php - 当用户输入错误时 PHP 代码成功完成
问题描述
我正在编写的应用程序中的这段代码有问题:
<?php
session_start();
include('api/dbconnect.php');
$msg = "";
if(isset($_POST['register-submit'])) {
// Now we check if the data was submitted, isset() function will check if the data exists.
if (!isset($_POST['first_name'], $_POST['last_name'], $_POST['email'], $_POST['username'], $_POST['password'])) {
// Could not get the data that should have been sent.
$msg = 'Please complete the registration form';
}
// Make sure the submitted registration values are not empty.
if (empty($_POST['first_name']) ||
empty($_POST['last_name']) ||
/* empty($_POST['email']) || */
empty($_POST['username']) ||
empty($_POST['password'])) {
// One or more values are empty.
$msg = 'All fields are required for the form to be submitted';
}
/*if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
die ('The email address provided is invalid');
}*/
if (preg_match('/[A-Za-z0-9]+/', $_POST['username']) == 0) {
$msg = 'The username provided is invalid';
}
if (strlen($_POST['password']) > 20 || strlen($_POST['password']) < 5) {
$msg = 'Password must be between 5 and 20 characters';
}
if ($_POST['password'] != $_POST['confirm_pwd']) {
$msg = 'The two password provided do not match.';
}
// We need to check if the account with that username exists.
if ($stmt = $pdo->prepare('SELECT id, password FROM users WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$stmt->bindParam(1, $_POST['username']);
$stmt->execute();
// Store the result so we can check if the account exists in the database.
if ($stmt->num_rows > 0) {
// Username already exists
$msg = 'Another account with this username already exists';
} else {
// Username doesn’t exist, insert new account
if ($stmt = $pdo->prepare('INSERT INTO users (first_name, last_name, email, username, password) VALUES (?, ?, ?, ?, ?)')) {
// We do not want to expose passwords in our database, so hash the password and use password_verify when a user logs in.
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$stmt->bindParam(1, $_POST['first_name']);
$stmt->bindParam(2, $_POST['last_name']);
$stmt->bindParam(3, $_POST['email']);
$stmt->bindParam(4, $_POST['username']);
$stmt->bindParam(5, $password);
$stmt->execute();
header('Location: users.php');
} else {
// Something is wrong with the SQL statement. Check to make sure the users table exists with all three fields.
$msg = 'There was a problem creating this account. Contact your Network Administrator.';
}
}
$stmt->close();
}
else {
// Something is wrong with the SQL statement. Check to make sure the users table exists with all 3 fields.
$msg = 'There was a problem creating this account. Contact your network administrator.';
}
//$con->close();
}
?>
此代码应该创建一个新用户并将其添加到 MySQL 表中。该代码正在运行,但即使它是故意的,该代码也不会产生错误。比如我输入了两个不同的密码,那么代码就认为没有问题,所以就成功完成了注册。到处都有一个$msg
变量,代码需要停止并重新加载页面以在 HTML 表单中显示错误,以便用户可以更正它,但它不起作用。
我在代码中没有看到什么?
这是代码所属的 HTML 表单:
<form class="user" method="post" action="user_new.php">
<div class="custom-control small">
<strong class="text-danger"><?php echo $msg; ?></strong>
</div>
<div class="form-group row">
<div class="col-sm-6 mb-3 mb-sm-0">
<input type="text" class="form-control form-control-user" id="first_name" name="first_name" placeholder="First Name" autocomplete="off" required>
</div>
<div class="col-sm-6">
<input type="text" class="form-control form-control-user" id="last_name" name="last_name" placeholder="Last Name" autocomplete="off" required>
</div>
</div>
<div class="form-group row">
<div class="col-sm-6 mb-3 mb-sm-0">
<input type="email" class="form-control form-control-user" id="email" name="email" placeholder="Email Address (optional)" autocomplete="off">
</div>
<div class="col-sm-6">
<input type="text" class="form-control form-control-user" id="username" name="username" placeholder="Username" autocomplete="off" required>
</div>
</div>
<div class="form-group row">
<div class="col-sm-6 mb-3 mb-sm-0">
<input type="password" class="form-control form-control-user" id="password" name="password" placeholder="Password" autocomplete="off" required>
</div>
<div class="col-sm-6">
<input type="password" class="form-control form-control-user" id="confirm_pwd" name="confirm_pwd" placeholder="Confirm Password" autocomplete="off" required>
</div>
</div>
<button type="submit" name="register-submit" class="btn btn-primary btn-user btn-block" style="background-color: #a40000; border-color: #a40000;">Create User Account</button>
<hr>
<a href="users.php" class="btn btn-warning btn-user btn-block" style="background-color: #2658a8; border-color: #2658a8;">Return to Users</a>
</form>
解决方案
您的代码有一些需要注意的地方。
关于第 1 点的旁注,请参阅下面的“附加说明”。
$msg
<你没有对那个变量做任何事情。它们只是变量声明。您可以在要回显该变量的页面上回显该变量并在其后添加exit;
以使其停止执行。num_rows
是一个 mysqli_ 函数。您不能将其与 PDO 混合使用。您可以使用rowCount()
orfetchColumn()
与if ($stmt->rowCount() > 0){...}
.或与
fetchColumn()
:$if_row = $stmt->fetchColumn(); if ($if_row > 0) { $msg = "A record exists."; }
exit;
在每个标题后添加一个。否则,您的代码可能希望继续走得更远。注意:由于您使用的是标头进行重定向,因此请确保您没有在标头之前输出,否则会失败。
补充说明:
使用if ($stmt = $pdo->prepare....){...}
可能不是一个好主意,因为这可能会默默地过早地失败。我会“不”使它成为条件语句,然后检查是否存在一行并从那里处理错误。
另外,您<?php echo $msg; ?>
的表单内部可能会抛出未定义的变量消息。您可以为其使用三元运算符或标准if/else
.
例如:
<?php if(!empty($msg)) { echo $msg; } ?>
推荐阅读
- android - Flutter - 将图像从一个页面来回推送到另一个页面
- r - 为什么 lubridate::mdy() 在我的输入中缺少日期时会添加日期?
- swift - 在 swift 中使用“PDFGenerator”生成 pdf
- git - 如何从 Windows 中删除 Homebrew?
- visual-studio - 从 Visual Studio 和 TFS 管理控制台连接到 TFS 服务器更改公共 URL 测试抛出错误 TF400324
- ffmpeg - 使用 HLS m3u8 或 DASH mpd 作为 ffmpeg 输入:寻求性能
- c# - 从 .NetNative DLL 导出函数
- r - 如何在另一列中获取具有特定值的对应列?
- javascript - jQuery File Tree 始终使用根文件夹作为选定文件夹
- ruby-on-rails - Rails 6:如何使用