数据直接存储到mysql数据库,无需使用php设置任何验证
我是php和mysql的新手。目前,我正在开发一个注册系统,使用php和mysql存储数据。所以我已经连接了数据库,我正在对用户填写的表单信息进行验证。我决定不使用html“必需”函数。但验证根本不起作用。尽管信息填写为空,但不会显示任何错误,但仍可以继续下一步并将信息插入数据库。任何帮助都将不胜感激,看看哪里出了问题 这是我的密码数据直接存储到mysql数据库,无需使用php设置任何验证,php,mysql,validation,Php,Mysql,Validation,我是php和mysql的新手。目前,我正在开发一个注册系统,使用php和mysql存储数据。所以我已经连接了数据库,我正在对用户填写的表单信息进行验证。我决定不使用html“必需”函数。但验证根本不起作用。尽管信息填写为空,但不会显示任何错误,但仍可以继续下一步并将信息插入数据库。任何帮助都将不胜感激,看看哪里出了问题 这是我的密码 <div id="content"> <form action="signup.php"method="POST">
<div id="content">
<form action="signup.php"method="POST">
<fieldset>
<legend>Sign up your Watevershit account to unlock more shit!</legend>
<p>
<label>
<span>Username :</span>
<input type="text"name="username">
</label>
</p>
<p><?php if(isset($errors['username1']) echo $errors['username1'])?></p>
<p>
<label>
<span>Password</span>
<input type="password"name="password">
</label>
</p>
<p><?php if(isset($errors['password1']) echo $errors['password1'])?></p>
<p>
<label>
<span>Confirm Password :</span><input type="password"name="password">
</label>
</p>
<p>
<label>
<span>Email:</span>
<input type="email"name="email">
</label>
</p>
<p><?php if(isset($errors['email1']) echo $errors['email1'])?></p>
<p>
<label>
<input type="submit"id="submit"value="Sign Up Now!">
</label>
</p>
<p>
<label>
<span><a href="login.html">Already member?Log in here</a></span>
</label>
</p>
</fieldset>
</form>
</div>
注册你的Watevershit帐户以解锁更多狗屎!
用户名:
密码
确认密码:
电邮:
<?php
include ('config.php');
//declare variables
$username=$_POST['username'];
$password=$_POST['password'];
$email=$_POST['email'];
//define error variables
$usernameERR = $emailERR =$passwordERR="";
$username=$email=$password="";
//validation
if ($_SERVER["REQUEST_METHOD"] == "POST"){
//not empty
//at least 3 characters long
//start the validation
//check the username
if(empty($_POST['username'])){
$errors['username1'] = "Required fields"
}
if (strlen($username) <3 ) {
$errors['username2'] ="Username must at least 3 characrters long.";
}
//check the password
if (empty($_POST['password'])){
$errors['password1'] ="Required fields";
}
if (strlen($password) < 8) {
$errors['password2'] = "Password must be 8 characrters long";
}
//check the email
if (empty($_POST['email'])){
$errors['email1'] = "Required fields";
}
if (strlen($email) < 12){
$errors['email2'] ="Email must at least 12 characrters long";
}
//check the errors
if(count($errors) == 0){
//redirect to sucess page
header('Location:login.html');
}
}
// if all correct,insert data to the database
$query="INSERT INTO user(Username,Password,Email) VALUES ('".$_POST['username']."','".$_POST['password']."','".$_POST['email']."')";
mysqli_query($con,$query);
?>
试试这个..
<?php
$errors=array();
if ($_SERVER["REQUEST_METHOD"] == "POST"){
$username=$_POST['username'];
$password=$_POST['password'];
$email=$_POST['email'];
//not empty
//at least 3 characters long
//start the validation
//check the username
if(empty($_POST['username'])){
$errors['username1'] = "Required fields";
}
if (strlen($username) <3 ) {
$errors['username2'] ="Username must at least 3 characrters long.";
}
//check the password
if (empty($_POST['password'])){
$errors['password1'] ="Required fields";
}
if (strlen($password) < 8) {
$errors['password2'] = "Password must be 8 characrters long";
}
//check the email
if (empty($_POST['email'])){
$errors['email1'] = "Required fields";
}
if (strlen($email) < 12){
$errors['email2'] ="Email must at least 12 characrters long";
}
//check the errors
if(count($errors) == 0){
$query="INSERT INTO user(Username,Password,Email) VALUES ('".$_POST['username']."','".$_POST['password']."','".$_POST['email']."')";
mysqli_query($con,$query);
}
}
?>
<div id="content">
<form action="" method="POST">
<fieldset>
<legend>Sign up your Watevershit account to unlock more shit!</legend>
<p>
<label>
<span>Username :</span>
<input type="text"name="username">
</label>
</p>
<p><?php if(!empty($errors['username1'])) { echo $errors['username1']; } ?></p>
<p>
<label>
<span>Password</span>
<input type="password" name="password">
</label>
</p>
<p><?php if(!empty($errors['password1'])) { echo $errors['password1']; }?></p>
<p>
<label>
<span>Confirm Password :</span><input type="password"name="password">
</label>
</p>
<p>
<label>
<span>Email:</span>
<input type="email"name="email">
</label>
</p>
<p><?php if(!empty($errors['email1'])) { echo $errors['email1']; }?></p>
<p>
<label>
<input type="submit"id="submit"value="Sign Up Now!">
</label>
</p>
<p>
<label>
<span><a href="login.html">Already member?Log in here</a></span>
</label>
</p>
</fieldset>
</form>
</div>
替换此块:
//check the errors
if(count($errors) == 0){
//redirect to sucess page
header('Location:login.html');
}
为此:
//check the errors
if(count($errors) > 0){
//redirect to sucess page
header('Location:login.html');
}
并替换以下行:
if ($_SERVER["REQUEST_METHOD"] == "POST"){
与:
永远不要在数据库中存储没有散列和盐析的用户密码。你应该使用预先准备好的语句,而不是直接将值插入到查询中,如果没有,你至少应该转义这些值。好的..但是所有的验证在这里都不起作用是什么问题?我已经在这里用php脚本设置了所有的验证,但是没有一个显示出来。请帮忙@Tniese@t.niese-我同意,很好的建议。尽管如此,他还是有了一个良好的开端,并会随着时间的推移逐渐了解这些令人讨厌的安全问题。它将始终插入数据库,因为在调用mysqli_query
,header('Location:login.html')
时,您不会检查是否发生任何错误,它只会告诉浏览器进行重定向,查询仍将执行。@t.niese那么我如何检查该问题发生的任何错误??if/else语句来检查??或其他内容???我像您提供的那样更改块,它确实可以重定向到login.html..但是信息仍然无法验证,仍然可以直接存储到数据库。。
if ($_POST){