为什么我无法检查输入并将数据注册到数据库中?

时间:2016-10-31 16:55:18

标签: php html wamp phpstorm

它不显示任何错误输出并验证输入字段。我不知道这段代码中发生了什么。希望有人可以弄清楚发生了什么。谢谢......

这里是数据库连接

<?php

    // this will avoid mysql_connect() deprecation error.
    error_reporting( ~E_DEPRECATED & ~E_NOTICE );
    // but I strongly suggest you to use PDO or MySQLi.

    define('DBHOST', 'localhost');
    define('DBUSER', 'root');
    define('DBPASS', '');
    define('DBNAME', 'loginquestdb');

    $conn = mysqli_connect(DBHOST,DBUSER,DBPASS);
    $dbcon = mysqli_select_db($conn,DBNAME);

    if ( !$conn ) {
        die("Connection failed : " . mysqli_error($conn));
    }

    if ( !$dbcon ) {
        die("Database Connection failed : " . mysqli_error($conn));
    }

这里是html代码:

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Coding Cage - Login & Registration System</title>
<link rel="stylesheet" href="assets/css/bootstrap.min.css" type="text/css"  />
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>

<div class="container">

    <div id="login-form">
    <form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">

        <div class="col-md-12">

            <div class="form-group">
                <h2 class="">Sign Up.</h2>
            </div>

            <div class="form-group">
                <hr />
            </div>

            <?php
            if ( isset($errMSG) ) {

                ?>
                <div class="form-group">
                <div class="alert alert-<?php echo ($errTyp=="success") ? "success" : $errTyp; ?>">
                <span class="glyphicon glyphicon-info-sign"></span> <?php echo $errMSG; ?>
                </div>
                </div>
                <?php
            }
            ?>

            <div class="form-group">
                <div class="input-group">
                <span class="input-group-addon"><span class="glyphicon glyphicon-user"></span></span>
                <input type="text" name="name" class="form-control" placeholder="Enter Name" maxlength="50" value="<?php echo $name ?>" />
                </div>
                <span class="text-danger"><?php echo $nameError; ?></span>
            </div>

            <div class="form-group">
                <div class="input-group">
                <span class="input-group-addon"><span class="glyphicon glyphicon-envelope"></span></span>
                <input type="email" name="email" class="form-control" placeholder="Enter Your Email" maxlength="40" value="<?php echo $email ?>" />
                </div>
                <span class="text-danger"><?php echo $emailError; ?></span>
            </div>

            <div class="form-group">
                <div class="input-group">
                <span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span>
                <input type="password" name="pass" class="form-control" placeholder="Enter Password" maxlength="15" />
                </div>
                <span class="text-danger"><?php echo $passError; ?></span>
            </div>

            <div class="form-group">
                <hr />
            </div>

            <div class="form-group">
                <button type="submit" class="btn btn-block btn-primary" name="btn-signup">Sign Up</button>
            </div>

            <div class="form-group">
                <hr />
            </div>

            <div class="form-group">
                <a href="index.php">Sign in Here...</a>
            </div>

        </div>

    </form>
    </div>  

</div>

</body>
</html>
<?php ob_end_flush(); ?>

这里是php代码:

<?php
    ob_start();
    session_start();
    if( isset($_SESSION['user'])!="" ){
        header("Location: home.php");
    }
    include_once 'dbconnect.php';

    $error = false;

    if ( isset($_POST['btn-signup']) ) {

        // clean user inputs to prevent sql injections
        $name = trim($_POST['name']);
        $name = strip_tags($name);
        $name = htmlspecialchars($name);

        $email = trim($_POST['email']);
        $email = strip_tags($email);
        $email = htmlspecialchars($email);

        $pass = trim($_POST['pass']);
        $pass = strip_tags($pass);
        $pass = htmlspecialchars($pass);

        // basic name validation
        if (empty($name)) {
            $error = true;
            $nameError = "Please enter your full name.";
        } else if (strlen($name) < 3) {
            $error = true;
            $nameError = "Name must have at least 3 characters.";
        } else if (!preg_match("/^[a-zA-Z ]+$/",$name)) {
            $error = true;
            $nameError = "Name must contain alphabets and space.";
        }

        //basic email validation
        if ( !filter_var($email,FILTER_VALIDATE_EMAIL) ) {
            $error = true;
            $emailError = "Please enter valid email address.";
        } else {
            // check email exist or not
            $query = "SELECT userEmail FROM users WHERE userEmail='$email'";
            $result = mysqli_query($query);
            $count = mysqli_num_rows($result);
            if($count!=0){
                $error = true;
                $emailError = "Provided Email is already in use.";
            }
        }
        // password validation
        if (empty($pass)){
            $error = true;
            $passError = "Please enter password.";
        } else if(strlen($pass) < 6) {
            $error = true;
            $passError = "Password must have at least 6 characters.";
        }

        // password encrypt using SHA256();
        $password = hash('sha256', $pass);

        // if there's no error, continue to signup
        if( !$error ) {

            $query = "INSERT INTO users(userName,userEmail,userPass) VALUES('$name','$email','$password')";
            $res = mysqli_query($query);

            if ($res) {
                $errTyp = "success";
                $errMSG = "Successfully registered, you may login now";
                unset($name);
                unset($email);
                unset($pass);
            } else {
                $errTyp = "danger";
                $errMSG = "Something went wrong, try again later...";   
            }   

        }


    }
?>

1 个答案:

答案 0 :(得分:0)

如果else为真,您将要添加$error语句以回显错误消息。

// if there's no error, continue to signup
if( !$error ) {
    $query = "INSERT INTO users(userName,userEmail,userPass) VALUES('$name','$email','$password')";
    $res = mysqli_query($dbcon, $query);

    if ($res) {
        $errTyp = "success";
        $errMSG = "Successfully registered, you may login now";
        unset($name);
        unset($email);
        unset($pass);
    } else {
        $errTyp = "danger";
        $errMSG = "Something went wrong, try again later...";   
    }   

} else {
    // if there's an error, display it
    echo $nameError . ' ' . $emailError . ' ' . $passError;
}

也许考虑使用数组来存储错误,因此哪个字段有错误并不重要,它会更容易格式化显示。例如,在您的名称验证码中:

// basic name validation
if (empty($name)) {
    $error = true;
    $errorMsgs[] = "Please enter your full name.";
} else if (strlen($name) < 3) {
    $error = true;
    $errorMsgs[] = "Name must have at least 3 characters.";
} else if (!preg_match("/^[a-zA-Z ]+$/",$name)) {
    $error = true;
    $errorMsgs[] = "Name must contain alphabets and space.";
}

// in your if/else statement
if(!$error){
    // code here
} else {
    foreach($errorMsgs as $e){
        echo $e . "<br />";
    }
}