dream518518518 2016-12-14 16:06
浏览 65
已采纳

用户注册表单上的验证不起作用

I'm trying to get some form validations to work, but my script registers a user even if the data is incorrect and doesn't validate.

Also, what should I write so it can check whether the user is already in the database and return an error if so?

For example, if I just typed "aaaa" in all text boxes, it would register the user. What should happen if a user entered incorrect data (wrong format) is an error message should appear, and it should not register until the user enters correct data. But it registers the user no matter what I enter, as if there were no validations written.

<?php

include "db.php";

// define variables and set to empty values
$nameErr = $emailErr = $genderErr = $passwordErr = $cpasswordErr = "";
$cpassword = "";
$cust_email = $cust_username = $cust_password = $cust_fullname = $cust_country = $cust_dob = $cust_gender = $cust_phone = "";

if (isset($_POST["btnsignup"])) {
    //Username Validation
    if (empty($_POST["txtcust_username"])) {
        $nameErr = "Name is required";
    } else {
        $cust_username = test_input($_POST["txtcust_username"]);
        // check if name only contains letters and whitespace
        if (!preg_match("/^[a-zA-Z0-9]*$/", $cust_username)) {
            $nameErr = "Only letters, numbers are allowed and no white space allowed";
        }
    }
    //Email Validation
    if (empty($_POST["txtcust_email"])) {
        $emailErr = "Email is required";
    } else {
        $cust_email = test_input($_POST["txtcust_email"]);
        // check if e-mail address is well-formed
        if (!filter_var($cust_email, FILTER_VALIDATE_EMAIL)) {
            $emailErr = "Invalid email format";
        }
    }
    //Password Validation
    if (!empty($_POST["txtcust_password"]) && ($_POST["txtcust_password"] == $_POST["txtcust_cpassword"])) {
        $cust_password = test_input($_POST["txtcust_password"]);
        $cust_cpassword = test_input($_POST["txtcust_cpassword"]);
        if (strlen($_POST["txtcust_password"]) <= '6') {
            $passwordErr = "Your Password Must Contain At Least 6 Characters!";
        } elseif (!preg_match("#[0-9]+#", $cust_password)) {
            $passwordErr = "Your Password Must Contain At Least 1 Number!";
        } elseif (!preg_match("#[A-Z]+#", $cust_password)) {
            $passwordErr = "Your Password Must Contain At Least 1 Capital Letter!";
        } elseif (!preg_match("#[a-z]+#", $cust_password)) {
            $passwordErr = "Your Password Must Contain At Least 1 Lowercase Letter!";
        }
    } elseif (!empty($_POST["txtcust_password"])) {
        $cpasswordErr = "Please Check You've Entered Or Confirmed Your Password!";
    }

    $cust_fullname = $_POST['txtcust_fullname'];
    $cust_country = $_POST['txtcust_country'];
    $cust_dob = $_POST['txtcust_dob'];
    $cust_gender = $_POST['txtcust_gender'];
    $cust_phone = $_POST['txtcust_phone'];

//Insert Into Table
    $insert = "INSERT INTO customer (cust_email,cust_username,cust_password,cust_fullname,cust_country,cust_dob,cust_gender,cust_phone)
VALUES ('$cust_email','$cust_username','$cust_password','$cust_fullname','$cust_country','$cust_dob','$cust_gender','$cust_phone') ";

    $run = mysqli_query($conn, $insert);
    if ($run) {
        setcookie("Name", $cust_username);
        header("Location: home.php");
    } else
        echo "User has not been Add";
}
function test_input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}

?>
  • 写回答

1条回答 默认 最新

  • dpf71390 2016-12-14 16:35
    关注

    TL;DR You do a bunch of validation and set a bunch of error messages, but then ignore all of that and run the INSERT no matter what. Add an if/else statement to handle validation errors or do the insert.

    Let's break this down. Your code isn't really a Minimal, Complete, and Verifiable Example, but we can make it into one. Stripping out all the unnecessary stuff, your code is basically this:

    <?php

include "db.php";

// initializing some variables
// ...

// a bunch of validation stuff, where you set
// variables like $nameErr and $emailErr
// ...

// logic where you initialize $cust_fullname, $cust_country, etc.
// ...

/***************************************************************
 * The database insertion, without ever checking whether
 * the data validated!
 ***************************************************************/
//Insert Into Table    
$insert = "INSERT INTO customer (cust_email,cust_username,cust_password,cust_fullname,cust_country,cust_dob,cust_gender,cust_phone)
VALUES ('$cust_email','$cust_username','$cust_password','$cust_fullname','$cust_country','$cust_dob','$cust_gender','$cust_phone') ";

$run = mysqli_query($conn,$insert);
// more code not relevant here...

?>

    So, you just run the INSERT, regardless of what happens in the validation stage. There's your problem.

    As for your second question (how to check for an existing user), that's a little broad for this site, and you generally should only ask one question at a time. Please try something first, then post that as a second question if you get stuck.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 完全没有学习过GAN,看了CSDN的一篇文章,里面有代码但是完全不知道如何操作
  • ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
  • ¥20 软件测试决策法疑问求解答
  • ¥15 win11 23H2删除推荐的项目,支持注册表等
  • ¥15 matlab 用yalmip搭建模型,cplex求解,线性化处理的方法
  • ¥15 qt6.6.3 基于百度云的语音识别 不会改
  • ¥15 关于#目标检测#的问题:大概就是类似后台自动检测某下架商品的库存,在他监测到该商品上架并且可以购买的瞬间点击立即购买下单
  • ¥15 神经网络怎么把隐含层变量融合到损失函数中?
  • ¥15 lingo18勾选global solver求解使用的算法
  • ¥15 全部备份安卓app数据包括密码,可以复制到另一手机上运行