当我单击“注册”按钮时,我希望将页面重定向到 server.php,以便它可以运行验证(名为 reg_user)。
但是当按钮被点击时,页面只是刷新为同样的东西。未显示任何验证/错误消息。
下面是我的 server.php 的代码,其中我已经说明了我想要进行的所有验证:
<?php
session_start();
// initializing variables
$name = "";
$email = "";
$username = "";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', 'root', 'register');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$name = mysqli_real_escape_string($db, $_POST['name']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$username = mysqli_real_escape_string($db, $_POST['username']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($name)) { array_push($errors, "Full name is required");
}
if (empty($email)) { array_push($errors, "Email is required");
}
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}
// ...
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
下面是注册用户的html页面:
<?php include('server.php') ?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Register</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="css/util.css">
<link rel="stylesheet" type="text/css" href="css/main.css">
</head>
<body style="background-color: #999999;">
<div class="header">
<div class="limiter">
<div class="container-login100">
<div class="login100-more" style="background-image: url('images/bg-01.jpg');"></div>
<div class="wrap-login100 p-l-50 p-r-50 p-t-72 p-b-50">
<form class="login100-form validate-form">
<span class="login100-form-title p-b-59">
Sign Up
</span>
<form method="post" action="register.php">
<?php include('errors.php'); ?>
<div class="wrap-input100 validate-input">
<span class="label-input100">Full Name</span>
<input class="input100" type="text" name="name" placeholder="Name...">
<span class="focus-input100"></span>
</div>
<!------------------------------------------->
<div class="wrap-input100 validate-input">
<span class="label-input100">Email</span>
<input class="input100" type="text" name="email" placeholder="Email addess...">
<span class="focus-input100"></span>
</div>
<!------------------------------------------->
<div class="wrap-input100 validate-input">
<span class="label-input100">Username</span>
<input class="input100" type="text" name="username" placeholder="Username...">
<span class="focus-input100"></span>
</div>
<!------------------------------------------->
<div class="wrap-input100 validate-input">
<span class="label-input100">Password</span>
<input class="input100" type="password" name="password_1" placeholder="*************">
<span class="focus-input100"></span>
</div>
<!------------------------------------------->
<div class="wrap-input100 validate-input">
<span class="label-input100">Repeat Password</span>
<input class="input100" type="password" name="password_2" placeholder="*************">
<span class="focus-input100"></span>
</div>
<!------------------------------------------->
<div class="flex-m w-full p-b-33">
<div class="contact100-form-checkbox">
<input class="input-checkbox100" id="ckb1" type="checkbox" name="remember-me">
<label class="label-checkbox100" for="ckb1">
<span class="txt1">
I agree to the
<a href="#" class="txt2 hov1">
Terms of User
</a>
</span>
</label>
</div>
</div>
<div class="container-login100-form-btn">
<div class="wrap-login100-form-btn">
<div class="login100-form-bgbtn" ></div>
<button type = "submit" class="login100-form-btn" name="reg_user">
Sign Up
</button>
</div>
<a href="register.php" class="dis-block txt3 hov1 p-r-30 p-t-10 p-b-10 p-l-30">
Sign in
<i class="fa fa-long-arrow-right m-l-5"></i>
</a>
</div>
</form>
</form>
</div>
</div>
</div>
</div>
</body>
</html>
<!-- ===============================================================================================-->
<!--<script src="vendor/jquery/jquery-3.2.1.min.js"></script>
<!--===============================================================================================-->
<!--<script src="vendor/animsition/js/animsition.min.js"></script>
<!--===============================================================================================-->
<!--<script src="vendor/bootstrap/js/popper.js"></script>
<script src="vendor/bootstrap/js/bootstrap.min.js"></script>
<!--===============================================================================================-->
<!--<script src="vendor/select2/select2.min.js"></script>-->
<!--===============================================================================================-->
<!--<script src="vendor/daterangepicker/moment.min.js"></script>
<script src="vendor/daterangepicker/daterangepicker.js"></script>
<!--===============================================================================================-->
<!--<script src="vendor/countdowntime/countdowntime.js"></script>
<!--===============================================================================================-->
<!--<script src="js/main.js"></script>
</body>
</html>
我正在使用 mysql 创建一个名为“register”的数据库,该数据库有一个名为“users”的表,其中包含名称、用户名、电子邮件和密码字段。
提前致谢!
最佳答案
在表单提交上使用 Post Requests 实际上是一个很好的做法。这通常更安全! 以下是您需要对表单标记进行的更改,以便您重定向到 server.php 并通过 Post 请求将数据发送到那里。
替换:
<form class="login100-form validate-form">
与:
<form action="server.php" method="post" class="login100-form validate-form">
据我所知,您发送的是姓名、电子邮件、用户名、password_1、password_2、reg_user 作为请求参数。在其顶部的 server.php 文件中进行一些验证是个好主意。
<?php
if(!isset($_POST['name']) or !isset($_POST['email']) or !isset($_POST['username'])
or !isset($_POST['password_1']) or !isset($_POST['password_2']) or
!isset($_POST['reg_user']) or $_SERVER['REQUEST_METHOD'] !== 'POST'){
//redirect to an unauthorized page or something eg...
header("Location: unauthorized.php");
exit;
}
这样你也只允许访问 POST 请求。
$_POST 对象拥有所有的请求数据。
$username = $_POST['username'];
$email = $_POST['email'];
//ect...
关于提到的 SQL 注入(inject) RiggsFolly,您需要稍微更改您的代码,使其看起来像这样:
$stmt = $dbh->prepare("SELECT * FROM users WHERE username=? OR email=? LIMIT 1");
if ($stmt->execute(array($_POST['username'], $_POST['email']))) {
while ($row = $stmt->fetch()) {
print_r($row);
}
}
关于php - 验证不适用于注册表单,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49950123/