服务器端验证不起作用

时间:2014-07-14 12:50:50

标签: php server-side-validation

我有jQuery的客户端验证表单,效果很好。但是出于安全原因,我想为没有JavaScript的用户添加服务器端验证(php)。我创建了一些函数和数组" errors",其中记录了错误。提交后我想运行验证。如果未记录任何错误,请继续,如果有错误退出脚本。但是那部分不起作用,它总是继续下去。我的剧本:

if (isset($_POST['submit'])) {
        require_once 'verify_form.php';
        $errors = array(
            'username' => null,
            'password1' => null,
            'password2' => null,
            'email1' => null,
            'email2' => null,
            'age' => null

        );
        validate_all($errors);
        if(empty($errors['username']) && empty($errors['password1']) && empty($errors['password2']) && empty($errors['email1']) && empty($errors['email2']) && empty($errors['age'])) {
//do something
        } else {
            $_SESSION['errorsArray'] = $errors;
            header('Location: /registracia');
            exit;
        }  
    } 

verify_form.php

<?php

function validate_all($errors)
{
    validUsername($errors);
    validPassword1($errors);
    validPassword2($errors);
    validEmail1($errors);
    validEmail2($errors);
    validAge($errors);

}

function validUsername($errors)
{
    include 'config.php';
    $username=$_POST['usernameReg'];
    if (strlen($username) < 3 || strlen($username) > 16) {
        $errors['username'] = "Zadajte uživateľské meno v rozmedzí 3 - 16 znakov.";
    } 
        $query = "SELECT * FROM `users` WHERE `username` = '$username'";
        $result = mysqli_query($link, $query) or die(mysqli_error($link));
        if (mysqli_num_rows($result) > 1) {
            $errors['username'] = "Toto uživateľské meno už niekto používa.";

    }
}

function validPassword1($errors)
{
    $password1=$_POST['password1Reg'];
    $regex = '/^([a-zA-Z]|[0-9]|[-]|[_]|[/]|[.])+([a-zA-Z]|[0-9]|[-]|[_]|[/]|[.])+([a-zA-Z]|[0-9]|[-]|[_]|[/]|[.])$/';
    if (!preg_match($regex, $password1)) {
        $errors['password1'] = 'Vaše heslo obsahuje nepovolené znaky.';
    }
    if (strlen($password1) < 6) {
        $errors['password1'] = 'Heslo musí obsahovať minimálne 6 znakov.';
    }
}

function validPassword2($errors)
{
    $password2=$_POST['password2'];
    if ($password1 != $password2) {
        $errors['password2'] = 'Zadané heslá sa nezhodujú.';
    }

}

function validEmail1($errors)
{
    include 'config.php';
    $email1=$_POST['email1'];
    $regex = "/[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?/";
    if (!preg_match($regex, $email1)) {
        $errors['email1'] = 'Neplatná e-mailová adresa.';
    }
    $query = "SELECT * FROM `users` WHERE `email` = '$email1'";
    $result = mysqli_query($link, $query) or die(mysqli_error($link));
    if (mysqli_num_rows($result) > 1) {
        $errors['email1'] = "Tento e-mail už niekto používa.";
    }

}

function validEmail2($errors)
{
    $email2=$_POST['email2'];
    if ($email1 != $email2) {
        $errors['email2'] = 'Zadané e-maily sa nezhodujú.';
    }

}

function validAge($errors)
{
    $age=$_POST['age'];
    $regex = "/^([0-9]|[0-9][0-9])$/";
    if (!preg_match($regex, $age)) {
        $errors['age'] = 'Vek musí byť číslo v rozsahu od 0-99.';
    }

}




?>

为什么脚本会一直继续?

3 个答案:

答案 0 :(得分:2)

您已将$errors数组传递到validUsername()函数中。该函数实际上并没有接收原始数组,而是获得了它的副本。您正在修改副本,但永远不会修改原始副本。以下是一个较小的示例,向您展示其工作原理:

function addCheese(Array $arr)
{
    $arr[] = 'cheese';
}

$a = array();
addCheese($a);
var_dump($a);
// Outputs:
// array(0) {
// }

解决此问题的一种方法是修改每个验证函数以返回修改后的数组:

function validSomething($errors)
{
    // ... do validation checks
    return $errors;
}

...然后将更新后的版本分配给外部值:

function validate_all($errors)
{
    $errors = validUsername($errors);
    $errors = validPassword1($errors);
    $errors = validPassword2($errors);
    $errors = validEmail1($errors);
    $errors = validEmail2($errors);
    $errors = validAge($errors);
    return $errors;
}

或者,您可以返回本地错误数组并将它们组合在一起,或者只是通过引用传递(尽管这可能会在以后引起其他问题)。

我强烈建议您使用某种框架进行验证:从长远来看,这将为您节省大量时间。

答案 1 :(得分:1)

函数validEmail2($ errors)没有定义... $ email1未定义且永远是!= $ _POST [&#39; email2&#39;]

答案 2 :(得分:0)

您需要为$ errors提供有效的函数指针。例如

function validUsername(&amp; $ errors)