[英]PHP Validation from database
我正在從事一個項目,並且停留在注冊頁面上。 我要驗證是否:
目前,在我的代碼中,我已經添加了對手機號碼的驗證,並且可以正常工作。 但是用戶名和電子郵件部分我不了解如何實現。 請幫我解決我的問題。
這是我的代碼。
<?php
$msg = '';
if(isset($_POST['register']))
{
$uname = (!empty($_POST['username']))?$_POST['username']:null;
$pass = (!empty($_POST['pass']))?$_POST['pass']:null;
$cpass = (!empty($_POST['cpass']))?$_POST['cpass']:null;
$fname = (!empty($_POST['fname']))?$_POST['fname']:null;
$lname = (!empty($_POST['lname']))?$_POST['lname']:null;
$email = (!empty($_POST['email']))?$_POST['email']:null;
$mobile = (!empty($_POST['mobile']))?$_POST['mobile']:null;
if($uname == '' || $pass == '' || $cpass == '' || $fname == '' || $lname == '' || $email == '' || $mobile == ''){
$msg = "<font color='red'>Fields cannot be empty</font>";
}else if(strlen($uname)<5){
$msg = "<font color='red'>Username must be at least 5 characters long</font>";
}else if(strlen($pass)<6 && strlen($cpass)<6){
$msg = "<font color='red'>Password must be at least 6 characters long</font>";
}else if($pass != $cpass){
$msg = "<font color='red'>Passwords are not matching</font>";
}else if(!is_numeric($mobile)){
$msg = "<font color='red'>Mobile number should contain only numbers</font>";
}else if(strlen($mobile)<10){
$msg = "<font color='red'>Mobile number should be at least 10 characters long</font>";
}else{
$query = "SELECT user_mobile FROM user_reg WHERE user_mobile = '".$mobile."'";
$query1 = mysql_query($query) or die(mysql_error());
$num_rows = mysql_num_rows($query1);
$row = mysql_fetch_array($query1);
if($num_rows > 0)
{
$msg = "<font color='red'>Mobile number already exists. Please try again...</font>";
}
else{
$str = "INSERT INTO user_reg(user_email, user_uname, user_pass, user_fname, user_lname, user_mobile)VALUES('$email','$uname','$pass','$fname','$lname','$mobile')";
$sql = mysql_query($str) or die(mysql_error());
if($sql){
$msg = "<font color='green'>Regstration successfull. Please Login to use your account.</font>";
}else{
$msg = "<font color='red'>Sorry.. There are some errors. Please fix them before you continue.</font>";
}
}
}
}
?>
HTML部分。
<div class="reg-box"><br />
<center>
<?php echo $msg; ?>
</center>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<div>
<label>Username</label>
<input type="text" name="username" value="" class="a-text" />
</div>
<div>
<label>Password</label>
<input type="password" name="pass" value="" class="a-text" />
</div>
<div>
<label>Confirm Password</label>
<input type="password" name="cpass" value="" class="a-text" />
</div>
<div>
<label>First Name</label>
<input type="text" name="fname" value="" class="a-text" />
</div>
<div>
<label>Last Name</label>
<input type="text" name="lname" value="" class="a-text" />
</div>
<div>
<label>Email</label>
<input type="email" name="email" value="" class="a-text" />
</div>
<div>
<label>Mobile</label>
<input type="text" name="mobile" value="" class="a-text" maxlength="10" />
</div>
<input type="submit" name="register" value="Register" class="button" id="button-left" />
</form>
</div>
我該怎么做添加用戶名和電子郵件驗證? 請幫幫我。
注釋中已經指出,您的代碼不安全。
要回答這個問題,請使用以下命令:
$query = "SELECT * FROM user_reg
WHERE user_mobile = '".$mobile."'
AND user_email = '$email'
AND user_uname = '$uname'
";
這將適合所有條件。
您可以使用OR
或混合使用這些條件,以檢查“任何”條件。 我將讓您決定應滿足哪些條件。
腳注 :
您當前的代碼可以進行SQL注入 。 將mysqli
與預處理語句配合使用,或將PDO與預處理語句配合使用 , 則更加安全 。
密碼:
我注意到您可能以純文本形式存儲密碼。 如果是這種情況,強烈建議不要這樣做。
但是,我尚未使用MD5加密,以后將使用它。
另外,您曾提到要在注釋中使用MD5。 不要使用它。 它已經過時,不再安全用作密碼哈希/存儲方法。
我建議您使用CRYPT_BLOWFISH或PHP 5.5的password_hash()
函數。 對於PHP <5.5,使用password_hash() compatibility pack
。
@Jha,看來您很困惑。 h,我知道,有點奇怪。 但是如果我是你,我會經過:
<?php
$msg = '';
if (isset($_POST['register'])) {
$uname = (!empty($_POST['username'])) ? $_POST['username'] : null;
$pass = (!empty($_POST['pass'])) ? $_POST['pass'] : null;
$cpass = (!empty($_POST['cpass'])) ? $_POST['cpass'] : null;
$fname = (!empty($_POST['fname'])) ? $_POST['fname'] : null;
$lname = (!empty($_POST['lname'])) ?$_POST['lname'] : null;
$email = (!empty($_POST['email'])) ?$_POST['email'] : null;
$mobile = (!empty($_POST['mobile'])) ?$_POST['mobile'] : null;
if ($uname == '' || $pass == '' || $cpass == '' || $fname == '' || $lname == '' || $email == '' || $mobile == '') {
$msg = "<font color='red'>Fields cannot be empty</font>";
} else if (strlen($uname) < 5) {
$msg = "<font color='red'>Username must be at least 5 characters long</font>";
} else if (strlen($pass) < 6 && strlen($cpass) < 6) {
$msg = "<font color='red'>Password must be at least 6 characters long</font>";
} else if ($pass != $cpass) {
$msg = "<font color='red'>Passwords are not matching</font>";
} else if (!is_numeric($mobile)) {
$msg = "<font color='red'>Mobile number should contain only numbers</font>";
} else if (strlen($mobile) < 10) {
$msg = "<font color='red'>Mobile number should be at least 10 characters long</font>";
} else {
//query for mobile validation
$m_sql = "SELECT user_mobile FROM user_reg WHERE user_mobile = '".$mobile."'";
$m_query = mysql_query($m_sql) or die(mysql_error());
$m_num_rows = mysql_num_rows($m_query);
$m_row = mysql_fetch_array($m_query);
//query for username validation
$u_sql = "SELECT user_mobile FROM user_reg WHERE user_mobile = '".$uname."'";
$u_query = mysql_query($u_sql) or die(mysql_error());
$u_num_rows = mysql_num_rows($u_query);
$u_row = mysql_fetch_array($u_query);
//query for email validation
$e_sql = "SELECT user_email FROM user_reg WHERE user_mobile = '".$email."'";
$e_query = mysql_query($e_sql) or die(mysql_error());
$e_num_rows = mysql_num_rows($e_query);
$e_row = mysql_fetch_array($e_query);
if ($m_num_rows > 0) {
$msg = "<font color='red'>Mobile number already exists. Please try again...</font>";
} else if ($u_num_rows > 0) {
$msg = "<font color='red'>Username already exists. Please choose a unique one...</font>";
} else if ($e_num_rows > 0) {
$msg = "<font color='red'>Email already exists. Please choose a unique one...</font>";
} else {
$str = "INSERT INTO user_reg(user_email, user_uname, user_pass, user_fname, user_lname, user_mobile)VALUES('$email','$uname','$pass','$fname','$lname','$mobile')";
$sql = mysql_query($str) or die(mysql_error());
if ($sql) {
$msg = "<font color='green'>Regstration successfull. Please Login to use your account.</font>";
} else {
$msg = "<font color='red'>Sorry.. There are some errors. Please fix them before you continue.</font>";
}
}
}
}
?>
除了修復代碼以使其不易受到SQL注入攻擊外,還應更改查詢以使用OR運算符同時檢查所有三個輸入。
$query = "SELECT * FROM user_reg WHERE user_mobile = '".$mobile."' OR user_uname = '".$uname."' OR user_email = '".$email."'";
然后,如果確實有任何點擊,您可以檢查一下它是什么:
if($query1->num_rows > 0){
while($field = $query1->fetch_assoc()){
if($field['user_mobile'] === $mobile){
$msg = $msg . "<font color='red'> Mobile number already exists. Please try again...</font>";
}
if($field['user_email'] === $email){
$msg = $msg . "<font color='red'> Email already exists. Please choose a unique one...</font>";
}
if($field['user_uname'] === $uname){
$msg = $msg . "<font color='red'> Username already exists. Please choose a unique one...</font>";
}
}
}
但是就像其他人說的那樣,您將想要切換為使用MySQLi或PDO_MySQL
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.