我正在设计一个带有PHP PDO的注册表单,供用户插入信息,然后通过PHPMyAdmin在同一个PHP网页中上传到数据库。
有了它,它的工作和验证工作。但我遇到的问题是,即使存在验证错误,例如所有字段都是空白的,在用户点击“提交”之后。表单仍然会通过,然后在数据库中插入一个空行。
我无法理解为什么表单会将信息插入数据库,即使出现错误。
<?php
ini_set("display_errors", 1);
error_reporting(E_ALL);
// First we execute our common code to connection to the database and start the session
require("common.php");
$usernameErr = $emailErr = $passwordErr = $password1Err = "";
$username = $email = $password = "";
///////////////////////////////////////////////////////////////////
if(!empty($_POST))
{
$usernamePOST = $_POST['username'];
$emailPOST = $_POST['email'];
$passwordPOST = $_POST['password'];
$password1POST = $_POST['password1'];
// Email validation
if (empty($_POST["email"])) {
$emailErr = "<p class='errorm'>Email is required</p>";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "<p class='errorm'>Invalid email format</p>";
}
}
//if (!filter_var($email, FILTER_VALIDATE_EMAIL)){
//echo "<p class='errorm'>Please enter a valid email address</p>";
//}
///////////////////////////////////////////////////////////////////
// Username validation
// Make sure the user entered a username
if (strlen($username) <= 6){
$usernameErr = "<p class='errorm'>Choose a Username longer then 7 characters</p>";
}
if (empty($_POST["username"])) {
$usernameErr = "<p class='errorm'>Username is required</p>";
} else {
$username = test_input($_POST["username"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$username)) {
$usernameErr = "<p class='errorm'>Only letters allowed</p>";
}
}
///////////////////////////////////////////////////////////////////
// Password validation
if (empty($_POST["password"])) {
$passwordErr = "<p class='errorm'>Password is required</p>";
} else {
$password = test_input($_POST["password"]);
}
// Password match
if ($_POST["password"] != $_POST["password1"]){
$password1Err = "<p class='errorm'>Passwords in both fields, don't match</p>";
}
// Password length
if (strlen($password) <= 5){
$passwordErr = "<p class='errorm'>Choose a Password longer then 6 characters</p>";
}
///////////////////////////////////////////////////////////////////
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
///////////////////////////////////////////////////////////////////
if(!isset($error)){
//no error
$sthandler = $db->prepare("SELECT username FROM users WHERE username = :username");
$sthandler->bindParam(':username', $username);
$sthandler->execute();
if($sthandler->rowCount() > 0){
header("refresh:10;url=index.php" );
echo "<p>Sorry, this Username already exists<p>";
echo '<p>You\'ll be redirected back to the Register page in about 10 secs. If this does not happen, please click <a href="index.php">here</a></p>';
//$errmsg_arr[] = "Username Already Exists";
//$errflag = true;
} else {
//Securly insert into database
$sql = 'INSERT INTO users (username, email, password) VALUES (:username,:email,:password)';
$query = $db->prepare($sql);
$query->execute(array(
':username' => $_POST['username'], ':email' => $_POST['email'], ':password' => $_POST['password']));
}
}
}
?>
答案 0 :(得分:1)
你没有在任何地方发现$ error变量。 如果发生验证错误,也不会在任何地方标记它 你必须做这样的事情
$error = false;
if(! check email fails)
$error = true.
依此类推所有领域。 插入行时检查错误变量设置为true