如何在php中证明参数
嘿 我有一个用户注册php与一些参数,他们都应该证明。我的格式很难看。我将所有的验证都打包在复杂的if条款中 看一看:如何在php中证明参数,php,validation,coding-style,Php,Validation,Coding Style,嘿 我有一个用户注册php与一些参数,他们都应该证明。我的格式很难看。我将所有的验证都打包在复杂的if条款中 看一看: include '../db_connect.php'; $arr = array('Data' => null,'Code' => null); $birthdate = mysql_real_escape_string($_POST['birth']); $gender = mysql_real_escape_string($_POST['gender']);
include '../db_connect.php';
$arr = array('Data' => null,'Code' => null);
$birthdate = mysql_real_escape_string($_POST['birth']);
$gender = mysql_real_escape_string($_POST['gender']);
$uname = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['pw']);
$email = mysql_real_escape_string($_POST['email']);
$lang = mysql_real_escape_string($_POST['lang']);
if (!proof_value($birthdate) && !proof_value($gender) && !proof_value($uname) && !proof_value($password) && !proof_value($email))
{
if (!user_exist($uname))
{
if(!email_exist($email))
{
if (count($pw)==32)
{
if(count($gender)==1 && ($gender=='m' ||$gender =='f'))
{
$code = genverification();
$sql = "Insert into USER (DATE_BIRTH,GENDER,USER_NAME,PASSWORD,EMAIL,VERIFICATION) VALUES ('$birthdate','$gender','$uname','$password','$email','$code')";
$result = mysql_query("Insert into USER (DATE_BIRTH,GENDER,USER_NAME,PASSWORD,EMAIL,VERIFICATION) VALUES ('$birthdate','$gender','$uname','$password','$email','$code')");
if ($result)
{
require_once("mailer.php");
if (sendmail($email,$link, $lang))
{
$arr['Code'] = 200;
}
else
{
$arr['Code'] = 422;
}
}
else
{
$arr['Code'] = 421;
//$arr['Date'] = $sql;
}
}
else
{
$arr['Code'] = 420;
}
}
else
{
$arr['Code']=423;
}
}
else
{
$arr['Code']=419;
}
}
else
{
$arr['Code']=418;
}
}
else
{
$arr['Code']=400;
}
mysql_close($db);
echo json_encode($arr);
Thx有很多可能性,如果你敢尝试:- PHP中的其他
我的格式很难看。isset()isset()countstrlen$pw$success = null;
while (empty($error))
{
if (...)
{
$error = xxx;
break;
}
// repeat other checking
// lastly
$sql = ...;
if ( $insert_ok )
{
$success = ...;
break;
}
}
if ( ! empty($error))
{
// something error
}
if ( ! empty($success))
{
// something right
}
<?php
//Allowed array of parameters
$allowed = array('birth','gender','username','passwordw','email','lang');
$cont=true;
//Loop through the post and check & assign the variables
foreach($_POST as $key=>$value){
if(in_array($key,$allowed) && $value!=''){
//m or f set $cont to false if not
if($key=='gender' && ($value!='m' || $value!='f')){$arr['Code'] = 420; $cont=false;}
//chek if email set $cont to false if not
if($key=='email' && filter_var($value, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED)==true){$arr['Code'] = 419; $cont=false;}
//check pass len set $cont to false if not
if($key=='password' && strlen($value)==32){$arr['Code'] = 423; $cont=false;}
//Assign the variable
$$key=$value;
}else{
//Rouge key in post or value blank
$cont=false;
}
}
//if alls ok
if($cont===true){
$code = genverification();
//PDO connect to database
try {
$dbh = new PDO("mysql:host=localhost;dbname=YOURDB", $dbusername, $dbpassword);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
//Use prepared statement to avoid sql injections
$sth = $dbh->prepare('INSERT into USER
(DATE_BIRTH,GENDER,USER_NAME,PASSWORD,EMAIL,VERIFICATION)
VALUES (:birth,:gender,:username,:password,:email,:code)');
//bind the variables to the parameters
$sth->bindParam(':birth', $birth, PDO::PARAM_STR, strlen($birth));
$sth->bindParam(':gender', $gender, PDO::PARAM_STR, 1);
$sth->bindParam(':username', $username, PDO::PARAM_STR, strlen($username));
$sth->bindParam(':password', $password, PDO::PARAM_STR, strlen($password));
$sth->bindParam(':email', $email, PDO::PARAM_STR, strlen($email));
$sth->bindParam(':code', $code, PDO::PARAM_STR, strlen($code));
$sth->execute();
//Do your mail
require_once("mailer.php");
if (sendmail($email,$link, $lang)){
$arr['Code'] = 200;
}else{
$arr['Code'] = 422;
}
}else{
#Show your errors
}
?>