[英]How to validate user input with filter_var?
I'm creating a basic sign up form, where I want to validate the user input. 我正在创建一个基本的注册表单,我想在其中验证用户输入。 I've read a LOT of different methods of doing this.
我读过很多不同的方法来做到这一点。 First of all, mine is not working because it echoes "Email is valid" when it is not a valid email.
首先,由于我的电子邮件无效,它会回显“电子邮件有效”,因此我的电子邮件无法正常工作。 I really wish I could figure out the most efficient, succinct way of doing this!
我真的希望我能找出最有效,最简洁的方法!
So my two questions are: 所以我的两个问题是:
1.) Is there something wrong in my code that says it's a valid email even though it isn't? 1.)我的代码中有什么不对的地方,即使它不是有效的电子邮件,它还是有效的电子邮件?
2.) How can I make this as efficient as possible? 2.)我如何才能使其尽可能高效?
Here is the code: 这是代码:
<?php
include('functions.php');
$server = "localhost";
$auth = "root";
$pass = "password";
$db = "users";
$conn = connect_to_db($server, $auth, $pass, $db);
$signup = isset($_POST['submit']);
$output = NULL;
if( $signup ){
$username = htmlspecialchars($_POST['username']);
$password = md5($_POST['password']);
$email = $_POST['email'];
if( filter_var($email, FILTER_VALIDATE_EMAIL) && !empty($username) && !empty($password) && !empty($email) ){
echo 'Email is valid';
$sql = "SELECT username FROM info WHERE username = '$username'";
$result = mysqli_query($conn, $sql);
if( mysqli_num_rows($result) > 0 ){
echo "Sorry, there is already an account registered with that username";
} else {
$sql = "INSERT INTO info (username, password, date_created) VALUES ('$username', '$password', NOW())";
mysqli_query($conn, $sql);
$output = "<p> Username: $username <br />" . "Password: $password </p>";
}
} elseif ( empty($username) || empty($password) ) {
$output = "<p> Both fields are required </p>";
}
echo $output;
}
?>
<!DOCTYPE html>
<html>
<head>
<title>My Website</title>
</head>
<body>
<form method="POST">
<h1>Signup: </h1><br />
Choose a username: <input type="text" name="username" /> <br />
Choose a password: <input type="password" name="password" /> <br />
Enter your email: <input type="email" name="email" /> <br />
<input type="submit" name="submit" value="Signup" />
<p>Already have an account? Login here: <br /> <a href="index.php">Login</a></p>
</form>
</body>
</html>
Emm .. For the username and password inputs you can use ths function and put it in the functions file: Emm ..对于用户名和密码输入,您可以使用此函数并将其放在函数文件中:
function makeItSafe($value) {
htmlspecialchars($value);
strip_tags($value);
htmlentities($value, ENT_QUOTES);
return $value;
}
And for the email, yes it is you can use the filter_var function or use the RegExp way .. But in my opinion the filter_var is easier for use :) 对于电子邮件,是的,您可以使用filter_var函数或使用RegExp方法..但在我看来,filter_var易于使用:)
I use the code below to validate for email addresses. 我使用以下代码验证电子邮件地址。 I then require a user to confirm their email to complete signup as there is no true way to know if an email is actually real or not.
然后,我要求用户确认其电子邮件以完成注册,因为没有真正的方法可以知道电子邮件是否真实。
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
// invalid emailaddress
}
Also, you should create a function to check your POST data. 另外,您应该创建一个函数来检查您的POST数据。
function checkData($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.