39;]
答案 2 :(得分:0)
您需要为$ errors提供有效的函数指针。例如
function validUsername(&amp; $ errors)