开发者

Problem with my PHP server-side validation code

问答 作者:

I have a form in a file register.php, and it posts to registerPost.php. Inside registerPost.php, I check against a few validation rules, then if any of them are flagged, I return to t开发者_如何学Che first page and print the errors. In theory, that should work. But the validation goes through with no problems, even when I leave everything blank.

Here's the code in question:

        $_SESSION["a"] = "";
        $_SESSION["b"] = "";
        $_SESSION["c"] = "";
        $_SESSION["d"] = "";
        $_SESSION["e"] = "";
        $_SESSION["f"] = "";
        $_SESSION["g"] = "";
        if(empty($userEmail))
            {
                $_SESSION["a"] = "You must enter your email.";
            }
        if(!validEmail($userEmail))
            {
                $_SESSION["a"] = "Improper Email Format";
            }
        if(empty($password))
            {
                $_SESSION["b"] = "You must enter a password.";
            }
        if(strlen($password) < 5 || strlen($password) > 0)
            {
                $_SESSION["b"] = "Password must be at least 5 characters.";
            }
        if($password != $confPassword)
            {
                $_SESSION["c"] = "Passwords do not match";
            }
        if(empty($firstName))
            {
                $_SESSION["d"] = "First Name Required";
            }
        if(empty($lastName))
            {
                $_SESSION["e"] = "Last Name Required";
            }
        if(mysql_num_rows(mysql_query("SELECT * FROM users WHERE email = '$email'")) > 0)
            {
                $_SESSION["f"] = "This email address already exists in our database.";
            }

        if(!empty($_SESSION["a"]) || !empty($_SESSION["b"]) || !empty($_SESSION["c"]) || !empty($_SESSION["d"]) || !empty($_SESSION["e"]) || !empty($_SESSION["f"]))
            {
                header('Location: register.php');
            }

Perhaps there is a more straightforward way to do this?

I like this way of registering all errors:

$errors = array();

if (empty($foo1))
  $errors[] = "foo1 can't be left blank!";
else if (!preg_match(' ... ', $foo1))
  $errors[] = "foo1 was not filled out correctly!";

if (empty($foo2))
  $errors[] = "foo2 can't be left blank!";

// ...

if (empty($errors)) {
  // do what you need
} else {
  // notify the user of the problems detected
}

Do you really need to change the page by header?

I tried your code and it works for me. Guessing from $username,$email and so on, I think you're doing some sanitizing on the $_POST data. If so, you should dump the $username, etc. to see, if that procedure is putting something in these variables.

Anyway, I like this way of validation better:

$errors = array();
if(empty($username))
{
    $errors['username'] = 'Username cannot be empty!';
}
...
$_SESSION['errors'] = $errors;
if(count($errors) > 0) //Redirect...

继续阅读:phpserver-sidevalidation

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9