我有一个处理我的注册表单的php文件,但是如果表单有差异(空白字段等),它不会显示错误消息。此外,验证码验证无效。
这是处理表单的php代码。
<?php
//Start session
session_start();
//Include database connection details
require_once('connect.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$cpassword = clean($_POST['cpassword']);
$nickname = clean($_POST['nickname']);
$email = clean($_POST['email']);
$code = clean($_POST['code']);
//Input Validations
if($username == '') {
$errmsg_arr[] = 'Username missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if($cpassword == '') {
$errmsg_arr[] = 'Confirm Password missing';
$errflag = true;
}
if($nickname == '') {
$errmsg_arr[] = 'nickname missing';
$errflag = true;
}
if($email == '') {
$errmsg_arr[] = 'Email Address missing';
$errflag = true;
}
if( strcmp($password, $cpassword) != 0 ) {
echo "Password Do not match";
$errmsg_arr[] = 'Passwords do not match';
$errflag = true;
}
include("../captcha/securimage.php");
$img = new Securimage();
$valid = $img->check($_POST['code']);
if($valid == true) {
echo "<center>Thanks, you entered the correct code.</center>";
} else {
echo "<center>Sorry, the code you entered was invalid.";
}
//Check for duplicate login ID
if($login != '') {
$qry = "SELECT * FROM employee_login WHERE username='$username'";
$result = mysql_query($qry);
if($result) {
if(mysql_num_rows($result) > 0) {
$errmsg_arr[] = 'Username already in use';
$errflag = true;
}
@mysql_free_result($result);
}
else {
die("Query failed");
}
}
//If there are input validations, redirect back to the registration form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: ../register.php");
exit();
}
//Create INSERT query
$qry = "INSERT INTO employee_login(username, password, email, nickname) VALUES('$username','".md5($_POST['password'])."','$email','$nickname')";
$result = @mysql_query($qry);
//Check whether the query was successful or not
if($result) {
header("location: ../registergood.php");
exit();
}else {
die("Query failed");
}
?>
可能出现什么问题?
答案 0 :(得分:1)
嗯,它没有显示您的错误消息,因为在您提供的代码中没有任何一点将这些消息输出给用户。你将它们存储在一个数组中,然后存储一个会话变量,但就是这样。