0

我正在学习 PHP,我需要了解服务器端错误以及保护数据库的最佳方法。我参考了谷歌并获得了一些有价值的信息,然后我申请了我的代码。请检查我的代码并帮助我更多地了解 PHP。

我有一个带有客户端验证和服务器端验证的注册表单。

客户端验证没有问题,即使服务器端验证也在工作,以防有人从浏览器中隐藏 javascript。

我担心的是,我使用 session 进行服务器端验证来显示错误消息。

1)将服务器端错误消息从一个页面显示到另一个页面是否正确?或任何其他显示错误消息的最佳方式?

2) 在显示服务器端验证时,字段显示为空白。对这个问题有任何帮助吗?

3)我正在使用prepared statement. 我试过$name=$conn->real_escape_string(strip_tags(htmlspecialchars(stripslashes(trim($_POST['name'])))));这是保护数据的好方法吗?

你能帮我解决这个问题吗?

注册.php

<?php
session_start();
/*server side checking and error display*/
$name_error="";
$email_error=""; 
$password_error="" ;
$mobilenumber_error="";

$name_error=isset($_SESSION['name_error'])?$_SESSION['name_error']:'';
$email_error=isset($_SESSION['email_error'])?$_SESSION['email_error']:'';
$password_error=isset($_SESSION['password_error'])?$_SESSION['password_error']:'';
$mobilenumber_error=isset($_SESSION['mobilenumber_error'])?$_SESSION['mobilenumber_error']:'';

?>
<!DOCTYPE html>
<html>
<head>
    <title></title>
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
    <style type="text/css">
        form{width: 400px;margin: auto;}
    </style>

</head>
<body>
     <form action="process.php?key=register" method="post" name="register" autocomplete="off">
          <div class="form-group">
              <label for="name">Name</label>
              <input type="text" class="form-control" id="name" name="name">
              <span class="error"><?php echo $name_error;?></span>
            </div>

            <div class="form-group">
              <label for="email">Enter Email</label>
              <input type="email" class="form-control" id="email" name="email" >
              <span class="error"><?php echo $email_error;?></span>
            </div>

            <div class="form-group">
              <label for="pwd">Password</label>
              <input type="password" class="form-control" id="password" name="password">
                   <span class="error"><?php echo $password_error;?></span>
            </div>

            <div class="form-group">
              <label>Mobile number</label>
              <input type="text" class="form-control" id="mobilenumber" name="mobilenumber">
              <span class="error"><?php echo $mobilenumber_error;?></span>
            </div>


              <div class="form-group">
              <input type="submit" class="btn-reg btn-default" value="Register">
              </div>
    </form>

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<script src="https://cdn.jsdelivr.net/jquery.validation/1.16.0/jquery.validate.min.js"></script>
<script src="https://cdn.jsdelivr.net/jquery.validation/1.16.0/additional-methods.min.js"></script>
<script src="validation.js"></script>
</body>
</html>

进程.php

<?php
ob_start();
session_start();
include('../db/connection.php');
date_default_timezone_set('Asia/Kolkata');
$date_of_added= date('d-m-Y H:i:s');//current date

switch($_GET['key']) {
case 'register':register($conn);break;
default : redirect('index.php');
}

/*register code*/

function register($conn)
{

  global $date_of_added;
  // $products_image=$newfilename;
  $name=$conn->real_escape_string(strip_tags(htmlspecialchars(stripslashes(trim($_POST['name'])))));
  $email=$conn->real_escape_string(strip_tags(htmlspecialchars(stripslashes(trim($_POST['email'])))));
  $password=$conn->real_escape_string(strip_tags(htmlspecialchars(stripslashes(trim($_POST['password'])))));
  $mobilenumber=$conn->real_escape_string(strip_tags(htmlspecialchars(stripslashes(trim($_POST['mobilenumber'])))));

  /*server side validation*/
  $_SESSION['name_error']="";
  $_SESSION['email_error']="";
  $_SESSION['password_error']="";
  $_SESSION['confirmpassword_error']="";

if (empty($name)) {
      $_SESSION['name_error']="Name is empty";
      header('location:register');
  }

elseif(strlen($name) >3) {
        $_SESSION['name_error']="Please enter minimum 3 character";
        header('location:register');
}

elseif(empty($email)) {
      $_SESSION['email_error']="Email field is empty";
      header('location:register');
  }
elseif(!preg_match("/^[_\.0-9a-zA-Z-]+@([0-9a-zA-Z][0-9a-zA-Z-]+\.)+[a-zA-Z]{2,6}$/i", $email)) {
        $_SESSION['email_error']="Invalid email format"; 
        header('location:register');
  }

elseif(empty($password)) {
      $_SESSION['password_error']="Password field is empty";
      header('location:register');
  }

elseif(empty($mobilenumber))
 {
  $_SESSION['contact_mobile_error'] = "Enter Mobile NO !";
  header('location:register');
 }
 elseif(!is_numeric($mobilenumber))
 {
  $_SESSION['contact_mobile_error'] = "Numbers only !";
  header('location:register');
 }
 elseif(strlen($mobilenumber)!=10)
 {
  $_SESSION['contact_mobile_error'] = "10 characters only !";
  header('location:register');
 }
  else{
  $password_hash =password_hash($password,PASSWORD_DEFAULT,['cost' => 12]);
  // prepare and bind
  $sql="INSERT INTO test (name, email, password, mobileno, date_of_added) VALUES (?, ?, ?, ?, ?)";
  $stmt = $conn->prepare($sql);
  $stmt->bind_param("sssss", $name, $email, $password_hash, $mobilenumber, $date_of_added);
  $stmt->execute();
  $stmt->close();
  }
 header('location:register');
  $conn->close();
}

Validation.js(客户端验证)

// When the browser is ready...
  $(function() {
/*password alphanumeric set*/
   $.validator.addMethod("pwcheckallowedchars", function (value) {
        return /^[a-zA-Z0-9!@#$%^&*()_=\[\]{};':"\\|,.<>\/?+-]+$/.test(value) // has only allowed chars letter
    }, "The password contains non-admitted characters");

    $.validator.addMethod("pwcheckspechars", function (value) {
        return /[!@#$%^&*()_=\[\]{};':"\\|,.<>\/?+-]/.test(value)
    }, "The password must contain at least one special character");

  $.validator.addMethod("pwcheckconsecchars", function (value) {
        return ! (/(.)\1\1/.test(value)) // does not contain 3 consecutive identical chars
    }, "The password must not contain 3 consecutive identical characters");

    $.validator.addMethod("pwchecklowercase", function (value) {
        return /[a-z]/.test(value) // has a lowercase letter
    }, "The password must contain at least one lowercase letter");

    $.validator.addMethod("pwcheckrepeatnum", function (value) {
        return /\d{2}/.test(value) // has a lowercase letter
    }, "The password must contain at least one lowercase letter");

    $.validator.addMethod("pwcheckuppercase", function (value) {
        return /[A-Z]/.test(value) // has an uppercase letter
    }, "The password must contain at least one uppercase letter");

    $.validator.addMethod("pwchecknumber", function (value) {
        return /\d/.test(value) // has a digit
    }, "The password must contain at least one number");

  $("form[name='register']").validate({
        // Specify the validation rules
        rules: {

           name:{
                 required: true,
                 minlength:3,
                maxlength:50
           },

           email: {
                required: true,
                 email:true
            },

           password: {
                required: true,
                pwchecklowercase: true,
                pwcheckuppercase: true,
                pwchecknumber: true,
                pwcheckconsecchars: true,
                pwcheckspechars: true,
                pwcheckallowedchars: true,
                minlength:5,
                 maxlength: 20
            },

            mobilenumber: {
                required: true,
                number:true,
                minlength:10,
                maxlength: 10

            }

               },
         submitHandler: function(form) {
         form.submit();
         }

    });
  });
4

1 回答 1

0

我认为您的问题与 jquery 的关系比与老式服务器端 php 的关系要小。

回答您的问题(尽我所能):1)使用从一页到另一页显示服务器端错误消息的正确方法吗?或任何其他显示错误消息的最佳方式?

我认为因为这是一个可行的解决方案,所以它是一个很好的解决方案,但我不会选择这种方式。为什么不将 register.php 和 process.php 中的代码放在一个文件中,这样您就不必使用会话和重定向?

2) 在显示服务器端验证时,字段显示为空白。对这个问题有任何帮助吗?

要在您的代码中实现这一点,您需要为 process.php 中的输入填充会话变量:

$_SESSION['name']=$name;

然后你可以像这样在 register.php 中使用它:

<input type="text" class="form-control" id="name" name="name" value="<?=$_SESSION['name']?>">

3)我正在使用准备好的语句。我试过 $name=$conn->real_escape_string(strip_tags(htmlspecialchars(stripslashes(trim($_POST['name']))))); 这是用于保护数据的好方法吗?

我不知道。我认为它与任何方法一样好。

于 2018-04-29T18:42:43.453 回答