我在尝试检查这两个输入 uname 和 passwod 时遇到了麻烦。我可以让一个单独工作,但是当我尝试将它们都传递回来时,我不断收到错误。
<?php
// define variables and set to empty values
$usernameErr="";
$passwordErr="";
$username= "";
$password="";
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST["uname"]))
{
$usernameErr = " username is required <br>";
print $usernameErr;
}
else
{
$username = checkUserData($username);
}
if (empty($_POST["passwd"]))
{
$passwordErr = " password is required <br>";
print $passwordErr;
}
else
{
$password = checkUserData($password);
}
}
问题就在这里。我正在向下检查数据以阻止攻击。我尝试了多种方法将它们连接在一起,但一切都失败了。
function checkUserData($username)
{
$username = htmlspecialchars($username);
$username = trim($username);
$username = stripslashes($username);
return $username;
}
function checkUserData($password)
{
$password = htmlspecialchars($password);
$password = trim($password);
$password = stripslashes($password);
return $password;
}
我打印只是为了检查它是否正常工作。
print ("welcome " .checkUserData($_POST["uname"]));
print ("welcome " .checkUserData($_POST["passwd"]));
?>
任何帮助都会很棒。
最佳答案
两个函数都在做同样的事情,所以概括它们
function SanitizeData($var)
{
$var= htmlspecialchars($var);
$var= trim($var);
$var= stripslashes($var);
return $var;
}
现在在您的检查过程中调用
$username = SanitizeData($_POST["uname"]);
或者
$password = SanitizeData($_POST["passwd"]);
Although this sanitization is unnecessary at best and destructive at worst if you are going to use these fields in a query, it would be better to use a parameterized query and the PDO database extension.
关于javascript - php 网站验证不起作用?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36663679/