这是我的代码
<?php
$con = mysqli_connect("localhost", "root", "xxx", "s");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$name = $con->real_escape_string($_POST['name']);
$username = $con->real_escape_string($_POST['username']);
$email = $con->real_escape_string($_POST['email']);
$password1 = $con->real_escape_string($_POST['pass1']);
$password2 = $con->real_escape_string($_POST['pass2']);
if (empty($name) || empty($username) || empty($email) || empty($password1) || empty($password2))
{
echo "Complete all fields";
// you can stop it here instead of putting the curly brace ALL the way at the bottom :)
return;
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
echo $emailvalid = "Enter a valid email";
}
if (strlen($password1) <= 6)
{
echo $passlength = "Password must be at least 6 characters long";
}
// Password numbers
if (!preg_match("#[0-9]+#", $password1))
{
echo $passnum = "Password must include at least one number!";
}
if (!preg_match("#[a-zA-Z]+#", $password1))
{
echo $passletter = "Password must include at least one letter!";
}
if ($password1 <> $password2)
{
echo $passmatch = "Passwords don't match";
}
mysqli_query($con, "INSERT INTO pass (Name,Username,Email,Password) VALUES ('$name','$username','$email','$password1')");
mysqli_close($con);
?>
即使字段是有效的,输入也会被发送到数据库。有没有办法防止这种情况发生?所以说我的密码不匹配,它会将表单发送到数据库。我希望PHP停止这样做。有什么想法吗?
if(!(isset($emailvalid) || isset($passlength) || isset($passnum) || isset($passletter) || isset($passmatch))) {
mysqli_query(...);
}
如果存在包含错误的任何变量,则大括号之间的代码不会运行。
您的代码应该类似于:
<?php
$con = mysqli_connect("localhost", "root", "xxx", "s");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$name = $con->real_escape_string($_POST['name']);
$username = $con->real_escape_string($_POST['username']);
$email = $con->real_escape_string($_POST['email']);
$password1 = $con->real_escape_string($_POST['pass1']);
$password2 = $con->real_escape_string($_POST['pass2']);
if (empty($name) || empty($username) || empty($email) || empty($password1) || empty($password2))
{
echo "Complete all fields";
// you can stop it here instead of putting the curly brace ALL the way at the bottom :)
return;
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
echo $emailvalid = "Enter a valid email";
return;
}
if (strlen($password1) <= 6)
{
echo $passlength = "Password must be at least 6 characters long";
return;
}
// Password numbers
if (!preg_match("#[0-9]+#", $password1))
{
echo $passnum = "Password must include at least one number!";
return;
}
if (!preg_match("#[a-zA-Z]+#", $password1))
{
echo $passletter = "Password must include at least one letter!";
return;
}
if ($password1 <> $password2)
{
echo $passmatch = "Passwords don't match";
return;
}
mysqli_query($con, "INSERT INTO pass (Name,Username,Email,Password) VALUES ('$name','$username','$email','$password1')");
mysqli_close($con);
?>
你忘了放退货单;每个if.
你可以试试这个
if (!$name < '' || ....)
{
echo "Complete all fields";
return;
}
您的代码应该和我一样。所以我在准备错误,若并没有错误,我只是在显示错误时执行查询。当然,这是简化的,但你应该得到演练。
<?php
$con = mysqli_connect("localhost", "root", "xxx", "s");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$name = $con->real_escape_string($_POST['name']);
$username = $con->real_escape_string($_POST['username']);
$email = $con->real_escape_string($_POST['email']);
$password1 = $con->real_escape_string($_POST['pass1']);
$password2 = $con->real_escape_string($_POST['pass2']);
$canExecute = true;
$errors = array();
if (empty($name) || empty($username) || empty($email) || empty($password1) || empty($password2))
{
echo "Complete all fields";
// you can stop it here instead of putting the curly brace ALL the way at the bottom :)
return;
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
$errors[] = "Enter a valid email";
$canExecute = false;
}
if (strlen($password1) <= 6)
{
$errors[] = "Password must be at least 6 characters long";
$canExecute = false;
}
// Password numbers
if (!preg_match("#[0-9]+#", $password1))
{
$errors[]= "Password must include at least one number!";
$canExecute = false;
}
if (!preg_match("#[a-zA-Z]+#", $password1))
{
$errors[] = "Password must include at least one letter!";
$canExecute = false;
}
if ($password1 <> $password2)
{
$errors[]= "Passwords don't match";
$canExecute = false;
}
if ($canExecute)
{
mysqli_query($con, "INSERT INTO pass (Name,Username,Email,Password) VALUES ('$name','$username','$email','$password1')");
mysqli_close($con);
}
else
{
echo '<ul>';
foreach ($errors as $error)
echo '<li>'.$error.'</li>';
echo '</ul>';
}