用户注册表格错误php
[英]User registration form error php
问题描述
Hi am trying to write code that validates in the backend. 
您好,我正在尝试编写在后端进行验证的代码。 The code should stop as soon as there is an error. 一旦有错误,该代码应立即停止。 In my case, even if the conditions are satisfied the code stops in the first name validation block itself. 就我而言,即使满足条件,代码也会停止在名字验证块本身中。 Also I wish to have only backend validation. 我也希望只有后端验证。
Here is the php code clientRegister.php 这是php代码clientRegister.php
<?php
require_once("connection.php");
session_start();
// define variables and set to empty values
$clientFirstName = $clientLastName =$clientEmail = $clientPassword =
$clientCPassword = $clientContact = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// First Name Validation
if (empty($_POST["clientFirstName"])) {
die("error: empty field");
} else {
$clientFirstName = test_input($_POST["clientFirstName"]);
// check if name only contains letters and whitespace
if (!preg_match("[a-zA-Z ]",$clientFirstName)) {
die("Error: Only letters and white space allowed");
}
}
// Last Name Validation
if (empty($_POST["clientLastName"])) {
die("error: empty field");
} else {
$clientLastName = test_input($_POST["clientLastName"]);
// check if name only contains letters and whitespace
if (!preg_match("[a-zA-Z ]",$clientLastName)) {
die("Error: Only letters and white space allowed");
}
}
// Email Validation
if (empty($_POST["clientEmail"])) {
die("error: empty field");
} else {
$clientEmail = test_input($_POST["clientEmail"]);
// check if e-mail address is well-formed
if (!filter_var($clientEmail, FILTER_VALIDATE_EMAIL)) {
die("Error: Invalid email format");
}
}
// Password Validation
if (empty($_POST["clientPassword"])) {
die("error: empty field");
}
// Confirm Password Validation
if (empty($_POST["clientCPassword"])) {
die("error: empty field");
}
if ($clientPassword != $clientCPassword) {
die("error: passwords mismatch");
}else{
$hashedClientPassword = password_hash($clientPassword, PASSWORD_DEFAULT);
}
if (empty($_POST["clientContact"])) {
die("error: empty field");
} else {
$clientContact = test_input($_POST["clientContact"]);
// check if number is correct
if (!preg_match("[0-9]",$clientContact)) {
die("error: Only 0-9 allowed");
}
}
$check_email = $conn->query("SELECT clientEmail FROM tbl_clients WHERE
clientEmail='$clientEmail'");
$emailCount=$check_email->num_rows;
if ($emailCount==0) {
$newClient = "INSERT INTO tbl_clients(clientFirstName, clientLastName,
clientEmail, clientPassword, clientContact) VALUES('$clientFirstName','$clientLastName','$clientEmail','$hashedClientPassword','$clientContact')";
if ($newClient === false){
$result = array();
$result[] = array("status" => "Error");
}else{
echo "Your have been signed up - please now Log In";
$result = array();
$result[] = array("First Name" => $clientFirstName, "Last Name" => $clientLastName, "Email" => $clientEmail, "Password" => $hashedClientPassword, "Contact" => $clientContact, "status" => "success");
}
}else {
echo "Already Exists";
$result = array();
$result[] = array("status" => "Error");
}
echo json_encode($result);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<!DOCTYPE HTML> <html> <head> </head> <body> <h2>Reg User</h2> <form method="post" action="clientRegister.php"> <label> First Name:<input type="text" name="clientFirstName"><br/> Last Name:<input type="text" name="clientLastName"><br/> Email:<input type="text" name="clientEmail"><br/> Password:<input type="password" name="clientPassword"><br/> Confirm Password:<input type="password" name="clientCPassword"><br/> Contact:<input type="text" name="clientContact"><br/> <input type="submit" value="Register" name="submit"> </label> </form> </body> </html>
1 个解决方案
解决方案1
0 已采纳 2018-04-01 15:42:42
You have missing pattern delimiters for your preg_match() 您的preg_match()缺少模式定界符
Replace your patterns with following sample: 用以下示例替换您的模式:
if (!preg_match("[a-zA-Z ]",$clientFirstName)) {
die("Error: Only letters and white space allowed");
}
With: 带有:
if (!preg_match("/[a-zA-Z ]/",$clientFirstName)) {
die("Error: Only letters and white space allowed");
}
Also your 还有你的
($clientPassword != $clientCPassword)
will always return false because you have not assigned new $_POST values to them. 将始终返回false,因为您尚未为其分配新的$ _POST值。 And since you have initialized both variables as empty. 并且由于您已将两个变量都初始化为空。 So (empty != empty) always return false. 因此(空!=空)总是返回false。
So you should compare like this: 所以你应该这样比较:
($_POST["clientPassword"] != $_POST["clientCPassword"])
Regarding your query, it was not executed 关于您的查询,未执行
$newClient = "INSERT INTO tbl_clients(clientFirstName, clientLastName, clientEmail, clientPassword, clientContact) VALUES('$clientFirstName','$clientLastName','$clientEmail','$hashedClientPassword','$clientContact')";
Which I think you meant: 我认为您的意思是:
$newClient = $conn->query("INSERT INTO tbl_clients(clientFirstName, clientLastName, clientEmail, clientPassword, clientContact) VALUES('$clientFirstName','$clientLastName','$clientEmail','$hashedClientPassword','$clientContact')");
Note : Your queries are vulnerable to sql injection and you should use prepare statement 注意 :您的查询容易受到sql注入的攻击,因此应使用prepare语句
DEMO: 演示:
http://sandbox.onlinephpfunctions.com/code/d435ae025dc9e22b677823ff37712bb712b71e1b http://sandbox.onlinephpfunctions.com/code/d435ae025dc9e22b677823ff37712bb712b71e1b
You can test this file: 您可以测试此文件:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.