1

我对 php 场景还很陌生,但是由于我一直在寻找几个小时来寻找这段代码可能有什么问题,所以我很茫然。由于某种原因,数据库中的 FILTER_VALIDATE_EMAIL 和唯一电子邮件检查不起作用,它们被完全跳过。我知道这一点,因为当提交表单时,它会在最后一个错误catch(PDOExceptions $ex)(未显示,但在下面的最后一个代码块之后),而不是设置为之前显示的任何其他错误(此处显示)。在尝试将表单数据插入数据库之前,不会发生(或显示)错误。由于电子邮件索引是唯一的,它不允许重复插入。因此查询无法运行并且die()'s. 我正在尝试发布电子邮件无效或已在表单本身上使用但没有die().

首先,我设置了提交空输入的条件,并对所有其他输入重复错误处理,如“fname”所示。

    if (isset($_POST['submit'])) {  

        if(empty($_POST['fname']) ||
          empty($_POST['lname']) ||
          empty($_POST['email']) ||
          empty($_POST['password']))
        {
            if(empty($_POST['fname'])) 
        { 
            $fnamerr = "<font color=\"red\">Please enter your first name</font>";
        }

然后我验证!empty:

    } 
    else if (!empty($_POST['fname']) &&
       !empty($_POST['lname']) &&
       !empty($_POST['email']) &&
       !empty($_POST['password']))  
    { 

        if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) 
        { 
            $emailerr = "<font color=\"red\">Please enter a valid email address</font>";
        }       

        $query = " 
            SELECT 
                1 
            FROM users 
            WHERE 
                email = :email 
        "; 

        $query_params = array( 
            ':email' => $_POST['email'] 
        ); 

        try 
        { 
            $stmt = $db->prepare($query); 
            $result = $stmt->execute($query_params); 
        }   
        catch(PDOException $ex) 
        { 
            die ("Failed to run query: " . $ex->getMessage());          
        }

        $row = $stmt->fetch(); 

        if($row) 
        { 
            $emailerr = "<font color=\"red\">This email address is already registered</font>";
        }

这段代码有什么问题?或者可能是完全跳过数据库中的 FILTER_VALIDATE_EMAIL 和唯一电子邮件检查的原因?提前致谢。

4

2 回答 2

0

http://php.net/manual/en/function.filter-var.php确实返回过滤后的值,所以

$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if(false !== $email) {
        $query = " 
            SELECT 
                1 
            FROM users 
            WHERE 
                email = :email 
        "; 

        $query_params = array( 
            ':email' => $email 
        ); 

        try 
        { 
            $stmt = $db->prepare($query); 
            $result = $stmt->execute($query_params); 
        }   
        catch(PDOException $ex) 
        { 
            die ("Failed to run query: " . $ex->getMessage());          
        }

        $row = $stmt->fetch(); 

        if($row)         { 
            $emailerr = "<font color=\"red\">This email address is already registered</font>";
        }
        else {
            // ...insert record...
        }
}
else    { 
            $emailerr = "<font color=\"red\">Please enter a valid email address</font>";
}
于 2013-08-09T19:05:26.010 回答
0

对于任何可能正在寻找相同信息的人,我终于想通了。

if (isset($_POST['submit'])) 
    {   

        if(empty($_POST['fname']) ||
           empty($_POST['lname']) ||
           empty($_POST['email']) ||
           empty($_POST['password']))
        { 
            if(empty($_POST['fname'])) 
            { 
                $fnamerr = "<font color=\"red\">Please enter your first name</font>";
            }

同样,我对姓氏、电子邮件和密码做了同样的事情,如果它们是空的。然后:

        } else if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) 
        { 
            $emailerr = "<font color=\"red\">Please enter a valid email address</font>";
            $submitted_firstname = htmlentities($_POST['fname'], ENT_QUOTES, 'UTF-8');
            $submitted_lastname = htmlentities($_POST['lname'], ENT_QUOTES, 'UTF-8');
            $submitted_email = htmlentities($_POST['email'], ENT_QUOTES, 'UTF-8');
        } else if (!empty($_POST['fname']) &&
               !empty($_POST['lname']) &&
               !empty($_POST['email']) &&
               !empty($_POST['password']))
        {                                       
            $query = " 
                SELECT 
                    1 
                FROM users 
                WHERE 
                    email = :email 
            "; 

            $query_params = array( 
                ':email' => $_POST['email'] 
            ); 

            try 
            { 
                $stmt = $db->prepare($query); 
                $result = $stmt->execute($query_params); 
            }   
            catch(PDOException $ex) 
            { 
                die ("Failed to run query: " . $ex->getMessage());
            }

            $row = $stmt->fetch(); 

            if ($row) 
            { 
                $emailerr2 = "<font color=\"red\">This email address is already registered</font>";
                $submitted_firstname = htmlentities($_POST['fname'], ENT_QUOTES, 'UTF-8');
                $submitted_lastname = htmlentities($_POST['lname'], ENT_QUOTES, 'UTF-8');
                $submitted_email = htmlentities($_POST['email'], ENT_QUOTES, 'UTF-8');

            } else
            {

然后我运行代码将信息插入到 db 表中。这很好用。希望没有其他事情发生。感谢您的评论和帮助。

于 2013-08-10T06:10:04.160 回答