发现问题:
- 第一行代码错误:
<? php。然后 php 文件像文本文件一样呈现代码。正确:<?php。
-
if 语句中的第二个!preg_match... 之前是错误字符(。正确:将被删除。
- 在php代码中,写注释行时不以
//开头,或在/* ... */之外,会出现错误。
- 错误:
$POST['submit']。 HTTP POST 方法的正确全局变量名为$_POST。所以,正确的代码是:$_POST['submit']。
- 如果你定义了
<button>Sign Up</button>,那么你必须给它一个名字(比如<button name="submit">Sign Up</button>),以便能够通过if (isset($_POST['submit'])) {...}引用它。
- 错误:
.../abc/xyz.php。正确:../abc/xyz.php。
- 错误:
if (... || empty($email) || ($password)) {...}。正确:if (... || empty($email) || empty($password)) {...}。
建议:
- 将php处理代码放在
signup.php,而不是signup.func.php,并相应更改。那么,表单的 action 属性将是 signup.php,或者对于 HTML5 是 ""。这样,当注册处理成功时(例如到login.php 页面),您可以直接(例如在现场)向用户显示任何消息,并且最终只执行一次重定向。
- 应用一个好的error reporting系统,以便查看并相应处理php引擎可能抛出的错误和异常。专门针对 mysqli:here。对于 PDO here。
- 开始使用所谓的prepared statements,以防止SQL injection。阅读 this 小而有效的文章。
- 开始使用面向对象的 mysqli 扩展而不是过程扩展 - 每个 mysqli 函数都有两种形式的 php.net 文档。更好的是:开始使用 PDO extension 而不是 mysqli。这里(同上)tutorial。
承诺的替代代码(使用面向对象的 mysqli)
它包括我上面的建议。按原样运行它以测试它。但是先改变表结构(见标题Used table structure下面),改变connection.php中的db凭证(见标题includes/connection.php em> 下面)并按照下面代码部分的标题创建文件系统结构。
要从 production 环境(当错误未显示在屏幕上)切换到 development 环境(当所有引发的错误都显示在屏幕上),只需更改从 'prod' 到 'dev' 并返回的常量 APP_ENV 的值(在 handlers.php 中) (见标题includes/handlers.php)。然后,为了测试它,例如,将表名“users”重命名为另一个错误的名称。或者将两条sql语句中的第一个设置为NULL:$sql = NULL;。
signup.php
<?php
require 'includes/handlers.php';
require 'includes/connection.php';
// Signalize if a new account could be created, or not.
$accountCreated = FALSE;
/*
* ====================================
* Operations upon form submission.
* ====================================
*/
if (isset($_POST['submit'])) {
/*
* ====================================
* Read the posted values.
* ====================================
*/
$firstName = isset($_POST['firstName']) ? $_POST['firstName'] : '';
$lastName = isset($_POST['lastName']) ? $_POST['lastName'] : '';
$email = isset($_POST['email']) ? $_POST['email'] : '';
$username = isset($_POST['username']) ? $_POST['username'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
/*
* ====================================
* Validate all posted values together.
* ====================================
*/
if (empty($firstName) && empty($lastName) && empty($email) && empty($username) && empty($password)) {
$errors[] = 'All values are mandatory. Please provide them.';
}
/*
* ====================================
* Validate each value separately.
* ====================================
*/
if (!isset($errors)) {
// Validate the first name.
if (empty($firstName)) {
$errors[] = 'Please provide a first name.';
} elseif (!preg_match('/^[a-zA-Z]*$/', $firstName)) {
$errors[] = 'The first name contains invalid characters.';
} /* Other validations here using elseif statements */
// Validate the last name.
if (empty($lastName)) {
$errors[] = 'Please provide a last name.';
} elseif (!preg_match('/^[a-zA-Z]*$/', $lastName)) {
$errors[] = 'The last name contains invalid characters.';
} /* Other validations here using elseif statements */
// Validate the email.
if (empty($email)) {
$errors[] = 'Please provide an email address.';
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors[] = 'The email address is not in a valid format.';
} /* Other validations here using elseif statements */
// Validate the username.
if (empty($username)) {
$errors[] = 'Please provide a username.';
} /* Other validations here using elseif statements */
// Validate the password.
if (empty($password)) {
$errors[] = 'Please provide a password.';
} /* Other validations here using elseif statements */
}
/*
* ====================================
* Check if user exists. Save if not.
* ====================================
*/
if (!isset($errors)) {
/*
* ====================================
* Check if user already exists.
* ====================================
*/
/*
* The SQL statement to be prepared. Notice the so-called markers,
* e.g. the "?" signs. They will be replaced later with the
* corresponding values when using mysqli_stmt::bind_param.
*
* @link http://php.net/manual/en/mysqli.prepare.php
*/
$sql = 'SELECT COUNT(*)
FROM users
WHERE username = ?';
/*
* Prepare the SQL statement for execution - ONLY ONCE.
*
* @link http://php.net/manual/en/mysqli.prepare.php
*/
$statement = $connection->prepare($sql);
/*
* Bind variables for the parameter markers (?) in the
* SQL statement that was passed to prepare(). The first
* argument of bind_param() is a string that contains one
* or more characters which specify the types for the
* corresponding bind variables.
*
* @link http://php.net/manual/en/mysqli-stmt.bind-param.php
*/
$statement->bind_param('s', $username);
/*
* Execute the prepared SQL statement.
* When executed any parameter markers which exist will
* automatically be replaced with the appropriate data.
*
* @link http://php.net/manual/en/mysqli-stmt.execute.php
*/
$statement->execute();
/*
* Transfer the result set resulted from executing the prepared statement.
* E.g. store, e.g. buffer the result set into the (same) prepared statement.
*
* @link http://php.net/manual/en/mysqli-stmt.store-result.php
* @link https://stackoverflow.com/questions/8321096/call-to-undefined-method-mysqli-stmtget-result
*/
$statement->store_result();
/*
* Bind the result set columns to corresponding variables.
* E.g. these variables will hold the column values after fetching.
*
* @link http://php.net/manual/en/mysqli-stmt.bind-result.php
*/
$statement->bind_result($numberOfFoundUsers);
/*
* Fetch the results from the result set (of the prepared statement) into the bound variables.
*
* @link http://php.net/manual/en/mysqli-stmt.fetch.php
*/
$statement->fetch();
/*
* Free the stored result memory associated with the statement,
* which was allocated by mysqli_stmt::store_result.
*
* @link http://php.net/manual/en/mysqli-result.free.php
*/
$statement->free_result();
/*
* Close the prepared statement. It also deallocates the statement handle.
* If the statement has pending or unread results, it cancels them
* so that the next query can be executed.
*
* @link http://php.net/manual/en/mysqli-stmt.close.php
*/
$statement->close();
if ($numberOfFoundUsers > 0) {
$errors[] = 'The given username already exists. Please choose another one.';
} else {
/*
* ====================================
* Save a new user account.
* ====================================
*/
// Create a password hash.
$passwordHash = password_hash($password, PASSWORD_BCRYPT);
$sql = 'INSERT INTO users (
first_name,
last_name,
email,
username,
password
) VALUES (
?, ?, ?, ?, ?
)';
$statement = $connection->prepare($sql);
$statement->bind_param('sssss', $firstName, $lastName, $email, $username, $passwordHash);
$statement->execute();
// Signalize that a new account was successfully created.
$accountCreated = TRUE;
// Reset all values so that they are not shown in the form anymore.
$firstName = $lastName = $email = $username = $password = NULL;
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes" />
<meta charset="UTF-8" />
<!-- The above 3 meta tags must come first in the head -->
<title>Demo - Sign Up </title>
<!--<link href="assets/images/favicon.ico" rel="icon" type="image/png" />-->
<!-- CSS assets -->
<link href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800" rel="stylesheet">
<link href="https://fonts.googleapis.com/css?family=Roboto+Condensed:300,400,700" rel="stylesheet">
<link href="assets/css/app.css" type="text/css" rel="stylesheet">
<link href="assets/css/signup.css" type="text/css" rel="stylesheet">
<!-- JS assets -->
<script src="https://code.jquery.com/jquery-3.2.1.min.js" type="text/javascript"></script>
</head>
<body>
<div class="page-container">
<nav class="navbar">
<ul class="navbar-nav">
<li>
<a href="#">Home</a>
</li>
<li>
<a href="#">About Us</a>
</li>
<li>
<a href="#">Login</a>
</li>
<li>
<a href="signup.php" class="active">Sign Up</a>
</li>
</ul>
</nav>
<header class="page-header">
<h2 class="page-title">
Sign Up
</h2>
<div class="page-subtitle">
Hello. We are happy to see you here. Please fill in the form to register.
</div>
</header>
<section class="page-content">
<section class="form-container-outer">
<section class="form-container-inner">
<?php
if (isset($errors)) {
?>
<div class="messages danger">
<?php echo implode('<br/>', $errors); ?>
</div>
<?php
} elseif ($accountCreated) {
?>
<div class="messages success">
You have successfully created your account.
<br/>Would you like to <a href="#">login</a> now?
</div>
<?php
}
?>
<form id="signup-form" action="" method="post">
<div class="form-group">
<label for="firstName">First Name <span class="mandatory">*</span></label>
<input type="text" id="firstName" name="firstName" value="<?php echo isset($firstName) ? $firstName : ''; ?>" placeholder="First Name" required>
</div>
<div class="form-group">
<label for="lastName">Last Name <span class="mandatory">*</span></label>
<input type="text" id="lastName" name="lastName" value="<?php echo isset($lastName) ? $lastName : ''; ?>" placeholder="Last Name" required>
</div>
<div class="form-group">
<label for="email">Email <span class="mandatory">*</span></label>
<input type="email" id="email" name="email" value="<?php echo isset($email) ? $email : ''; ?>" placeholder="Email" required>
</div>
<div class="form-group">
<label for="username">Username <span class="mandatory">*</span></label>
<input type="text" id="username" name="username" value="<?php echo isset($username) ? $username : ''; ?>" placeholder="Username" required>
</div>
<div class="form-group">
<label for="password">Password <span class="mandatory">*</span></label>
<input type="password" id="password" name="password" value="<?php echo isset($password) ? $password : ''; ?>" placeholder="Password" required>
</div>
<button type="submit" id="signupButton" name="submit" value="signup">
Create account
</button>
</form>
</section>
</section>
</section>
<footer class="footer">
© <?php echo date('Y'); ?> <a href="#" title="Demo">Demo</a>. All rights reserved.
</footer>
</div>
</body>
</html>
包括/connection.php
<?php
/*
* This page contains the code for creating a mysqli connection instance.
*/
// Db configs.
define('HOST', 'localhost');
define('PORT', 3306);
define('DATABASE', 'tests');
define('USERNAME', 'root');
define('PASSWORD', 'root');
/*
* Enable internal report functions. This enables the exception handling,
* e.g. mysqli will not throw PHP warnings anymore, but mysqli exceptions
* (mysqli_sql_exception).
*
* MYSQLI_REPORT_ERROR: Report errors from mysqli function calls.
* MYSQLI_REPORT_STRICT: Throw a mysqli_sql_exception for errors instead of warnings.
*
* @link http://php.net/manual/en/class.mysqli-driver.php
* @link http://php.net/manual/en/mysqli-driver.report-mode.php
* @link http://php.net/manual/en/mysqli.constants.php
*/
$mysqliDriver = new mysqli_driver();
$mysqliDriver->report_mode = (MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
/*
* Create a new db connection.
*
* @see http://php.net/manual/en/mysqli.construct.php
*/
$connection = new mysqli(HOST, USERNAME, PASSWORD, DATABASE, PORT);
包括/handlers.php
<?php
/*
* Include this page in all PHP pages of the application.
*
* This page contains:
* - The APP_ENV constant, used to decide in which environment this application runs.
* - The functions for handling all the errors, or exceptions, raised by the application.
* - The code for setting them as error/exception handlers.
* - The code deciding if the errors should be displayed on the screen. The errors
* display MUST be activated ONLY in the development stage of the application. When
* the website goes live, ALL ERRORS must be written in a/the log file and NO ERRORS
* should be displayed on screen, but only a general, user-friendly message, or a
* custom error page.
*/
/*
* Decide in which environment this application runs. Possible values:
* - 'prod' (app in production, e.g. live). The errors are not displayed, but only logged.
* - 'dev' (app in development). The errors are displayed on screen and logged.
* - 'test' (app in tests). Same as 'dev'.
* - etc.
*/
define('APP_ENV', 'dev');
// Activate the errors/exceptions logging.
ini_set('log_errors', 1);
// Set the error reporting level: report all errors.
error_reporting(E_ALL);
// Decide how to handle the errors/exceptions.
if (APP_ENV === 'prod') { // App in production, e.g. live.
// DON'T display the errors/exceptions on the screen.
ini_set('display_errors', 0);
// Set the handler functions.
set_error_handler('errorHandler');
set_exception_handler('exceptionHandler');
} else { // App in development, tests, etc.
// Display the errors/exceptions on the screen.
ini_set('display_errors', 1);
}
/**
* Error handler:
* - Print a user-friendly message, or show a custom error page.
* - Log the error.
*
* @link http://php.net/manual/en/function.set-error-handler.php set_error_handler.
* @param int $errno
* @param string $errstr
* @param string $errfile
* @param int $errline
*/
function errorHandler($errno, $errstr, $errfile, $errline) {
echo 'An error occurred during your request. Please try again, or contact us.';
error_log('Error ' . $errno . ' - ' . $errstr . ' in file ' . $errfile . ' on line ' . $errline);
exit();
}
/**
* Exception handler:
* - Print a user-friendly message, or show a custom error page.
* - Log the error.
*
* @link http://php.net/manual/en/function.set-exception-handler.php set_exception_handler.
* @param Exception $exception
*/
function exceptionHandler($exception) {
echo 'An error occurred during your request. Please try again, or contact us.';
error_log('Exception ' . $exception->getCode() . ' - ' . $exception->getMessage() . ' in file ' . $exception->getFile() . ' on line ' . $exception->getLine());
exit();
}
assets/css/app.css
/***************************************/
/* Base settings */
/***************************************/
html {
-moz-box-sizing: border-box;
-webkit-box-sizing: border-box;
box-sizing: border-box;
}
*, *:before, *:after {
-moz-box-sizing: inherit;
-webkit-box-sizing: inherit;
box-sizing: inherit;
}
/* Font size: 100% = 16px (in almost all web browsers) */
html, body {
width: 100%;
height: 100%;
min-height: 100%;
margin: 0;
padding: 0;
font-size: 100%;
font-weight: 400;
line-height: 1.8;
color: #000;
font-family: "Open Sans", Verdana, Arial, sans-serif !important;
background-color: #fff;
}
/*
A font size of 1rem means 16px. E.g. 100% of the font size of the "html" tag, which is 16px.
A font size of 0.9375rem means: 0.9375 * 16px = 15px.
From this point on, for font sizes, work with "rem", or "em" units, not anymore with px.
The "rem" units are always relative to the font size of the "html" tag (here 16px, because is set as 100%).
The "em" units are always relative to the font size of the parent tag.
*/
body {
font-size: 0.9375rem;
position: relative;
}
a {
text-decoration: none;
outline: none;
color: #DF9237;
}
a:hover {
text-decoration: none;
outline: none;
color: #000;
}
h1, h2, h3, h4, h5, h6 {
margin: 0;
padding: 0;
line-height: 1;
font-weight: 300;
}
/* A font size of 2.5rem means: 2.5 * 16px = 40px */
h2 {
font-weight: 300;
font-size: 2.5rem;
}
/***************************************/
/* Fonts settings */
/***************************************/
html, body {
font-family: "Open Sans", Verdana, Arial, sans-serif !important;
}
h1, h2, h3, h4, h5, h6,
.navbar-nav li a,
.page-title,
.page-subtitle {
font-family: "Roboto Condensed", Verdana, Arial, sans-serif !important;
}
/***************************************/
/* Layout settings */
/***************************************/
/* Page container */
/*
The top-padding is the navbar's height (70px) + some additional pixels (30px).
The bottom-padding is the footer's height (60px) + some additional pixels (30px).
*/
.page-container {
/* Making relative position so, that we can absolute position the footer on the bottom */
position: relative;
padding: 100px 30px 90px 30px;
width: 100%;
min-height: 100%;
overflow: hidden;
margin: 0;
background-color: #fff;
}
/* Navigation bar */
/*
Navbar must have a fixed height. Example here: 70px (padding is included because of
box-sizing: border-box in html). Then make the top-padding of the .page-container
the same height (70px) + some additional pixels, in order to avoid overlapping!
*/
.navbar {
height: 70px;
padding: 22px 0 0 0;
margin: 0;
position: absolute;
top: 0;
left: 0;
right: 0;
border-bottom: 1px solid #f3f3f3;
background-color: #fff;
}
.navbar-nav {
margin: 0;
padding: 0 60px;
float: right;
list-style: none;
text-transform: uppercase;
}
.navbar-nav li {
display: block;
float: left;
position: relative;
}
.navbar-nav li a {
padding: 7px;
margin-left: 5px;
color: #000;
font-size: 1rem;
font-weight: 300;
border-bottom: 0px solid transparent;
}
.navbar-nav li a:hover {
color: #DF9237;
}
.navbar-nav li a.active {
color: #DF9237;
}
.navbar-nav li a.active:hover {
color: #000;
}
/* Page header */
.page-header {
margin: 0 0 30px 0;
padding: 0;
text-align: center;
}
.page-title {
margin: 0;
padding: 10px;
color: #DF9237;
text-transform: uppercase;
}
.page-subtitle {
/*margin-top: 10px;*/
padding: 0;
text-align: center;
font-weight: 300;
font-size: 1.0625rem;
font-size: 1.1rem;
}
.page-content {
}
/* Messages */
.messages {
padding: 10px;
margin: 0;
border-radius: 4px;
}
.success {
color: #3c763d;
border-color: #d6e9c6;
background-color: #dff0d8;
}
.danger {
color: #a94442;
border-color: #ebccd1;
background-color: #f2dede;
}
.warning {
color: #8a6d3b;
border-color: #faebcc;
background-color: #fcf8e3;
}
/* Mandatory fields in forms */
.mandatory {
font-size: 0.75rem;
color: #DF9237;
}
/* Footer */
/*
Footer must have a fixed height. Example here: 60px (padding is included because of
box-sizing: border-box in html). Then make the bottom-padding of the .page-container
the same height (60px) + some additional pixels, in order to avoid overlapping!
*/
.footer {
height: 60px;
padding-top: 20px;
position: absolute;
bottom: 0;
left: 0;
right: 0;
margin: 0;
font-weight: 300;
text-align: center;
background-color: #fff;
}
assets/css/signup.css
/* Form */
.form-container-outer {
padding: 30px;
position: relative;
text-align: center;
border-radius: 4px;
background-color: #f4f4f4;
}
.form-container-inner {
display: inline-block;
margin: 0 auto;
padding: 0;
}
.messages {
text-align: left;
}
.messages a {
text-transform: uppercase;
font-weight: 600;
}
.messages.success {
text-align: center;
}
#signup-form {
padding: 20px;
display: inline-block;
text-align: left;
}
.form-group {
margin-bottom: 20px;
}
.form-group label {
display: inline-block;
min-width: 100px;
}
input {
padding: 5px;
width: 250px;
font-size: 0.9375rem;
}
button {
padding: 7px 10px;
display: block;
float: right;
color: #fff;
font-size: 0.9375rem;
cursor: pointer;
border: none;
border-radius: 4px;
background-color: #5cb85c;
}
button:hover {
background-color: #449d44;
}
使用的表结构
由于您使用的是正确的散列函数 (password_hash),因此 password 列的长度至少为 255 个字符。
CREATE TABLE `users` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`first_name` varchar(100) DEFAULT NULL,
`last_name` varchar(100) DEFAULT NULL,
`email` varchar(100) DEFAULT NULL,
`username` varchar(100) DEFAULT NULL,
`password` varchar(255) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;