我正在尝试实现它,如果用户试图创建一个帐户,他们必须满足特定的字符串长度 ETC。如果他们不这样做,那么页面应该向他们吐出一条消息。我仅针对用户名尝试了以下操作作为测试,但它并不成功。我只用了几天 PHP,谢天谢地,我是新手,我已经在谷歌、youtube 和 stackoverflow 上搜索过,但似乎无法让它适用于我的具体情况。<?php include_once 'config.php';$_SESSION['message'] = "Initiating Account Creation.";$mysqli = sqlsrv_connect($serverName, $conn_array) or die ($_SESSION['message'] = "No connection to the database.");if (isset($_POST['register'])) { session_start(); // No crazy special characters in user or email because it can mess with SQL query + inputs. $username = ($_POST['username']); $email = ($_POST['email']); //VERIFY TWO PASSWORDS ARE EQUAL. $password = ($_POST['password']); $password2 = ($_POST['confirmpassword']); $str_len1 = strlen(($_POST['username'])); if ($str_len1 < 6) { $_SESSION['message'] = "Registration Failed. Unable to add $username to the database!"; // exit(); using this completely erases the form even after refreshing the page. } if ($password == $password2) { //md5 hashed password for basic security. $password = md5($password); $sql = " SET ANSI_NULLS ON SET QUOTED_IDENTIFIER ON SET CONCAT_NULL_YIELDS_NULL ON SET ANSI_WARNINGS ON SET ANSI_PADDING ON exec dnmembership.dbo.__NX__CreateAccount '$username','$password','$email' "; sqlsrv_query ($mysqli, $sql); $_SESSION['message'] = "Registration Successful. Added $username to the database!"; header("location: welcome.php");}else{ $_SESSION['message'] = "Registration error. Try a valid username, password, or email."; } }?>
1 回答
绝地无双
TA贡献1946条经验 获得超4个赞
首先,你的代码很乱。我试图清理它;请以我的代码为例,并尝试练习编写干净的代码。
其次,永远不要用它$_SESSION['']来声明消息。最好是使用 simple echo。更好的是,我添加了一个功能。
退出()函数方法:
session_start();
include('config.php');
// For error or success messages place the following functions in your functions.php file and include the file here.
// The following functions are based on bootstrap classes for error and success message. If you are not using bootstrap you can stylize your own.
function alertSuccess($msg){
$alert = "<div class='alert alert-success'>".$msg."</div>";
return $alert;
}
function alertError($msg){
$alert = "<div class='alert alert-danger'>".$msg."</div>";
return $alert;
}
function alertInfo($msg){
$alert = "<div class='alert alert-info'>".$msg."</div>";
return $alert;
}
// Storing Form Inputs
$username = (!empty($_POST['username']))?mysqli_real_escape_string($_POST['username']):null;
$email = (!empty($_POST['email']))?mysqli_real_escape_string($_POST['email']):null;
$password = (!empty($_POST['password']))?$_POST['password']:null;
$password2 = (!empty($_POST['confirmpassword']))?$_POST['confirmpassword']:null;
if(isset($_POST['register'])) {
// Set "Creating Account" message. This is unnecessary but if you want it then okay.
echo alertInfo("Initiating Account Creation...");
// If username is null then rest of the code will not be executed
if($username == null){
echo alertError("Invalid username!");
exit();
}
// If password is not equal then rest of the code will not be executed
if($password != $password2){
echo alertError("Password mismatch");
exit();
}
// If username is less than 6 characters long then rest of the code will not be executed
if(strlen($username) < 6){
echo alertError("Username must contain at least 6 characters.");
exit();
}
// All checks done already (including password check). Now process the query.
$password = md5($password);
$sql = "SET ANSI_NULLS ON
SET QUOTED_IDENTIFIER ON
SET CONCAT_NULL_YIELDS_NULL ON
SET ANSI_WARNINGS ON
SET ANSI_PADDING ON
exec dnmembership.dbo.__NX__CreateAccount '$username','$password','$email'
";
if(sqlsrv_query($mysqli, $sql)){
echo alertSuccess("Registration Successful! Please wait....");
header("Location: welcome.php");
exit();
}else{
echo alertError("Sorry, something went wrong! Please refresh the page and try again.");
}
}
If...Else 函数方法:同样可以使用 If...Else 方法实现。
if($username == null){
echo alertError("Invalid username!");
}else if($password != $password2){
echo alertError("Password mismatch");
}else if(strlen($username) < 6){
echo alertError("Username must contain at least 6 characters.");
}else{
// All checks done already (including password check). Now process the query.
$password = md5($password);
$sql = "SET ANSI_NULLS ON
SET QUOTED_IDENTIFIER ON
SET CONCAT_NULL_YIELDS_NULL ON
SET ANSI_WARNINGS ON
SET ANSI_PADDING ON
exec dnmembership.dbo.__NX__CreateAccount '$username','$password','$email'
";
if(sqlsrv_query($mysqli, $sql)){
echo alertError("Registration Successful! Please wait....");
header("Location: welcome.php");
exit();
}else{
echo alertError("Sorry, something went wrong! Please refresh the page and try again.");
}
}
使用您喜欢的任何方法。两者都很完美。
请注意,我不确切知道如何在 SQL SERVER 中工作,因此,我没有研究您的$sql部分。休息是 100% 正确的。如果您使用的是 PDO,我也会检查 SQL。请从合适的人那里确认您正在为您的任务使用正确的 SQL。
此外,以前,您的代码无法正常工作的一个原因可能是用户名输入可能为空,或者简单地说,PHP 没有收到用户名的表单输入。因此,我也添加了对用户名是否为空的检查。如果它返回“无效的用户名!” 然后检查您的表单字段name=""部分的用户名字段。
另请注意,您的代码$_SESSION['message']在页面顶部声明,而session_start()在下方声明。现在告诉我将如何$_SESSION['message']识别是否有会话开始?除非你开始一个会话,否则你不能声明$_SESSION变量。这将导致错误。因此,这就是为什么我要求您session_start()在页面顶部声明这是必需且有效的 PHP 实践的原因。
- 1 回答
- 0 关注
- 99 浏览
添加回答
举报
0/150
提交
取消