这是我正在使用的PHP块:
$reg = @$_POST['reg'];
$fn = "";
$ln = "";
$un = "";
$em = "";
$em2 = "";
$pswd = "";
$pswd2 = "";
$d = "";
$u_check = "";
$fn = strip_tags(@$_POST['fname']);
$ln = strip_tags(@$_POST['lname']);
$un = strip_tags(@$_POST['username']);
$em = strip_tags(@$_POST['email']);
$em2 = strip_tags(@$_POST['email2']);
$pswd = strip_tags(@$_POST['password']);
$pswd2 = strip_tags(@$_POST['password2']);
$d = date("Y-m-d"); //Year - Month - Day
if ($reg) {}
if ($em==$em2){}
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
$check = mysql_num_rows ($u_check);
if ($check == 0){}
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2){}
if ($pswd==$pswd2){}
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25){
echo "The maximum amount of character is 25! Please try again";
}
else
{
if (strlen($pswd)>30||strlen($pswd)<5){}
echo "Your password be between 5 and 30 characters long!";
}
else
{
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES (' ', '$un', '$fn', '$ln',
'$em','$pswd','$d','0')");
}
以下是其他两个陈述:
else
{
if (strlen($pswd)>30||strlen($pswd)<5){}
echo "Your password be between 5 and 30 characters long!";
}
else
{
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES (' ', '$un', '$fn', '$ln',
'$em','$pswd','$d','0')");
}
当我只有:
else
{
if (strlen($pswd)>30||strlen($pswd)<5){}
echo "Your password be between 5 and 30 characters long!";
}
我没有收到错误消息,但是当我添加:
else
{
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES (' ', '$un', '$fn', '$ln', '$em','$pswd','$d','0')");
}
刷新时收到此错误消息:
解析错误:第39行的C:\ xampp \ htdocs \ Socially \ index.php中的语法错误,意外的'else'(T_ELSE)
我正在使用YouTube教程,这是他输入的内容,他没有收到错误消息。这是链接:https://www.youtube.com/watch?v=EgqVNMTnmDQ&list=PLA7F9875BD031DC16&index=36
该视频于2013年完成。
如果有人可以帮助我,我们将不胜感激。
答案 0 :(得分:1)
if错误{打开控制块,}关闭它。例如:
if (strlen($pswd)>30||strlen($pswd)<5){}
当密码超过30个字符或小于5时,您什么都不做。(为什么还要将密码限制为30个字符?)
然后,无论条件如何,您都会回复该消息:
echo "Your password be between 5 and 30 characters long!";
附加说明:
您的控制块应缩进。
您不应将用户数据直接放入SQL查询中。这就是注射的发生方式。 strip_tags无法阻止SQL注入。
尝试:
<?php
$reg = @$_POST['reg'];
$fn = "";
$ln = "";
$un = "";
$em = "";
$em2 = "";
$pswd = "";
$pswd2 = "";
$d = "";
$u_check = "";
$fn = strip_tags(@$_POST['fname']);//dont use @, no need for error supression, resolve the errors.
$ln = strip_tags(@$_POST['lname']);
$un = strip_tags(@$_POST['username']);
$em = strip_tags(@$_POST['email']);
$em2 = strip_tags(@$_POST['email2']);
$pswd = strip_tags(@$_POST['password']);
$pswd2 = strip_tags(@$_POST['password2']);
$d = date("Y-m-d"); //Year - Month - Day
if ($reg) {}//does nothing
if ($em==$em2){}//does nothing
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
$check = mysql_num_rows ($u_check);
if ($check == 0){}//does nothing
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2){}//does nothing
if ($pswd==$pswd2){}//does nothing
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25){
echo "The maximum amount of character is 25! Please try again";
} else {
if (strlen($pswd)>30||strlen($pswd)<5){
echo "Your password be between 5 and 30 characters long!";
} else {
$pswd = md5($pswd); //should upgrade hashing algorithm
$pswd2 = md5($pswd2);//not used
$query = mysql_query("INSERT INTO users VALUES (' ', '$un', '$fn', '$ln',
'$em','$pswd','$d','0')");//open to SQL injections
}
}