Question

我这里有一个注册页面。它应首先验证以下内容：

如果已使用用户名。
如果还使用了电子邮件地址。

在继续保存数据库并转到欢迎页面或主页之前。

但目前正在发生的事情是 - 它没有验证，它保存并继续到欢迎页面/主页。

<?php
session_start();
$_SESSION['message'] = '';
$mysqli = new mysqli("localhost", "root", "", "condbpost");

if (isset($_POST['btn-register'])) {
    $error = false;

    //set all the post variables
    $username = $mysqli->real_escape_string($_POST['username']);
    $email = $mysqli->real_escape_string($_POST['email']);
    $password = md5($_POST['password']); //md5 has password for security

    // basic name validation
    if (strlen($username) < 3) {
        $error = true;
        $_SESSION['message'] = 'Username too short. Minimum of 4 characters';
    }else {
        // check email exist or not
        $sql = "SELECT username FROM users WHERE username='$username'";
        $result = mysqli_query($sql);
        if(mysqli_num_rows($result)!=0) {
            $error = true;
            $_SESSION['message'] = 'Username already used.';
        }
    }    

    //two passwords are equal to each other
    if ($_POST['password'] != $_POST['confirmpassword']) {
        $error = true;
        $_SESSION['message'] = 'Password mismatched';
    } 

    //basic email validation
    if (!filter_var($email,FILTER_VALIDATE_EMAIL) ) {
        $error = true;
        $_SESSION['message'] = 'Enter valid email.';
    } else {
        // check email exist or not
        $sql = "SELECT email FROM users WHERE username='$email'";
        $result = mysqli_query($sql);
        if(mysqli_num_rows($result)!=0) {
            $error = true;
            $_SESSION['message'] = 'Email already used.';
        }
    }

    if(!$error) {
        //insert user data into database
        $sql = "INSERT INTO users (username, email, password) "
             . "VALUES ('$username', '$email', '$password')";

        //if the query is successsful, redirect to welcome.php page, done!
        if ($mysqli->query($sql) === true){
            $_SESSION['message'] = "Registration succesful! Added $username to the database!";
            header("location: welcome.php");
        }
        else {
            $_SESSION['message'] = 'User could not be added to the database!';
        }
        $mysqli->close();  
    }

}
?>

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>

<body>
<h1>Create an account</h1>
    <form method="post" autocomplete="off">

        <div class="alert alert-error"><?= $_SESSION['message'] ?></div>

        <p><input type="text" placeholder="User Name" name="username" required /></p>
        <p><input type="email" placeholder="Email" name="email" required /></p>
        <p><input type="password" placeholder="Password" name="password" required /></p>
        <p><input type="password" placeholder="Confirm Password" name="confirmpassword" required /></p>
        <p><input type="submit" value="Register" name="btn-register" class="btn btn-block btn-primary" /></p>
    </form>

</body>
</html>

PHP - 它没有验证，它继续保存数据库上的数据

0 个答案: