0

这是我的代码,它似乎工作正常,但它看起来不正确。我知道我很容易被注射。只是想知道这是否是比较两个密码的最佳方法?

if (empty($_POST['password'])) {
    $errors[] = "Please enter a password";
} else {
    if ($_POST['password'] != $_POST['password1']) {
        $errors[] = "Your password did not match the confirmed password";
    } else {
        $p = $_POST['password'];
    }
}
4

2 回答 2

5

你的代码很好,我只是写得有点不同:

if (empty($_POST['password'])) {
   $errors[] = "Please enter a password";
} elseif($_POST['password'] !== $_POST['password1']) {
   $errors[] = "Your password did not match the confirmed password";
} else {
   $p = $_POST['password'];
}
于 2013-09-23T20:04:13.467 回答
0

我建议您必须从一开始就检查$_POST['password']两者$_POST['password1']

if (!empty($_POST['password']) && !empty($_POST['password1'])) {
        if (strcmp($_POST['password'], $_POST['password1']) === 0) {
            $p = $_POST['password'];
        } else {
            $errors[] = "Your password did not match the confirmed password";
        }
    } else {
        $errors[] = "Please enter a password";
    }
于 2013-09-23T20:29:31.950 回答