html 使用 php 进行表单验证
[英]html form validation using php
问题描述
I have created a html form which has signup as well as login.
我创建了一个 html 表单,其中包含注册和登录信息。 Firstly I want to register the user using signup form and then make him login then redirect to another page.首先,我想使用注册表单注册用户,然后让他登录,然后重定向到另一个页面。 For this I'm using php with apache(xampp) server.为此,我将 php 与 apache(xampp) 服务器一起使用。 The signup panel is working fine, but when I try to login, black column is added to database注册面板工作正常,但当我尝试登录时,黑色列被添加到数据库
My html code is like this我的html代码是这样的
<form method="POST" action="yoga_signup.php">
<div class="row" style=" margin-top:4rem; margin-left:24rem;">
<div class="col-md-6 mx-auto p-0">
<div class="card">
<div class="login-box">
<div class="login-snip"> <input id="tab-1" type="radio" name="tab" class="sign-in" checked><label for="tab-1" class="tab">Login</label> <input id="tab-2" type="radio" name="tab" class="sign-up"><label for="tab-2" class="tab">Sign Up</label>
<div class="login-space">
<div class="login">
<input type="hidden" name="for_page" value="login">
<div class="group"> <label for="user" class="label">Username</label> <input id="user" type="text" class="input" name="username" placeholder="Enter your username" > </div>
<div class="group"> <label for="pass" class="label">Password</label> <input id="pass" type="password" name="password_1" class="input" data-type="password" placeholder="Enter your password" > </div>
<div class="group"> <input id="check" type="checkbox" class="check" checked> <label for="check"><span class="icon"></span> Keep me Signed in</label> </div>
<div class="group"> <input type="submit" class="button" value="Sign In"> </div>
<div class="hr"></div>
</div>
<div class="sign-up-form">
<input type="hidden" name="for_page" value="signup">
<div class="group"> <label for="user" class="label">Username</label> <input id="user" type="text" name="username" class="input" placeholder="Create your Username"> </div>
<div class="group"> <label for="pass" class="label">Password</label> <input id="pass" type="password" name="password_1" class="input" data-type="password" placeholder="Create your password" > </div>
<div class="group"> <label for="pass" class="label">Repeat Password</label> <input id="pass" type="password" name="password_2" class="input" data-type="password" placeholder="Repeat your password"> </div>
<div class="group"> <label for="pass" class="label">Email Address</label> <input id="pass" type="text" class="input" name="email" placeholder="Enter your email address" > </div><br>
<div class="group"> <input type="submit" class="button" value="Sign Up"> </div>
<div class="hr"></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</form>
and my php code is this我的 php 代码是这样的
<?php
session_start();
$conn= new mysqli("localhost","root","","yoga");
if($_SERVER["REQUEST_METHOD"]=="POST"){
$TypeOfRequest=$_POST['for_page'];
if($TypeOfRequest=="signup"){
$user=$_POST['username'];
$pass_1=$_POST['password_1'];
$pass_2=$_POST['password_2'];
$mail=$_POST['email'];
if($pass_1===$pass_2){
$val=" INSERT INTO yoga_login(username,password_1,password_2,email) VALUES('$user','$pass_1','$pass_2','$mail')";
if($conn->query($val)===TRUE){
header('Location: login.html');
}else{
echo "registration unsucessfull";
}
}
if($pass_1!==$pass_2){
echo "please enter the same password";
}
}
$TypeofRequest = $_POST['for_page'];
if($TypeofRequest=="login"){
$user=$_POST['username'];
$pass_1=$_POST['password_1'];
$sql="SELECT * FROM yoga_login WHERE username='$user' AND password='$pass_1'";
$RunQuery = mysqli_query($conn,$sql);
$CheckNumberOfUsers = mysqli_num_rows($RunQuery);
//echo $CheckNumberOfUsers;
if($CheckNumberOfUsers==1){
$_SESSION['username'] = $user;
header('location:blogs.html');
}else{
echo "invalid credential";
}
}
mysqli_close($conn);
}
1 个解决方案
解决方案1
1 已采纳 2020-05-15 19:39:09
You can dump out what you are sending in the yoga_signup.php at the start of the file:您可以在文件开头的yoga_signup.php中转储要发送的内容:
die('<pre>' . print_r($_POST, true) . '</pre>');
Then you can see this:然后你可以看到这个:
Array
(
[tab] => on
[for_page] => signup
[username] =>
[password_1] =>
[password_2] =>
[email] =>
)
so the for_page field's value is signup - and I was pressing the Sign In button所以 for_page 字段的值是signup - 我按下了Sign In按钮
Then you go back to the HTML file and you can see that you are using the same form for the request, so with the second <input type="hidden" name="for_page" value="signup"> , you are overwriting the first for_page value.然后你 go 回到 HTML 文件,你可以看到你正在使用相同的请求表单,所以对于第二个<input type="hidden" name="for_page" value="signup"> ,你正在覆盖第一个for_page值。
So instead of this you should create 2 forms and set them like this:因此,您应该创建 2 forms 而不是这样设置它们:
<div class="row" style=" margin-top:4rem; margin-left:24rem;">
<div class="col-md-6 mx-auto p-0">
<div class="card">
<div class="login-box">
<div class="login-snip">
<input id="tab-1" type="radio" name="tab" class="sign-in" checked>
<label for="tab-1" class="tab">Login</label>
<input id="tab-2" type="radio" name="tab" class="sign-up">
<label for="tab-2" class="tab">Sign Up</label>
<div class="login-space">
<form method="POST" action="yoga_signup.php">
<div class="login">
<input type="hidden" name="for_page" value="login">
<div class="group">
<label for="user" class="label">Username</label>
<input id="user" type="text" class="input" name="username" placeholder="Enter your username" >
</div>
<div class="group">
<label for="pass" class="label">Password</label>
<input id="pass" type="password" name="password_1" class="input" data-type="password" placeholder="Enter your password" >
</div>
<div class="group">
<input id="check" type="checkbox" class="check" checked>
<label for="check">
<span class="icon">
</span> Keep me Signed in
</label>
</div>
<div class="group"> <input type="submit" class="button" value="Sign In"> </div>
<div class="hr"></div>
</div>
</form>
<form method="POST" action="yoga_signup.php">
<div class="sign-up-form">
<input type="hidden" name="for_page" value="signup">
<div class="group"> <label for="user" class="label">Username</label> <input id="user" type="text" name="username" class="input" placeholder="Create your Username"> </div>
<div class="group"> <label for="pass" class="label">Password</label> <input id="pass" type="password" name="password_1" class="input" data-type="password" placeholder="Create your password" > </div>
<div class="group"> <label for="pass" class="label">Repeat Password</label> <input id="pass" type="password" name="password_2" class="input" data-type="password" placeholder="Repeat your password"> </div>
<div class="group"> <label for="pass" class="label">Email Address</label> <input id="pass" type="text" class="input" name="email" placeholder="Enter your email address" > </div><br>
<div class="group"> <input type="submit" class="button" value="Sign Up"> </div>
<div class="hr"></div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
Parameters in the PHP file after modification:修改后的PHP文件中的参数:
Array
(
[for_page] => login
[username] => asdf
[password_1] => asdf
)
Helpful sidenotes to improve your code:有助于改进代码的旁注:
- passwords should be encrypted in the database密码应该在数据库中加密
- the mysql query is vulnerable against SQL injection mysql 查询易受 SQL 注入攻击
- the second password field used to be required, because if the input type is password, then you can't see the characters, so it's like a proofread for the user to make sure that you won't miss the password.第二个密码字段过去是必填的,因为如果输入类型是密码,那么你就看不到字符,所以它就像一个用户的校对,以确保你不会错过密码。 Because of this you don't need to store it in the database, but use it to check if it was written correctly in the first field.因此你不需要将它存储在数据库中,而是用它来检查它是否在第一个字段中写入正确。
- use the redirection headers with die将重定向标头与 die 一起使用
- close the mysql connection before the redirection重定向前关闭 mysql 连接
I found some issues at the login part of the code.我在代码的登录部分发现了一些问题。
Instead of the password filed in the SQL query string you should use an existing password field from your database;您应该使用数据库中现有的密码字段,而不是 SQL 查询字符串中的密码; for example the password_1 field.例如 password_1 字段。
Replacing that and fixing some minor issues, plus a bit of beautifying you will get this code for the login part:替换它并修复一些小问题,再加上一些美化,您将获得用于登录部分的代码:
if($TypeofRequest=="login"){
$username = $_POST['username'];
$password = $_POST['password_1'];
$sql="SELECT * FROM yoga_login WHERE username='{$username}' AND password_1='{$password}'";
$result = $conn->query($sql);
$conn->close();
if (empty($result)) {
die('invalid credentials');
}
$_SESSION['username'] = $user;
header('location:blogs.html');
die();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.