【问题标题】:Form data not inserted in database, because of wrong error handling由于错误处理错误,表单数据未插入数据库
【发布时间】:2018-07-08 10:05:45
【问题描述】:

我尝试在我的注册页面中实现表单验证。我给每个错误一个相应的名称,例如emailErr passErr repeatpassErr 变量默认为空字符串,否则当我正确提交表单时,html 代码将返回一个错误,指出存在未定义的变量。但是将错误名称定义为空字符串的问题在于,信息永远不会像我对if(!isset($emailErr, $passErr, $repeatpassErr)) 所做的那样进入数据库,因为始终设置变量。我不知道是否有另一种显示错误消息的方法,或者是否可以用另一种方式修复 if 语句。我希望你可以帮助我!

这是我的 php 代码:

<?php
session_start();

//connect to the database
require 'opendb.php';

$emailErr = $passErr = $repeatpassErr = "";

//check if a variable is set, in this case the register button
if(isset($_POST['register'])) {
    //variable declaration
    $mail = htmlspecialchars_decode($_POST['mail'], ENT_QUOTES);
    $password = $_POST['password'];
    $passwordrepeat = $_POST['passwordrepeat'];
    $province = $_POST['province'];

    //check if email input isn't blank and if provided email is valid
    if (empty($mail)) {
        $emailErr = "Vul uw e-mailadres in";
    } elseif(!filter_var($mail, FILTER_VALIDATE_EMAIL) and !empty($mail)) {
        $emailErr = "Vul een geldig e-mailadres in";
    } else {
        // prepare statement for checking whether an emailaddress is already taken
        $stmt = $db->prepare('SELECT mail FROM users WHERE mail = :mail');
        //bind the user's mail and fetch the row of the emailaddress that is the same
        $stmt->execute(array(':mail' => $mail));
        $row = $stmt->fetch(PDO::FETCH_ASSOC);
        //check if a row with an equal emailaddress can be found
        if(!empty($row['mail'])){
            $emailErr = 'Dit e-mailadres is al in gebruik';
        }
    }

    //check if password inputs aren't blank and longer than 5 characters
    if (empty($password)) {
        $passErr = "Vul uw wachtwoord in";
    } elseif(strlen($password) < 5 and !empty($password)) {
        $passErr = "Wachtwoord is te kort";
    }
    if (empty($passwordrepeat)) {
        $repeatpassErr = "Vul uw herhaalde wachtwoord in";
    } elseif(strlen($passwordrepeat) < 5 and !empty($passwordrepeat)) {
        $repeatpassErr = "Herhaalde wachtwoord is te kort";
    }

    //check if the password is equal to the repeated password
    if($password != $passwordrepeat and !empty($password) and !empty($passwordrepeat)) {
        $passErr = 'Wachtwoorden komen niet overeen';
    }

    //if (empty($province)) $error[] = "Vul uw provincie in";


    //if no error is found, execute statement
    if(!isset($emailErr, $passErr, $repeatpassErr)) {
        //hash the password
        $hashedpassword = password_hash($password, PASSWORD_DEFAULT);
        //prepare statement for the insertion of user's mail, password and province into table
        $sql = "INSERT INTO users (mail, password, province) VALUES (:mail, :password, :province)";
        $stmt = $db->prepare($sql);
        //bind the variables to the placeholder that is used to prepare the statement
        $stmt->bindValue(':mail', $mail);
        $stmt->bindValue(':password', $hashedpassword); 
        $stmt->bindValue(':province', $province);
        //execute the statement and insert account in database
        $result = $stmt->execute();
        //check if signup is succesful and create a session
        if($result){
            $_SESSION['login_user'] = $mail;
            header('Location: views.php');
            exit;
        }  
    }
}
?>

这是我的html代码:

<body>      
    <div class="container">
        <div class="register">          
            <form method="post" action="userregistration.php">  
                <h1>Sign up</h1>
                <label for="email">E-mailadres:</label><br>
                <div class="infobox">
                    <i class="fa fa-envelope"></i>
                    <input class="text-input" type="email" name="mail" placeholder="example:emailname@mail.com"><br>
                    <span class="error"><?php echo $emailErr;?></span><br>
                </div>

                <label for="password">Wachtwoord:</label><span class="passrequirements"> (minimaal 5 karakters)</span><br>
                <div class="infobox">
                    <i class="fa fa-key"></i>
                    <input class="text-input" type="password" name="password" placeholder="******"><br>
                    <span class="error"><?php echo $passErr;?></span><br>
                </div>

                <label for="password">Herhaal wachtwoord:</label><br>
                <div class="infobox">
                    <i class="fa fa-key"></i>
                    <input class="text-input" type="password" name="passwordrepeat" id="password" placeholder="******"><br>
                    <span class="error"><?php echo $repeatpassErr;?></span><br>
                </div>

                <label for="country">Provincie:</label><br>
                <div class="infobox">
                    <i class="fa fa-flag"></i>
                    <select name="province">
                        <option value="DR">Drenthe</option>
                        <option value="FL,">Flevoland</option>
                        <option value="FR">Friesland</option>
                        <option value="GE">Gelderland</option>
                        <option value="GR">Groningen</option>
                        <option value="LI">Limburg</option>
                        <option value="NB">Noord-Brabant</option>
                        <option value="NH">Noord-Holland</option>
                        <option value="OV">Overijssel</option>
                        <option value="UT">Utrecht</option>
                        <option value="ZE">Zeeland</option>
                        <option value="ZH">Zuid-Holland</option>
                    </select><br>
                </div>

                <button type="submit" class="signup-button" name="register">Registreer</button><br>
                <a class="login-link" href="userlogin.php">Ik heb al een account</a>
            </form>         
        </div>
    </div>
</body>

【问题讨论】:

  • 你为什么不检查 isset($_POST['email'], $_POST['password'] 和 $_POST['repeatPassword'] )?
  • 您正在检查变量未设置!isset($emailErr, $passErr, $repeatpassErr) ...但您将它们设置在脚本的顶部吗? $emailErr = $passErr = $repeatpassErr = "";

标签: javascript php html error-handling


【解决方案1】:

您可以使用 empty(),而不是使用 isset() 来检查是否有错误:

if(empty($emailErr) && empty($passErr) && empty($repeatpassErr)) {

这样,如果错误变量是空字符串,它将通过,但如果任何变量的值不是空字符串,则不会。

【讨论】:

    【解决方案2】:

    if 条件可能应该看起来像这样,因为isset() 将始终返回 true,当变量已初始化为空字符串时...可以使用 empty() 进行检查:

    !empty($emailErr) && !empty($passErr) && !empty($repeatpassErr)
    

    strlen():

    strlen($emailErr) == 0 && strlen($passErr) == 0 && strlen($repeatpassErr) == 0 
    

    在使用isset() 检查$_POST 字段时,建议转义任何输入;因为除了基本的字符串验证之外,根本没有输入卫生。

    一般来说,有一个数组$errors,可以将错误消息推送到其中是相当灵活的,同时可以检查类似的错误:if(sizeof($errors) == 0) {}

    【讨论】:

    • 使用 isset,来自您引用的同一链接:bool isset (mixed $var [, mixed $...])
    • @LucasBorges 是的,它接受多个参数,但链接的另一个引用:If multiple parameters are supplied then isset() will return TRUE only if all of the parameters are set. 这意味着当你用! 否定它时,逻辑不会按照 OP 的要求应用。
    • "虽然我还没写完答案。" ...不要这么快回答你发表一个不完整的想法?
    • 有些人可能没有什么比这更好的办法来等待拒绝投票的答案了......而我只需要再为 PHP 徽章 +1 一个,这很糟糕。
    • 感谢您的帮助!是的,我仍然需要防止 sql 注入 btw :)。我不明白为什么人们会立即投反对票,而这是一个很好的答案——不幸的是我还不能投赞成票:/
    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 2023-04-11
    • 2019-06-18
    • 1970-01-01
    • 2017-08-17
    • 2013-01-27
    • 2023-03-24
    • 1970-01-01
    相关资源
    最近更新 更多