我是PHP新手,如果没有定义用户名和密码,我的PHP表单验证会出现问题,返回此错误。
注意:未定义的变量:第64行上D:''hpsp''controller''loginvalidation.inc.php中的用户名
我使用两个函数(用户名验证和密码验证)来检查$_POST输入是否正确,但我不知道什么是正确的脚本,也不知道我必须把正确的脚本放在哪里,提前谢谢。
<?php
session_start();
require_once('../model/pdo.inc.php');
// function for checking the username validation (not empty & Regex)
function usernameValidation($username) // Username as parameter
{
if ( !empty($_POST['username']) )
{
$username = strtolower(htmlspecialchars($_POST['username'])); // username will be tranform to lowercase before regex matching
if ( preg_match('#^[a-z0-9'.]{5,20}$#', $username) ) // 5 <= username lenght <= 20 in lowercase character to be valid
{
return true; // return true when the username is valid
}
else
{
echo "Invalid username, please re-try" ;
}
}
else
{
echo "Enter your username";
}
}
// function for checking the password validation (not empty & Regex)
function passwordValidation($password) // Password as parameter
{
if ( !empty($_POST['password']) )
{
$password = htmlspecialchars($_POST['password']) ; // Protect the password
if ( preg_match('#^[a-zA-Z0-9'.-_@$()]{6,10}$#', $password) ) // 6 <= password length <= 10 character to be valid
{
return true; // return true when password is valid
}
else
{
echo "Invalid password, please re-try";
}
}
else
{
echo "Enter your password";
}
}
if ( usernameValidation($username) == true AND passwordValidation($password) == true )
{
// PDO Query (SELECT ...)
}
我会做这样的事情(请注意,你永远不想为电子邮件和密码回音出单独的消息,以阻止黑客获取正确信息:
session_start();
require_once('../model/pdo.inc.php');
//username and password will contain the posted resulte or FALSE
$username = usernameValidation();
$password = passwordValidation();
if (!$username OR !$password) {
echo 'Invalid username or password!';
die;
}
// PDO Query (SELECT ...)
// function for checking the username validation (not empty & Regex)
function usernameValidation() { // Username as parameter
if (!empty($_POST['username'])) {
$username = strtolower(htmlspecialchars($_POST['username'])); // username will be tranform to lowercase before regex matching
if (preg_match('#^[a-z0-9'.]{5,20}$#', $username)) { // 5 <= username lenght <= 20 in lowercase character to be valid
return $username; // return true when the username is valid
}
}
return FALSE;
}
// function for checking the password validation (not empty & Regex)
function passwordValidation() { // Password as parameter
if (!empty($_POST['password'])) {
$password = htmlspecialchars($_POST['password']); // Protect the password
if (preg_match('#^[a-zA-Z0-9'.-_@$()]{6,10}$#', $password)) { // 6 <= password length <= 10 character to be valid
return $password; // return true when password is valid
}
}
return FALSE;
}
用无参数定义函数
function usernameValidation(){ ... }
并称之为
if ( usernameValidation() == true AND passwordValidation() == true )
<?php
session_start();
require_once('../model/pdo.inc.php');
// function for checking the username validation (not empty & Regex)
function usernameValidation($username) // Username as parameter
{
if ( !empty($_POST['username']) )
{
$username = strtolower(htmlspecialchars($_POST['username'])); // username will be tranform to lowercase before regex matching
if ( preg_match('#^[a-z0-9'.]{5,20}$#', $username) ) // 5 <= username lenght <= 20 in lowercase character to be valid
{
return true; // return true when the username is valid
}
else
{
echo "Invalid username, please re-try" ;
}
}
else
{
echo "Enter your username";
}
}
// function for checking the password validation (not empty & Regex)
function passwordValidation($password) // Password as parameter
{
if ( !empty($_POST['password']) )
{
$password = htmlspecialchars($_POST['password']) ; // Protect the password
if ( preg_match('#^[a-zA-Z0-9'.-_@$()]{6,10}$#', $password) ) // 6 <= password length <= 10 character to be valid
{
return true; // return true when password is valid
}
else
{
echo "Invalid password, please re-try";
}
}
else
{
echo "Enter your password";
}
}
$username = $_POST['username'];
$password = $_POST['password'];
if ( usernameValidation($username) == true AND passwordValidation($password) == true )
{
// PDO Query (SELECT ...)
}
将最后一个if条件更改为以下代码:
if ( usernameValidation($_POST['username']) == true AND passwordValidation($_POST['password']) == true )
{
}
在函数中,仅使用变量$username
和$password
,而不使用(!)$_POST['username']
和$_POST['password']
您定义了$username
和$password
,即$_POST['username']
和$_POST['password']
。你也可以制作一个没有参数的函数。通过进行这些更改,您的问题将得到解决。