0

我想从表单中过滤用户输入,所有变量都设置正确。正则表达式仅在最后一个 if 上失败,我在其中比较其他产品属性、尺寸、重量或尺寸。只有尺寸参数被正确过滤,其他参数被忽略,因为我可以把任何东西放在重量和尺寸上,正则表达式会接受它。例如:

Test input:
Size: aaaa // Does not let through
Weight: aaaa // Lets through
Dimensions: aaaa // Lets through

最后一个if的代码中有OR,因为只有一个参数是必须提交的。

这是负责正则表达式的代码:

if(!empty($UI->sku) && !empty($UI->name) && !empty($UI->price)) {
    if(!empty($UI->size) || !empty($UI->weight) || !empty($UI->dimensions)) {
        if(preg_match("/^\d+$/" , $UI->sku)) { // Checking if sku is int
            if(preg_match("/^[a-zA-Z0-9 ]+$/" , $UI->name)) { // Checking if name consists only of numbers and letters
                if(preg_match("/^(?=.)([+-]?([0-9]*)(\.([0-9]+))?)$/" , $UI->price)) { // Checking if price is float or int
                    if(preg_match("/^[0-9]*$/" , $UI->size) || preg_match("/^(?=.)([+-]?([0-9]*)(\.([0-9]+))?)$/" , $UI->weight) || preg_match("/^[0-9]+x[0-9]+x[0-9]+$/" , $UI->dimensions)) {
                        //Checking additional product parameters for valid format
                        $UI->addToDatabase();
                    } else {
                        echo "Check your product's additional property!";
                        exit;
                    }
                } else {
                    echo "Check your product's price!";
                    exit;
                }
            } else {
                echo "Check your product's name!";
                exit;
            }

        } else {
            echo "Check your product's SKU!";
            exit;
        }
    } else {
        echo "Please add additional parameter to your product!";
        exit;
    }
} else{
    echo "Please, include all the product's parameters!";
}
4

1 回答 1

0

首先,您检查三个对象属性之一是否具有“真实”值:

if(!empty($UI->size) || !empty($UI->weight) || !empty($UI->dimensions)) {

然后检查三个对象属性之一是否通过验证规则:

if (preg_match("/^[0-9]*$/" , $UI->size)
    || preg_match("/^(?=.)([+-]?([0-9]*)(\.([0-9]+))?)$/" , $UI->weight)
    || preg_match("/^[0-9]+x[0-9]+x[0-9]+$/" , $UI->dimensions)
) {

因此,如果 $UI->dimensions 是提交的唯一“附加”值,那么我希望您会生成Warning: Undefined property on $UI->weightand $UI->dimensions

如果这是我的项目,我会采用 NigelRen 的指导并重建嵌套条件以提高可读性和准确性。我养成了尽早写出所有错误/失败结果和稍后写出真实/成功结果的习惯。

未经测试的代码:

if (!isset($UI->sku, $UI->name, $UI->price)) {  // if any of the required properties are not declared or are null
    exit("Please include all the product's parameters.");
}
if (!ctype_digit((string)$UI->sku)) {  // if sku not fully comprised of digits
    exit("Please ensure that your product's SKU only contains digits.");
}
if (!preg_match("/^[a-z\d ]+$/i", $UI->name)) { // if name not fully comprised of alphanumeric and space characters
    exit("Please ensure that your product's name contains only alphanumeric characters and spaces.");
}
if (!preg_match("/^[+-]?\d*\.?\d+$/", $UI->price)) { // if price is not a float or int (optional sign before optional digits before optional dot before required digit(s))
    echo "Please ensure that your product's price is a numeric value.";
}
if (!isset($UI->size) && !isset($UI->weight) && !isset($UI->dimensions)) {  // if no additional parameters have been submitted
    exit("Please add additional size/weight/dimensions parameter to your product.");
}
if (isset($UI->size) && !ctype_digit((string)$UI->size)) {  // if size exists and is not fully comprised of digits
    exit("Please ensure that your product's size only contains digits.");
}
if (isset($UI->weight) && !preg_match("/^+?\d*\.?\d+$/", $UI->weight)) {  // if weight exists and is not numeric (no negative weight allowed)
    exit("Please ensure that your product's weight is a non-negative numeric value.");
}
if (isset($UI->dimensions) && !preg_match("/^\d+x\d+x\d+$/", $UI->dimensions)) { // if dimensions exists and doesn't match the required format
    exit("Please ensure that your dimension value contains three numbers separated by the letter x.");
}
$UI->addToDatabase();
于 2020-12-23T07:53:24.120 回答