-2

嗨,关于 PHP 的快速问题,我仍在学习为什么下面代码中的 $html[$firstname] 在服务器错误日志中作为未定义索引出现............快速回答会很棒......

嗨,为了清楚起见,这是所有代码,让我知道 PDO 的代码是否足够好并且不需要转义,我猜在我从数据库中输出数据之前不需要 html 实体通过php到浏览器。

<?php

$firstname = "";
$lastname = "";
$username = "";
$email = "";
$password = "";
$confirm_password = "";
$_POST['firstname'] = $firstname;
$_POST['lastname'] = $lastname;
$_POST['username'] = $username;
$_POST['email'] = $email;
$_POST['password'] = $password;
$_POST['confirm_password'] = $confirm_password;
$clean =  array();
if(ctype_alnum($firstname)){
  $clean[$firstname] = $firstname;
};
if(ctype_alnum($lastname)){
  $clean[$lastname] = $lastname;
};
if(ctype_alnum($username)){
  $clean[$username] = $username;
};

if(isset($email)){
  filter_var($email, FILTER_SANITIZE_EMAIL);
};
//initialize an array for escaped data
$html = array();
//escape the filtered data
$html[$firstname] = htmlentities($clean[$firstname], ENT_QUOTES, 'UTF-8');
$html[$lastname] = htmlentities($clean[$lastname], ENT_QUOTES, 'UTF-8');
$html[$username] = htmlentities($clean[$username], ENT_QUOTES, 'UTF-8');
$html[$email] = htmlentities($email, ENT_QUOTES, 'UTF-8');
$html[$password] = htmlentities($password, ENT_QUOTES, 'UTF-8');
$html[$confirm_password] = htmlentities($confirm_password, ENT_QUOTES, 'UTF-8');
//
//write function to generate random salt for every password, + bcrypt allpasswords, then store in db


$salt = substr(str_replace('+', '.', base64_encode(pack('N4', mt_rand(),  mt_rand(), mt_rand(), mt_rand()))), 0, 22);
$hash = crypt($html[$password], '$2a$10$'.$salt.'$');


$currentPassword = '$2a$15$Ku2hb./9aA71tPo/E015h.LsNjXrZe8pyRwXOCpSnGb0nPZuxeZP2';
$checkPassword = $password;
if(crypt($checkPassword, $currentPassword) === $currentPassword){
    echo 'You are in!';
}else{
    echo 'You entered the wrong password';
}

// store everything in the database execute prepare, then send back the email verification, do not send
//new password to email, and don't send forgotten password to email, just get them to remember it and click the link'
//connect to the database
$user = "*****";
$dbpassword = "****";
$db = new PDO('mysql:host=localhost;dbname=_virtualpiersclose', $user, $dbpassword);
$statement = $db->prepare("INSERT INTO users (firstname, lastname, username, email, password)
    VALUES (:firstname, :lastname, :username, :email, :password)");
$statement->bindParam(':firstname', $html[$firstname]);
$statement->bindParam(':lastname', $html[$lastname]);
$statement->bindParam(':username', $html[$username]);
$statement->bindParam(':email', $html[$email]);
$statement->bindParam(':password',$html[$password]);

$statement->execute();

$db = NULL;

?>
4

1 回答 1

3

我想你想要的是:

$html['firstname']

话虽如此,您的代码有点疯狂,没有多大意义。以下是一些访问模式:

$ar = array(
    'firstname' => 'Joe',
    'hello' => 'Hi there!'
);

$n = 'firstname';  // assign the string 'firstname' to $n
$x = $ar['firstname'];  // $x becomes 'Joe'
$x = $ar[$n]; // also $x becomes 'Joe', because $n is 'firstname'
$x = $ar[$firstname]; // doesn't return anything, because the variable $firstname is not assigned.  Will trigger a warning, too.
$firstname = 'hello'; // assign 'hello' to $firstname
$x = $ar[$firstname]; // $x becomes 'Hi there!'
$ar['hello'] = 'Good Bye.'; // Change $ar['hello']
$ar[$firstname] = 'So long!'; // Also changes $ar['hello']

你也有你的赋值语句倒退。等号左侧的变量接收来自右侧的值。我认为您希望将 的内容$_POST['firstname']保存在变量中$firstname。这里有几行可能需要修复:

$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
// ... etc ...
if(ctype_alnum($firstname)){
    $clean['firstname'] = $firstname;
};
于 2013-01-24T22:16:37.703 回答