Php验证始终显示错误消息

时间:2018-03-22 11:08:47

标签: php validation backend

我正面临着使用php进行服务器端验证的问题。问题是,即使有效值,它也始终显示验证错误消息。例如,在用户名字段中,如果我输入的内容不包含特殊符号,它仍会输入if语句并显示错误消息:"用户名不得包含特殊字符"。正则表达式似乎工作正常,所以我认为这是一个逻辑错误。这是我的PHP代码:

<?php

/**
 * Include our MySQL connection.
 */
require 'connect.php';

$error = '';
try {
//If the POST var "register" exists (our submit button), then we can
//assume that the user has submitted the registration form.
    if (isset($_POST['register'])) {

        $form = $_POST;
        $username = $form['username'];
        $password = $form['password'];
        $firstName = $form['firstName'];
        $lastName = $form['lastName'];
        $address = $form['address'];
        $email = $form['email'];
        $age = $form['age'];
        $phone = $form['phone'];
//Retrieve the field values from our registration form.
        $username = !empty($_POST['username']) ? trim($_POST['username']) : null;
        $password = !empty($_POST['password']) ? trim($_POST['password']) : null;

//TO ADD: Error checking (username characters, password length, etc).
//Basically, you will need to add your own error checking BEFORE
//the prepared statement is built and executed.
        //Validations username
        if (strlen($username) < 4 || strlen($username) > 8 || empty($username)) {
            throw new Exception("User name must be between 4 an 8 symbols.");
        }

        $patern = '[A-Za-z0-9]+';
        if (!preg_match($patern, $form['username'])) {
            throw new Exception("User name must not contains Special characters.");
        }
        $patern = '^(([^<>()\[\]\.,;:\s@\"]+(\.[^<>()\[\]\.,;:\s@\"]+)*)|(\".+\"))@(([^<>()[\]\.,;:\s@\"]+\.)+[^<>()[\]\.,;:\s@\"]{2,})$';
        //Validation email
        if (!preg_match($patern, $email)) {
            throw new Exception("Please fill valid email.");
        }
        //Validation password
        if (strlen($password < 8 || strlen($password > 15) || empty($password))) {
            throw new Exception("Password must be between 8 an 15 symbols.");
        }
        $patern = '(?=(.*\d){2,})(?=.*[A-Z]{1,})(?=.*[a-zA-Z]{2,})(?=.*[!@~#$%^&?]{1,})[0-9a-zA-Z!@~#?$^%&`]{8,15}';
        if (!preg_match($patern, $password)) {
            throw new Exception("Password must contains at least 1 special symbol at least 1 uppercase letter at least 2 numbers at least 3 letters.");
        }
        if (strlen($password < 8 || strlen($password > 15) || empty($password))) {
            throw new Exception("Password must contains at least 1 special symbol at least 1 uppercase letter at least 2 numbers at least 3 letters.");
        }
        if (strlen($phone) != 10) {
            throw new Exception("Phone must be 10 numbers.");
        }
//Now, we need to check if the supplied username already exists.

//Construct the SQL statement and prepare it.
        $sql = "SELECT COUNT(username) AS num FROM users WHERE username = :username";
        $stmt = $pdo->prepare($sql);

//Bind the provided username to our prepared statement.
        $stmt->bindValue(':username', $username);

//Execute.
        $stmt->execute();

//Fetch the row.
        $row = $stmt->fetch(PDO::FETCH_ASSOC);

//If the provided username already exists - display error.
//TO ADD - Your own method of handling this error. For example purposes,
//I'm just going to kill the script completely, as error handling is outside
//the scope of this tutorial.
        if ($row['num'] > 0) {
            throw new Exception('That username already exists!');
        }
        $sql = "SELECT COUNT(email) AS test FROM users WHERE email = :email";
        $stmt = $pdo->prepare($sql);

//Bind the provided username to our prepared statement.
        $stmt->bindValue(':email', $email);

//Execute.
        $stmt->execute();

//Fetch the row.
        $result = $stmt->fetch(PDO::FETCH_ASSOC);

//If the provided username already exists - display error.
//TO ADD - Your own method of handling this error. For example purposes,
//I'm just going to kill the script completely, as error handling is outside
//the scope of this tutorial.
        if ($result['test'] > 0) {
            throw new Exception('That email already exists!');
        }
//Hash the password as we do NOT want to store our passwords in plain text.
        $passwordHash = password_hash($password, PASSWORD_BCRYPT, array("cost" => 12));

//Prepare our INSERT statement.
//Remember: We are inserting a new row into our users table.
        $sql = "INSERT INTO users (username, password, email, phone, address, first_name, last_name, age) 
VALUES (:username, :password,:email, :phone, :address, :first_name, :last_name, :age)";
        $stmt = $pdo->prepare($sql);

//Bind our variables.
        $stmt->bindValue(':username', $username);
        $stmt->bindValue(':password', $passwordHash);
        $stmt->bindValue(':email', $email);
        $stmt->bindValue(':phone', $phone);
        $stmt->bindValue(':address', $address);
        $stmt->bindValue(':first_name', $firstName);
        $stmt->bindValue(':last_name', $lastName);
        $stmt->bindValue(':age', $age);

//Execute the statement and insert the new account.
        $result = $stmt->execute();

//If the signup process is successful.
        if ($result) {
            $_SESSION['username'] = $firstName;

            header('Location: login.php');

        }

    }
} catch (Exception $exception) {
    $error = $exception->getMessage();
}
?>

和html表单:

<form name="registration" action="#" method="post">
            <fieldset>
                <legend class="extraPlace">Register</legend>
                <?php if ($error) : ?>
                    <h2 style="color:red">   <?= $error ?></h2>
                <?php endif; ?>
                <?php $error = ''; ?>
                <div class="input-group margin col-lg-6">
                    <span class="input-group-addon"><i class="glyphicon glyphicon-user"></i></span>
                    <input class="form-control" id="username" name="username" type="text" placeholder="Username *"
                           minlength="4" maxlength="8" min="4" required>

                </div>

                <div class="input-group margin">
                    <span class="input-group-addon"><i class="glyphicon glyphicon-lock"></i></span>
                    <input class="form-control" id="password" name="password" type="password" placeholder="Password *"
                           maxlength="15" minlength="8" required>

                    <span class="input-group-addon"><i class="glyphicon glyphicon-lock"></i></span>
                    <input class="form-control" id="confirm_password" name="confirmPass" type="password"
                           placeholder="Confirm Password *" required>

                </div>

                <div class="input-group margin">
                    <span class="input-group-addon"><i class="glyphicon glyphicon-user"></i></span>
                    <input class="form-control" id="firstName" name="firstName" type="text" placeholder="First Name *"
                           required>

                    <span class="input-group-addon"><i class="glyphicon glyphicon-user"></i></span>
                    <input class="form-control" id="lastName" name="lastName" type="text" placeholder="Last Name *"
                           required>
                </div>

                <div class="input-group margin col-lg-6">
                    <span class="input-group-addon"><i class="glyphicon glyphicon-envelope"></i></span>
                    <input class="form-control" id="email" name="email" type="email" placeholder="Email *" required>
                </div>

                <div class="input-group margin col-lg-6">
                    <span class="input-group-addon"><i class="glyphicon glyphicon-phone-alt"></i></span>
                    <input class="form-control" id="phone" name="phone" type="number" maxlength="10"
                           placeholder="Phone Number *" required>
                </div>

                <div class="input-group margin col-lg-6">
                    <span class="input-group-addon"><i class="glyphicon glyphicon-home"></i></span>
                    <input class="form-control" id="address" name="address" type="text" placeholder="Address *"
                           required>
                </div>

                <div class="input-group margin col-lg-6">
                    <span class="input-group-addon"><i class="glyphicon glyphicon-time"></i></span>
                    <input class="form-control" id="age" name="age" type="number" placeholder="Age *" min="18" required>
                </div>

                <div class="checkbox alignLeftContent">
                    <label>
                        <input type="checkbox" name="agreement" value="1" required> I have read and agree to the <a
                                href="https://www.un.org/Depts/ptd/terms-and-conditions-agreement">Terms and Conditions
                            *</a>
                    </label><br>
                    <label>
                        <input type="checkbox" name="gdpr" value="1" required> GDPR Agreement *
                    </label>
                    <div class="margin"><span>* &nbsp;&nbsp; Mandatory fields</span></div>
                </div>

                <button class="btn btn-success " type="submit" name="register">Register</button>
            </fieldset>
        </form>

2 个答案:

答案 0 :(得分:5)

问题在于你的正则表达式:

$patern = '[A-Za-z0-9]';

您缺少分隔符,您应该将模式修复到开头和结尾,因为现在只有在字符串包含 无效字符时它才会失败:

$patern = '#^[A-Za-z0-9]+$#';
                          ^ delimiter
                         ^ end of string
                        ^ 1 or more characters
            ^ beginning of string
           ^ delimiter

或者,您可以通过反转字符组来搜索无效字符:

$patern = '#[^A-Za-z0-9]#';
//           ^ negate the character class
// or case insensitive
$patern = '#[^a-z0-9]#i';

// Change the condition
if (preg_match($patern, $form['username'])) {
    // At least 1 invalid character found

答案 1 :(得分:0)

$patern = '#[^a-z0-9]#i';

        if (preg_match($patern, $form['username'])) {
            throw new Exception("User name must not contains Special characters.");
        }

只需替换此块