我正在尝试使用某些表单验证,但即使数据不正确且无法验证,我的脚本也会注册用户。
此外,我应该写什么,以便它可以检查用户是否已经在数据库中并返回错误,如果是这样的话?
例如,如果我只是在所有文本框中键入“aaaa”,它将注册用户。如果用户输入了错误的数据(格式错误),应该出现错误消息,并且在用户输入正确的数据之前不应该注册。但无论我输入什么内容,它都会注册用户,就好像没有写入验证一样。
<?php
include "db.php";
// define variables and set to empty values
$nameErr = $emailErr = $genderErr = $passwordErr = $cpasswordErr = "";
$cpassword = "";
$cust_email = $cust_username = $cust_password = $cust_fullname = $cust_country = $cust_dob = $cust_gender = $cust_phone = "";
if (isset($_POST["btnsignup"])) {
//Username Validation
if (empty($_POST["txtcust_username"])) {
$nameErr = "Name is required";
} else {
$cust_username = test_input($_POST["txtcust_username"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z0-9]*$/", $cust_username)) {
$nameErr = "Only letters, numbers are allowed and no white space allowed";
}
}
//Email Validation
if (empty($_POST["txtcust_email"])) {
$emailErr = "Email is required";
} else {
$cust_email = test_input($_POST["txtcust_email"]);
// check if e-mail address is well-formed
if (!filter_var($cust_email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
}
//Password Validation
if (!empty($_POST["txtcust_password"]) && ($_POST["txtcust_password"] == $_POST["txtcust_cpassword"])) {
$cust_password = test_input($_POST["txtcust_password"]);
$cust_cpassword = test_input($_POST["txtcust_cpassword"]);
if (strlen($_POST["txtcust_password"]) <= '6') {
$passwordErr = "Your Password Must Contain At Least 6 Characters!";
} elseif (!preg_match("#[0-9]+#", $cust_password)) {
$passwordErr = "Your Password Must Contain At Least 1 Number!";
} elseif (!preg_match("#[A-Z]+#", $cust_password)) {
$passwordErr = "Your Password Must Contain At Least 1 Capital Letter!";
} elseif (!preg_match("#[a-z]+#", $cust_password)) {
$passwordErr = "Your Password Must Contain At Least 1 Lowercase Letter!";
}
} elseif (!empty($_POST["txtcust_password"])) {
$cpasswordErr = "Please Check You've Entered Or Confirmed Your Password!";
}
$cust_fullname = $_POST['txtcust_fullname'];
$cust_country = $_POST['txtcust_country'];
$cust_dob = $_POST['txtcust_dob'];
$cust_gender = $_POST['txtcust_gender'];
$cust_phone = $_POST['txtcust_phone'];
//Insert Into Table
$insert = "INSERT INTO customer (cust_email,cust_username,cust_password,cust_fullname,cust_country,cust_dob,cust_gender,cust_phone)
VALUES ('$cust_email','$cust_username','$cust_password','$cust_fullname','$cust_country','$cust_dob','$cust_gender','$cust_phone') ";
$run = mysqli_query($conn, $insert);
if ($run) {
setcookie("Name", $cust_username);
header("Location: home.php");
} else
echo "User has not been Add";
}
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
答案 0 :(得分:0)
TL; DR 您进行了大量验证并设置了一堆错误消息,但随后忽略了所有这些并运行INSERT无论如何。添加if / else语句来处理验证错误或执行插入操作。
让我们打破这个局面。您的代码并非Minimal, Complete, and Verifiable Example,但我们可以将其合并为一个代码。删除所有不必要的东西,你的代码基本上是这样的:
<?php
include "db.php";
// initializing some variables
// ...
// a bunch of validation stuff, where you set
// variables like $nameErr and $emailErr
// ...
// logic where you initialize $cust_fullname, $cust_country, etc.
// ...
/***************************************************************
* The database insertion, without ever checking whether
* the data validated!
***************************************************************/
//Insert Into Table
$insert = "INSERT INTO customer (cust_email,cust_username,cust_password,cust_fullname,cust_country,cust_dob,cust_gender,cust_phone)
VALUES ('$cust_email','$cust_username','$cust_password','$cust_fullname','$cust_country','$cust_dob','$cust_gender','$cust_phone') ";
$run = mysqli_query($conn,$insert);
// more code not relevant here...
?>
因此,无论验证阶段发生了什么,您都可以运行INSERT。这是你的问题。
关于您的第二个问题(如何检查现有用户),这个网站的范围有点广泛,您通常一次只能问一个问题。请先尝试一下,如果你遇到问题,请将其作为第二个问题发布。