[英]php/mysqli Validating Form Input to Inserting to Displaying. Security at each step?
[英]PHP validating user input data step by step
我對PHP相當陌生,現在我不得不在我的公司找到合適的程序員的同時用PHP編寫小型程序。
我編寫了一個使用表單數據(姓名,電子郵件,手機號碼等)的程序,然后檢查輸入的數據是否有效。 我的代碼工作正常,但是它們沒有遵循任何過程(即,它檢查所有驗證)。 我希望它首先檢查一個條件(例如電子郵件)是否有效,然后僅檢查下一個條件(電話號碼)。 如果無效,則返回一些錯誤消息並停止執行其余代碼。
我已經嘗試了很多東西,但是都沒有成功,這是示例代碼
<?php include("includes/functions.php"); ?>
<?php include("includes/dbconnection.php"); ?>
<?php
//I've done this in main.php page but also had to do it in functions.php page too...
$First_Name = $_POST['first_name'];
$Last_Name = $_POST['last_name'];
$Phone_Number = $_POST['phone_number'];
$E_Mail = $_POST['email'];
$User_ID = $_POST['user_id'];
?>
<?php $user_id_validation = validate_user_id($User_ID); ?>
<?php $phone_number_validation = validate_phone_number(); ?>
<?php $all_fields_validation = validate_all_fields(); ?>
<?php
//This is dbconnection.php page
define("DB_SERVER", "localhost");
define("DB_USER", "root");
define("DB_PASS", "some_password");
define("DB_NAME", "some_db");
$connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME); //This $connection has been used as global in function.php
if(mysqli_connect_errno()) {
die("Database connection failed: " .
mysqli_connect_error() .
" (" . mysqli_connect_errno() . ")"
);
}
?>
<?php
//This is functions.php
function validate_user_id($User_ID) {
global $connection;
$sql = "SELECT * FROM users WHERE user_id = '$User_ID'";
$result = mysqli_query($connection,$sql);
$num_row = mysqli_num_rows($result);
if ($num_row == 1) {
$User_ID = $num_row['user_id'];
echo "user verification passed! ";
} else {
echo "You are not authorized to perform this action! ";
}
return false;
}
function validate_phone_number() {
$Phone_Number = $_POST['phone_number'];
$check_phone_number = substr($phone_number, 0, -7); //Take first 3 digits of phone number to validate if its standard phone number
if (strlen($Phone_Number) != 10) {
echo "Invalid Phone Number";
} elseif ($check_phone_number === "740") {
echo "Phone Number is valid ";
} else {
echo "Invalid Phone Number, please check again! ";
}
}
function validate_all_fields() {
$First_Name = $_POST['first_name'];
$Last_Name = $_POST['last_name'];
$Phone_Number = $_POST['phone_number'];
$E_Mail = $_POST['email'];
$User_ID = $_POST['user_id'];
if (!empty($E_Mail)
&& !empty($Phone_Number)
&& !empty($First_Name)
&& !empty($Last_Name))
) {
echo "All fields entered, you can proceed. ";
} else {
echo "E_Mail, Phone Number, First Name and Last Name must be entered!";
}
}
// Database Insertion
function Insert_Into_Table () {
global $connection;
$First_Name = $_POST['first_name'];
$Last_Name = $_POST['last_name'];
$Phone_Number = $_POST['phone_number'];
$E_Mail = $_POST['email'];
$User_ID = $_POST['user_id'];
$sql = "INSERT INTO some_tbl(User_ID, First_Name, Last_Name, Phone_Number, E_Mail)
VALUES ('$User_ID', '$First_Name', '$Last_Name', '$Phone_Number', '$E_Mail')";
$result = mysqli_query($connection, $sql);
}
?>
嘗試這個。 我不確定您是否想要這個。
if(!is_email($email))
{
echo 'Invalid email!!';
exit();
}
elseif(!is_phone($phone))
{
echo 'Invalid Phone!!';
exit();
}
else {
//success code
}
然后創建一個名為功能is_email()
和寫驗證代碼,而返回true
,如果它是在電子郵件格式,否則返回false
is_email($email)
{
//validation code
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.