[英]is_numeric and isEmail functions
I create field ( $login
), user should register with email or phone number So I want to oa security check to validate 我创建了字段(
$login
),用户应使用电子邮件或电话号码注册,因此我想进行安全检查以进行验证
Can I use 2 functions at same time ? 我可以同时使用两个功能吗? I tried the following code but it didn't work.
我尝试了以下代码,但是没有用。
if(!is_numeric || isEmail($login)) {
$mesaj = '<div class="msg"><div class="error">Add Valid Email or Phone Number</div></div>';
}else{
$db->Query("UPDATE `users` SET `login`='".$login."' WHERE `id`='".$data['id']."'");
$mesaj = '<div class="msg"><div class="success">Success</div></div>';
}
Any Idea? 任何想法?
You have an error in your code: if(!is_numeric || isEmail($login))
您的代码中有一个错误:
if(!is_numeric || isEmail($login))
You're not making a function call with is_numeric
. 您没有使用
is_numeric
进行函数调用。 You need to provide it a parameter: is_numeric($myVar)
您需要为其提供一个参数:
is_numeric($myVar)
You also have a SQL Injection problem in your code. 您的代码中也有一个SQL注入问题。 Never concatenate strings to build a query.
切勿串联字符串来构建查询。 Use parameterized queries instead.
请改用参数化查询 。
/***
* Data input from client browser / app
***/
$data['id'] = "0' OR id > 0 OR id = '1";
$login = "', `password`='hacked";
"UPDATE `users` SET `login`='".$login."' WHERE `id`='".$data['id']."'"
Output SQL: 输出SQL:
"UPDATE `users` SET `login`='', `password`='hacked' WHERE `id`='0' OR id > 0 OR id = '1'"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.