[英]How can I properly validate my registration form inputs with PHP functions?
我是 PHP 的初学者,正在尝试验证我的注册表单,但 preg_match 函数和 email 过滤器 function 没有验证输入。 表单提交和值或插入到我的数据库中,任何输入都可以在未经验证的情况下工作。 这是我的 PHP:
<?php
// define errors
$firstnameErr = $lastnameErr = $usernameErr = $passwordErr = $emailaddressErr = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["firstname"])) {
$firstnameErr = "First Name is required";
} else {
$firstname = ($_POST["firstname"]);
// name only contains letters and space
if (!preg_match("/^[a-zA-Z ]*$/",$firstname)) {
$firstnameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["lastname"])) {
$lastnameErr = "Last Name is required";
} else {
$lastname= ($_POST["lastname"]);
// name only contains letters and space
if (!preg_match("/^[a-zA-Z ]*$/",$lastname)) {
$lastnameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["emailaddress"])) {
$emailaddressErr = "Email address is required";
} else {
$emailaddress = ($_POST["emailaddress"]);
if (!filter_var($emailaddress, FILTER_VALIDATE_EMAIL)) {
$emailaddressErr = "Invalid email format";
}
}
if (empty($_POST["username"])) {
$usernameErr = "A username is required";
} else {
$username = ($_POST["username"]);
}
if (empty($_POST["password"])) {
$passwordErr = "A password is required";
} else {
$password = PASSWORD_HASH($_POST['password'], PASSWORD_DEFAULT);
}
我的 HTML 在下面。 我想由于正则表达式,名字在客户端是经过验证的,但我希望它也可以在服务器端使用 preg_match 完成。 我不确定我这样做是否正确。
<form style="display:flex"; name="signupform" action="registration.php" method="post">
<div class="container">
<div class ="row justify-content-center">
<div class ="col-md-6">
<h1>Registration</h1>
<hr class="mb-3">
<label for="firstname"><b>First Name</b></label>
<input class= "form-control" type="text" placeholder="Enter your First Name" name="firstname" required>
<span class="error">* <?php echo $firstnameErr;?></span>
<label for="lastname"><b>Last Name</b></label>
<input class= "form-control" type="text" placeholder="Enter your Last Name" name="lastname" required>
<span class="error">* <?php echo $lastnameErr;?></span>
<label for="emailaddress"><b>Email Address</b></label>
<input class= "form-control" type="text" placeholder="Enter your Email Address" name="emailaddress" required>
<span class="error">* <?php echo $emailaddressErr;?></span>
<label for="username"><b>Username</b></label>
<input class= "form-control" type="text" placeholder="Enter your desired username" name="username" required>
<span class="error">* <?php echo $usernameErr;?></span>
<label for="password"><b>Password</b></label>
<input class= "form-control" type="password" placeholder="Enter a password" name="password" pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" title="Must contain at least one number and one uppercase and lowercase letter, and at least 8 or more characters" required>
<span class="error">* <?php echo $passwordErr;?></span>
<em> Password must contain at least one number and one uppercase and lowercase letter, and at least 8 or more characters</em><br>
<hr class ="mb-3">
<input class="btn btn-block btn-primary" type="submit" name="create" value="Sign Up">
<hr class = "mb-3">
</div>
</div>
</div>
</form>
在你的逻辑中尝试这样的事情。 因为您的变量($lastname、$emailaddress)已在代码中声明并填充了未经测试的数据。
if (empty($_POST["lastname"])) {
$lastnameErr = "Last Name is required";
} else {
if (!preg_match("/^[a-zA-Z ]*$/",$_POST["lastname"])) {
$lastnameErr = "Only letters and white space allowed";
}else{
/* if lastname valid then create $lastname */
$lastname= $_POST["lastname"];
}
}
if (empty($_POST["emailaddress"])) {
$emailaddressErr = "Email address is required";
} else {
if (!filter_var($_POST["emailaddress"], FILTER_VALIDATE_EMAIL)) {
$emailaddressErr = "Invalid email format";
}else{
// if email address valid then create $emailaddress
$emailaddress = ($_POST["emailaddress"]);
}
}
因此,在调用 function 将数据存储在数据库中之前,只需检查变量是否存在isset($lastname) && isset($emailaddress)
...好吧我猜你明白了。
从我在网上看到的内容来看,你不应该相信来自前端的任何东西,即使有输入验证,在将数据插入数据库之前总是要仔细检查。
祝你好运。
我简化了你的代码,希望这会有所帮助:)
<?php
//define errors
$error_message = "";
$firstname="";
$lastname="";
$emailaddress="";
$username="";
$password="";
if(isset($_POST['create']) && $_SERVER["REQUEST_METHOD"] == "POST"){
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$emailaddress = $_POST['emailaddress'];
$username = $_POST['username'];
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
if(empty($firstname) || $firstname == ""){
$error_message = "First Name is required!";
}
elseif( !preg_match("/^[a-zA-Z ]*$/",$firstname) ){
$error_message = "Only letters and white space allowed!";
}
elseif(empty($lastname) || $lastname == ""){
$error_message = "Last Name is required!";
}
elseif( !preg_match("/^[a-zA-Z ]*$/",$lastname) ){
$error_message = "Only letters and white space allowed!";
}
elseif(empty($emailaddress) || $emailaddress == ""){
$error_message = "Email address is required!";
}
elseif(!filter_var($emailaddress, FILTER_VALIDATE_EMAIL)){
$error_message = "Invalid email format!";
}
elseif(empty($username) || $username == ""){
$error_message = "Username is required!";
}
elseif(empty($password) || $password == ""){
$error_message = "Password is required!";
}
else{
//insert query
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<form style="display:flex"; name="signupform" action="" method="post">
<div class="container">
<div class ="row justify-content-center">
<div class ="col-md-6">
<span class="error">* <?php echo $error_message;?></span>
<h1>Registration</h1>
<hr class="mb-3">
<label for="firstname"><b>First Name</b></label><br>
<input class= "form-control" type="text" placeholder="Enter your First Name" name="firstname" value="<?php echo $firstname; ?>"><br>
<label for="lastname"><b>Last Name</b></label><br>
<input class= "form-control" type="text" placeholder="Enter your Last Name" name="lastname" value="<?php echo $lastname; ?>"><br>
<label for="emailaddress"><b>Email Address</b></label><br>
<input class= "form-control" type="text" placeholder="Enter your Email Address" name="emailaddress" value="<?php echo $emailaddress; ?>"><br>
<label for="username"><b>Username</b></label><br>
<input class= "form-control" type="text" placeholder="Enter your desired username" name="username" value="<?php echo $username; ?>"><br>
<label for="password"><b>Password</b></label><br>
<input class= "form-control" type="password" placeholder="Enter a password" name="password" pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" title="Must contain at least one number and one uppercase and lowercase letter, and at least 8 or more characters" value="<?php echo $password; ?>"><br>
<em> Password must contain at least one number and one uppercase and lowercase letter, and at least 8 or more characters</em><br>
<hr class ="mb-3">
<input class="btn btn-block btn-primary" type="submit" name="create" value="Sign Up" style="cursor: pointer;">
</body>
</html>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.