我自2013年以来就有一个网站。我已经注册了大约12k用户。从5个月开始,我注意到一些空白用户。他们收到用户代码,但“姓名”“姓氏”和“电子邮件”字段是空白
此事件每50/100个用户注册一次。为什么?我已经尝试了一切,但在所有测试中我都无法在没有数据的情况下注册。其他已进行测试的人也无法在没有插入数据的情况下注册。
这是形式:
<form action="script/****.php" method="post" onsubmit="return validate()">
<label for="name">Name</label>
<input type="text" id="name" name="name" <?php if($_REQUEST['name'] != "") echo "value='".$_REQUEST['name']."'"; ?> />
<label for="surname">Surname</label>
<input type="text" id="surname" name="surname" <?php if($_REQUEST['surname'] != "") echo "value='".$_REQUEST['surname']."'"; ?> />
<label for="email">Email</label>
<input type="email" id="email" name="email" <?php if($_REQUEST['email'] != "") echo "value='".$_REQUEST['email']."'"; ?> />
<label for="c_email">Retype Email</label>
<input type="email" id="c_email" name="c_email" />
<label for="password">Password</label>
<input type="password" id="password" name="password" />
<label for="c_password">Retype Password</label>
<input type="password" id="c_password" name="c_password" />
<input type="submit" value="registrati" />
</form>
这是在db:
上存储数据的代码<?php
function mt_rand_str ($length, $available = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz0123456789') {
for ($string = '', $i = 0; $i < $length; ++$i) {
$string .= $available[mt_rand(0, strlen($available)-1)];
}
return $string;
}
include('connection.php');
$con = connection();
$name = $_POST['name'];
$surname = $_POST['surname'];
$email = $_POST['email'];
$password = $_POST['password'];
$bonus = 10;
$today = new DateTime();
$signUpDate = $today->format('Y-m-d');
if(strpos($name,' ') !== false) {
echo "
<script>
alert('Nome non valido!');
window.location.href = '../signup.php';
</script>";
exit;
}
if(strpos($surname,' ') !== false) {
echo "
<script>
alert('Cognome non valido!');
window.location.href = '../signup.php';
</script>";
exit;
}
if(strpos($email,' ') !== false) {
echo "
<script>
alert('Email non valida!');
window.location.href = '../signup.php';
</script>";
exit;
}
if(strpos($password,' ') !== false) {
echo "
<script>
alert('Password non valida!');
window.location.href = '../signup.php';
</script>";
exit;
}
connectionCheck($con);
userDbCheck($con);
$checkEmail = mysqli_query($con,"Select * from Users_DB where email = '$email'");
if(!mysqli_fetch_assoc($checkEmail)) {
do {
$userCode = mt_rand_str(8);
}
while(mysqli_fetch_assoc(mysqli_query($con,"select * from Users_DB where binary UserCode = '$userCode'")));
$value = 20;
mysqli_query($con,"Insert into User_DB (UserCode,Name,Surname,Phone,Email,Password,SignUpDate,bonus)
values ('$userCode','$name','$surname','','$email','$password','$signUpDate','$bonus')");
}
else {
echo "
<script>
alert('Email exists already!');
window.location.href = '../signup.php';
</script>";
}
?>
我希望你能找到我没有的东西。正如你所看到的,我已经在php代码中加入了一些数据检查
所以我有
1)HTML5检查:type =“email”。我想在所有领域都加上“模式匹配”
2)JavaScript检查
3)PHP检查
我很绝望......
谢谢你。