-1

我创建了一个 PHP 文件来将用户信息插入数据库,如果信息已经在数据库中,它会说"user is already exists"。我的表单中有 3 个字段“全名”、“电子邮件”和“电话”。例如这些信息已经在数据库中的是“myName”、“myEmail@yahoo.com”、“0123456789”。如果用户输入的正是这些字母,它将显示消息“用户已经存在”。但是如果他们输入电话号码,例如(083 )0123456789 它将插入到数据库中。如何修复此错误?这是文件 register.php

<h1>register form</h1>
<?php
$labels=array("full_name"=>"Full Name",
                "email"=>"Email",
                "phone"=>"Phone");
echo "<form action='check_register.php' method='POST'>";
foreach($labels as $key =>$value)
{
    echo "$value <input type='text' name='$key'/><br/>";
}
echo "<input type='submit' value='submit'/>";
echo "</form>";
?>

check_register.php

<?php
$labels=array("full_name"=>"Full Name",
                "email"=>"Email",
                "phone"=>"Phone");
foreach($_POST as $key =>$value)
{
    if(empty($value))
    {
        $empty_value[]=$key;
    }
    elseif($key=="full_name")
    {
        if(!preg_match("/^[A-Za-z '-]{2,50}$/",$value))
        {
            $invalid_value[]=$key;
        }
    }
    elseif($key=="email")
    {
        if(!preg_match("/^[A-Za-z0-9]{5,20}+(@)[A-Za-z0-9]{5,20}(\.com)$/",$value))
        {
            $invalid_value[]=$key;
        }
    }
    elseif($key=="phone")
    {   
        if(!preg_match("/^(\(\d+\)|\d+\-)?\d{10,20}$/",$value))
        {
            $invalid_value[]=$key;
        }
    }
}

if(@sizeof($empty_value)>0 or @sizeof($invalid_value)>0)
{
    if(@sizeof($empty_value)>0)
    {
        echo "input ";
        foreach($empty_value as $key) //loop empty value
        {
            echo " $labels[$key] ";
        }
    }
    if(@sizeof($invalid_value)>0)
    {
        echo "<br/>invalid data ";
        foreach($invalid_value as $key) //loop invalid_value
        {
            echo " $labels[$key]    ";
        }
    }
    echo "<form action='$_SERVER[PHP_SELF]' method='POST'>";
    foreach($labels as $key =>$value)
    {
        echo "$value <input type='text' name='$key'/><br/>";
    }
    echo "<input type='submit' value='submit'/>";
    echo "</form>";
    }
else
    {
        $user='root';
        $host='localhost';
        $password='root';
        $dbname='pet';
        $connect=mysqli_connect($host,$user,$password,$dbname) or die("can't connect to server");
        foreach($labels as $key =>$value)
        {
            $good_data[$key]=strip_tags(trim($_POST[$key]));
            $good_data[$key]=mysqli_real_escape_string($connect,$good_data[$key]);
        }
        $check_exist="SELECT ";
        foreach($labels as $key =>$value)
        {
            $check_exist.=$key.",";
        }
        $check_exist=preg_replace("/phone,/","phone",$check_exist);
        $check_exist.=" FROM register WHERE ";
        $arrayValue=array();
        foreach($good_data as $key =>$value)
        {
            $arrayValue[]=$key."="."'$value'";
        }

        $check_exist.=join(" AND ",$arrayValue);
        $query=$check_exist;
        $result=mysqli_query($connect,$query);
        if(mysqli_num_rows($result))
        {
            echo "user already exist !";
            echo $check_exist;
            exit(); 
        }

        echo $check_exist;
        else
        {
        foreach($labels as $key =>$value)
            {
                $good_data[$key]=strip_tags(trim($_POST[$key]));
                    if($key=="phone")
                    {
                        $good_data[$key]=preg_replace("/(\(\d+\)|\d+\-)/","",$good_data[$key]);

                    }
                $good_data[$key]=mysqli_real_escape_string($connect,$good_data[$key]);
            }
            $query="INSERT INTO register ("; 
            foreach($good_data as $key =>$value)
            {
                $query.="$key,"; 
            }
            $query.= ") VALUES (";      
            $query=preg_replace("/,\)/",")",$query);
            foreach($good_data as $key =>$value)   
            {
                $query.="'$value',";
            }
            $query.=")";
            $query=preg_replace("/,\)/",")",$query);
            $result=mysqli_query($connect,$query) or die ("can't execute query.".mysqli_error($connect));
            echo "$query";
            echo "<h4>member inserted $query </h4>";        
        }
    }


?>
4

1 回答 1

1

您应该首先过滤字段,而不是要求用户使用精确的格式,首先使用对值的引用: foreach($_POST as $key => & $value) {

然后在电话条目下,过滤掉非数字,然后将测试数据的方式更改为:

$value = preg_replace("/[^0-9]/", "", $value);
if (strlen($value) != 10) {
  $invalid_value[]=$key;
}

如果您需要允许超过 10 个字符的电话号码,请为测试设置一个范围,但是您将很难匹配前面提到的电话号码。任何人输入 123-456-7890,然后其他人输入 123-456-78901 - 这些将显示为不同的数字,因为您允许不同的长度。

于 2013-10-01T17:29:16.923 回答