我制作了一个成功的注册/登录脚本,用于Android设备。我是PHP的新手,所以请耐心等待。
<?php
require "init.php";
header('Content-type: application/json');
$email = $_POST['email'];
$user_name = $_POST['user_name'];
$user_pass = $_POST['user_pass'];
$msg = "Congratulations. You are now registered to the most amazing app
ever!";
$passwordEncrypted = sha1($user_pass);
if($email && $user_name && $user_pass){
$sql_query = "select * from user_info WHERE email ='".mysqli_real_escape_string($con, $email)."' or user_name
='".mysqli_real_escape_string($con, $user_name)."'";
$result = mysqli_query($con, $sql_query);
$results = mysqli_num_rows($result);
if ($results){
$don = array('result' =>"fail","message"=>"Email or username exists.");
}else{
$sql_query = "insert into user_info values('$email','$user_name','$passwordEncrypted');";
if(mysqli_query($con,$sql_query)){
$don = array('result' =>"success","message"=>"Successfully registered!Well done");
//mail($email,"Well done",$msg);
}
}
}else if(!$email || (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))){
$don = array('result' =>"fail","message"=>"Please enter a valid email");
}else if(!$user_name){
$don = array('result' =>"fail","message"=>"Please enter your username");
}else if(!$user_pass){
$don = array('result' =>"fail","message"=>"Please enter a password");
}
}
echo json_encode($don);
?>
使用上面的代码,电子邮件未经过验证,即使用户输入theo而不是&#34; theo@gmail.com"
,也会转到数据库。答案 0 :(得分:1)
您将通过此if语句插入数据库:
if($email && $user_name && $user_pass){
这只会检查$email变量是否设置 ,而不是它是否有效。
除非$email变量是有效的电子邮件,否则将该行更改为不激活:
if($email && $user_name && $user_pass && filter_var($email, FILTER_VALIDATE_EMAIL)){
答案 1 :(得分:1)
在表单提交之前进行电子邮件验证是常规的,原因显而易见:在提交表单信息并加载下一页之前,最好先收到表单信息格式错误的警告。所以人们通常会使用Javascript。您可以在Internet上找到很多关于如何执行此操作的页面。这是一个:http://www.randomsnippets.com/2008/04/01/how-to-verify-email-format-via-javascript/
但是如果你致力于用PHP做到这一点,Kahan就会得到你的解决方案。