我正面临着使用php进行服务器端验证的问题。问题是,即使有效值,它也始终显示验证错误消息。例如,在用户名字段中,如果我输入的内容不包含特殊符号,它仍会输入if语句并显示错误消息:"用户名不得包含特殊字符"。正则表达式似乎工作正常,所以我认为这是一个逻辑错误。这是我的PHP代码:
<?php
/**
* Include our MySQL connection.
*/
require 'connect.php';
$error = '';
try {
//If the POST var "register" exists (our submit button), then we can
//assume that the user has submitted the registration form.
if (isset($_POST['register'])) {
$form = $_POST;
$username = $form['username'];
$password = $form['password'];
$firstName = $form['firstName'];
$lastName = $form['lastName'];
$address = $form['address'];
$email = $form['email'];
$age = $form['age'];
$phone = $form['phone'];
//Retrieve the field values from our registration form.
$username = !empty($_POST['username']) ? trim($_POST['username']) : null;
$password = !empty($_POST['password']) ? trim($_POST['password']) : null;
//TO ADD: Error checking (username characters, password length, etc).
//Basically, you will need to add your own error checking BEFORE
//the prepared statement is built and executed.
//Validations username
if (strlen($username) < 4 || strlen($username) > 8 || empty($username)) {
throw new Exception("User name must be between 4 an 8 symbols.");
}
$patern = '[A-Za-z0-9]+';
if (!preg_match($patern, $form['username'])) {
throw new Exception("User name must not contains Special characters.");
}
$patern = '^(([^<>()\[\]\.,;:\s@\"]+(\.[^<>()\[\]\.,;:\s@\"]+)*)|(\".+\"))@(([^<>()[\]\.,;:\s@\"]+\.)+[^<>()[\]\.,;:\s@\"]{2,})$';
//Validation email
if (!preg_match($patern, $email)) {
throw new Exception("Please fill valid email.");
}
//Validation password
if (strlen($password < 8 || strlen($password > 15) || empty($password))) {
throw new Exception("Password must be between 8 an 15 symbols.");
}
$patern = '(?=(.*\d){2,})(?=.*[A-Z]{1,})(?=.*[a-zA-Z]{2,})(?=.*[!@~#$%^&?]{1,})[0-9a-zA-Z!@~#?$^%&`]{8,15}';
if (!preg_match($patern, $password)) {
throw new Exception("Password must contains at least 1 special symbol at least 1 uppercase letter at least 2 numbers at least 3 letters.");
}
if (strlen($password < 8 || strlen($password > 15) || empty($password))) {
throw new Exception("Password must contains at least 1 special symbol at least 1 uppercase letter at least 2 numbers at least 3 letters.");
}
if (strlen($phone) != 10) {
throw new Exception("Phone must be 10 numbers.");
}
//Now, we need to check if the supplied username already exists.
//Construct the SQL statement and prepare it.
$sql = "SELECT COUNT(username) AS num FROM users WHERE username = :username";
$stmt = $pdo->prepare($sql);
//Bind the provided username to our prepared statement.
$stmt->bindValue(':username', $username);
//Execute.
$stmt->execute();
//Fetch the row.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
//If the provided username already exists - display error.
//TO ADD - Your own method of handling this error. For example purposes,
//I'm just going to kill the script completely, as error handling is outside
//the scope of this tutorial.
if ($row['num'] > 0) {
throw new Exception('That username already exists!');
}
$sql = "SELECT COUNT(email) AS test FROM users WHERE email = :email";
$stmt = $pdo->prepare($sql);
//Bind the provided username to our prepared statement.
$stmt->bindValue(':email', $email);
//Execute.
$stmt->execute();
//Fetch the row.
$result = $stmt->fetch(PDO::FETCH_ASSOC);
//If the provided username already exists - display error.
//TO ADD - Your own method of handling this error. For example purposes,
//I'm just going to kill the script completely, as error handling is outside
//the scope of this tutorial.
if ($result['test'] > 0) {
throw new Exception('That email already exists!');
}
//Hash the password as we do NOT want to store our passwords in plain text.
$passwordHash = password_hash($password, PASSWORD_BCRYPT, array("cost" => 12));
//Prepare our INSERT statement.
//Remember: We are inserting a new row into our users table.
$sql = "INSERT INTO users (username, password, email, phone, address, first_name, last_name, age)
VALUES (:username, :password,:email, :phone, :address, :first_name, :last_name, :age)";
$stmt = $pdo->prepare($sql);
//Bind our variables.
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', $passwordHash);
$stmt->bindValue(':email', $email);
$stmt->bindValue(':phone', $phone);
$stmt->bindValue(':address', $address);
$stmt->bindValue(':first_name', $firstName);
$stmt->bindValue(':last_name', $lastName);
$stmt->bindValue(':age', $age);
//Execute the statement and insert the new account.
$result = $stmt->execute();
//If the signup process is successful.
if ($result) {
$_SESSION['username'] = $firstName;
header('Location: login.php');
}
}
} catch (Exception $exception) {
$error = $exception->getMessage();
}
?>
和html表单:
<form name="registration" action="#" method="post">
<fieldset>
<legend class="extraPlace">Register</legend>
<?php if ($error) : ?>
<h2 style="color:red"> <?= $error ?></h2>
<?php endif; ?>
<?php $error = ''; ?>
<div class="input-group margin col-lg-6">
<span class="input-group-addon"><i class="glyphicon glyphicon-user"></i></span>
<input class="form-control" id="username" name="username" type="text" placeholder="Username *"
minlength="4" maxlength="8" min="4" required>
</div>
<div class="input-group margin">
<span class="input-group-addon"><i class="glyphicon glyphicon-lock"></i></span>
<input class="form-control" id="password" name="password" type="password" placeholder="Password *"
maxlength="15" minlength="8" required>
<span class="input-group-addon"><i class="glyphicon glyphicon-lock"></i></span>
<input class="form-control" id="confirm_password" name="confirmPass" type="password"
placeholder="Confirm Password *" required>
</div>
<div class="input-group margin">
<span class="input-group-addon"><i class="glyphicon glyphicon-user"></i></span>
<input class="form-control" id="firstName" name="firstName" type="text" placeholder="First Name *"
required>
<span class="input-group-addon"><i class="glyphicon glyphicon-user"></i></span>
<input class="form-control" id="lastName" name="lastName" type="text" placeholder="Last Name *"
required>
</div>
<div class="input-group margin col-lg-6">
<span class="input-group-addon"><i class="glyphicon glyphicon-envelope"></i></span>
<input class="form-control" id="email" name="email" type="email" placeholder="Email *" required>
</div>
<div class="input-group margin col-lg-6">
<span class="input-group-addon"><i class="glyphicon glyphicon-phone-alt"></i></span>
<input class="form-control" id="phone" name="phone" type="number" maxlength="10"
placeholder="Phone Number *" required>
</div>
<div class="input-group margin col-lg-6">
<span class="input-group-addon"><i class="glyphicon glyphicon-home"></i></span>
<input class="form-control" id="address" name="address" type="text" placeholder="Address *"
required>
</div>
<div class="input-group margin col-lg-6">
<span class="input-group-addon"><i class="glyphicon glyphicon-time"></i></span>
<input class="form-control" id="age" name="age" type="number" placeholder="Age *" min="18" required>
</div>
<div class="checkbox alignLeftContent">
<label>
<input type="checkbox" name="agreement" value="1" required> I have read and agree to the <a
href="https://www.un.org/Depts/ptd/terms-and-conditions-agreement">Terms and Conditions
*</a>
</label><br>
<label>
<input type="checkbox" name="gdpr" value="1" required> GDPR Agreement *
</label>
<div class="margin"><span>* Mandatory fields</span></div>
</div>
<button class="btn btn-success " type="submit" name="register">Register</button>
</fieldset>
</form>
答案 0 :(得分:5)
问题在于你的正则表达式:
$patern = '[A-Za-z0-9]';
您缺少分隔符,您应该将模式修复到开头和结尾,因为现在只有在字符串包含 无效字符时它才会失败:
$patern = '#^[A-Za-z0-9]+$#';
^ delimiter
^ end of string
^ 1 or more characters
^ beginning of string
^ delimiter
或者,您可以通过反转字符组来搜索无效字符:
$patern = '#[^A-Za-z0-9]#';
// ^ negate the character class
// or case insensitive
$patern = '#[^a-z0-9]#i';
// Change the condition
if (preg_match($patern, $form['username'])) {
// At least 1 invalid character found
答案 1 :(得分:0)
$patern = '#[^a-z0-9]#i';
if (preg_match($patern, $form['username'])) {
throw new Exception("User name must not contains Special characters.");
}
只需替换此块