0
我試圖根據會話數據在html註冊表單中爲文本框填充默認的「值」字段。從php變量設置html文本框的值
如果用戶在我的註冊表單上發生任何錯誤,它會將其發回,我希望儘可能多地填寫其數據,而不是將它們發送回普通表單以重新開始。
這裏是我的handleer腳本檢查:
// Let's get the text from the form,.
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password_check = mysql_real_escape_string($_POST['pwcheck']);
$email = mysql_real_escape_string($_POST['email']);
$spam_check = mysql_real_escape_string($_POST['checkit']); // spam check
$IP = $_SERVER['REMOTE_ADDR']; // log their ip
// set up some session data for mnistakes or spam or errors
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;
// check for empty info
if ($username == NULL || $username == '') { // no username set
header ("Location: register.php?p=un"); die;
}
if ($password == NULL || $password == '') { // no password set
header ("Location: register.php?p=pw"); die;
}
if ($password_check == NULL || $password_check == '') { // no password check set
header ("Location: register.php?p=pwchk"); die;
}
if ($email == NULL || $email == '') { // no email set
header ("Location: register.php?p=em"); die;
}
// have we had Spam?
if (strlen($spam_check) > 0) { // spam bot alert
header ("Location: http://www.google.co.uk");
die ('You\'re naughty.');
}
// does password and check match?
if ($password != $password_check) { // no match
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;
header ("Location: register.php?p=pwnpc&email=".$email.""); die;
}
我的窗體頁上我做:
// check for empty fields and session data
if (isset($_SESSION['email'])) { // email session data set
$email_value = 'value = "'.$_SESSION['email'].'"';
} else { $email_value = 'placeholder="Email"'; }
$errors = mysql_real_escape_string($_GET['p']);
switch ($errors) { // something is empty
case "un": // no username set
$pen_name = 'Pen Name missing!';
break;
case "pw": // no username set
$password = 'Password missing!';
break;
case "pwchk": // no password check set
$pw_check = 'Your passwords don\'t match!';
break;
case "em": // no username set
$email = 'Email missing!';
break;
case "pwnpc": // passwords don't match
$pw_mismatch = 'Passwords don\'t match!';
break;
}
和形式自身
<form action="register_handle.php" method="post">
<label>Choose a Pen Name</label><br /><?php echo $pen_name ?>
<p><input type="text" name="username" placeholder="Pen Name" autofocus required> </p>
<label>Choose a Password</label><br />
<p><input type="password" name="password" placeholder="Password" required> ---> <input type="password" name="pwcheck" placeholder="Password Confirm" required> <?php echo $password.$pw_check.$pw_mismatch ?></p>
<label>Email</label><br />
<?php echo $email ?>
<p><input type="email" name="email" <?php echo $email_value ?> required></p>
<input id="checkit" type="text" name="checkit" maxlength="50" size="30">
<input type="submit" value=" Sign Me Up " name="submit" class="submit">
</form>
,但我不能似乎沒有回到價值。我相信這一定很簡單,但你能在這裏看到問題嗎?正如你所看到的,我迄今爲止只在電子郵箱中嘗試過,但無濟於事。
不要忘記XSS保護。 +1還定義了'$ email_value'時設置了value屬性:s –
它看起來像來自會話並且不是用戶提供的。但是你是對的,我應該證明完整性。 –
php沒有工作; ?回聲後我的意思是 –