要完成我的网站,我想添加一个登录功能。一切顺利,然后我决定在表单中添加一些php验证。大多数编码都是由dreamweaver本身完成的,但是我添加了验证if-questions和那个错误。 每次填写表单时,我都会收到一条错误消息,说我的密码需要有8个字符,无论它有多少个字符。如果我摆脱这个问题,那就是说错误变量是未定义的。如果我然后使用isset()修复该问题,它似乎跳过以下两个if-questions。 我希望我能够理解我的观点并期待回应,因为我现在对这段代码感到有点沮丧:P
谢谢, Jan
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ?mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
// *** Redirect if username exists
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
$MM_dupKeyRedirect="registrationFailed.php";
$loginUsername = $_POST['email'];
$LoginRS__query = sprintf("SELECT Email FROM `Start-Login` WHERE Email=%s", GetSQLValueString($loginUsername, "text"));
mysql_select_db($database_login, $login);
$LoginRS=mysql_query($LoginRS__query, $login) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
//if there is a row in the database, the username was found - can not add the requested username
if($loginFoundUser){
$MM_qsChar = "?";
//append the username to the redirect page
if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
$MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;
header ("Location: $MM_dupKeyRedirect");
exit;
}
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if (empty($_POST) === false) {
$required_fields = array('name', 'email', 'password', 'passwordconfirm');
foreach ($_POST as $key=>$value) {
if (empty($value) && in_array($key, $required_fields) === true) {
$errors[] = 'Please fill out all requiered fields';
$lul = true;
break 1;
}
}
}
if (empty($errors) === true) {
if (strlen(isset($_POST['password'])) < 8) {
$errors[] = 'Your password must be at least 8 characters long';
$lil = true;
}
if (isset($_POST['password']) !== isset($_POST['passwordconfirm'])) {
$errors[] = 'Your passwords do not match';
$lil = true;
}
if (filter_var(isset($_POST['email']), FILTER_VALIDATE_EMAIL)) {
$errors[] = 'You must provide a valid email address';
$lil = true;
}
}
isset($errors);
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form") && (isset($lul) === false) && (isset($lil) === false)) {
$insertSQL = sprintf("INSERT INTO `Start-Login` (Email, Password, Name, `role`) VALUES (%s, %s, %s, %s)",
GetSQLValueString($_POST['email'], "text"),
GetSQLValueString($_POST['password'], "text"),
GetSQLValueString($_POST['name'], "text"),
GetSQLValueString($_POST['role'], "text"));
mysql_select_db($database_login, $login);
$Result1 = mysql_query($insertSQL, $login) or die(mysql_error());
$insertGoTo = "login.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
} else {
echo '<pre>', print_r($_POST, true), '</pre>';
echo '<pre>', print_r($errors, true), '</pre>';
}
答案 0 :(得分:1)
if (strlen(isset($_POST['password'])) < 8) {
你会尝试strlen on和boolean 所以试着
if(isset($_POST['password'] && strlen($_POST['password']) < 8) {
此外你这样做
if (isset($_POST['password']) !== isset($_POST['passwordconfirm'])) {
执行不检查密码是否等于,检查是否有一个密码,一个不是 这应该是这样的
if (isset($_POST['password'],$_POST['passwordconfirm'])
&& $_POST['password'] !== $_POST['passwordconfirm']) {
同样在这里
if (filter_var(isset($_POST['email']), FILTER_VALIDATE_EMAIL)) {
应该是
if (isset($_POST['email']) && !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {