1. 首頁
  2. 問答
  3. 如何在php中驗證參數

如何在php中驗證參數

2011-12-15 77 views
0

Hy!如何在php中驗證參數

我有一個user_register php與幾個參數,他們都應該證明。我的格式非常難看。我把所有的驗證都打包成了錯綜複雜的if子句。

請看:

include '../db_connect.php'; 
$arr = array('Data' => null,'Code' => null); 

$birthdate = mysql_real_escape_string($_POST['birth']); 
$gender = mysql_real_escape_string($_POST['gender']); 
$uname = mysql_real_escape_string($_POST['username']); 
$password = mysql_real_escape_string($_POST['pw']); 
$email = mysql_real_escape_string($_POST['email']); 
$lang = mysql_real_escape_string($_POST['lang']); 

if (!proof_value($birthdate) && !proof_value($gender) && !proof_value($uname) && !proof_value($password) && !proof_value($email)) 
{ 
    if (!user_exist($uname)) 
    { 
     if(!email_exist($email)) 
     { 
      if (count($pw)==32) 
      { 
        if(count($gender)==1 && ($gender=='m' ||$gender =='f')) 
        { 
         $code = genverification(); 
         $sql = "Insert into USER (DATE_BIRTH,GENDER,USER_NAME,PASSWORD,EMAIL,VERIFICATION) VALUES ('$birthdate','$gender','$uname','$password','$email','$code')"; 
         $result = mysql_query("Insert into USER (DATE_BIRTH,GENDER,USER_NAME,PASSWORD,EMAIL,VERIFICATION) VALUES ('$birthdate','$gender','$uname','$password','$email','$code')"); 
         if ($result) 
         { 
          require_once("mailer.php"); 
          if (sendmail($email,$link, $lang)) 
          { 
           $arr['Code'] = 200; 
          } 
          else 
          { 
           $arr['Code'] = 422; 
          } 


         } 
         else 
         { 
          $arr['Code'] = 421; 
          //$arr['Date'] = $sql; 
         } 

        } 
        else 
        { 
         $arr['Code'] = 420; 
        } 

      } 
      else 
      { 
       $arr['Code']=423; 
      } 


     } 
     else 
     { 
      $arr['Code']=419; 
     } 


    } 
    else 
    { 
     $arr['Code']=418; 
    } 

} 
else 
{ 
$arr['Code']=400; 
} 

mysql_close($db); 
echo json_encode($arr);

正如你可以看到,如果一個驗證失敗我的腳本將返回錯誤代碼。我想我的實際工作中的格式更改爲更好的可讀格式,但我現在的想法有怎樣解決這個本來

THX

來源

2011-12-15 test123123

+4

`我的格式非常ugly.`是的,它是。 – Toto 2011-12-15 15:22:37

+1

如果用戶函數剛剛返回`isset()`那麼爲什麼不只是使用`isset()`而且`count`應該用`strlen`來代替也是`$ pw`永遠不會被設置爲 – 2011-12-15 15:26:52

+2

@ MA42 :)。如果你寫這樣的評論,你也應該發表一個答案 – test123123 2011-12-15 15:53:49

回答

0 
<?php 
//Allowed array of parameters 
$allowed = array('birth','gender','username','passwordw','email','lang'); 

$cont=true; 
//Loop through the post and check & assign the variables 
foreach($_POST as $key=>$value){ 
    if(in_array($key,$allowed) && $value!=''){ 
     //m or f set $cont to false if not 
     if($key=='gender' && ($value!='m' || $value!='f')){$arr['Code'] = 420; $cont=false;} 
     //chek if email set $cont to false if not 
     if($key=='email' && filter_var($value, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED)==true){$arr['Code'] = 419; $cont=false;} 
     //check pass len set $cont to false if not 
     if($key=='password' && strlen($value)==32){$arr['Code'] = 423; $cont=false;} 
     //Assign the variable 
     $$key=$value; 
    }else{ 
     //Rouge key in post or value blank 
     $cont=false; 
    } 
} 

//if alls ok 
if($cont===true){ 

    $code = genverification(); 

    //PDO connect to database 
    try { 
     $dbh = new PDO("mysql:host=localhost;dbname=YOURDB", $dbusername, $dbpassword); 
    } 
    catch(PDOException $e) 
    { 
     echo $e->getMessage(); 
    } 

    //Use prepared statement to avoid sql injections 
    $sth = $dbh->prepare('INSERT into USER 
      (DATE_BIRTH,GENDER,USER_NAME,PASSWORD,EMAIL,VERIFICATION) 
      VALUES (:birth,:gender,:username,:password,:email,:code)'); 

    //bind the variables to the parameters 
    $sth->bindParam(':birth', $birth, PDO::PARAM_STR, strlen($birth)); 
    $sth->bindParam(':gender', $gender, PDO::PARAM_STR, 1); 
    $sth->bindParam(':username', $username, PDO::PARAM_STR, strlen($username)); 
    $sth->bindParam(':password', $password, PDO::PARAM_STR, strlen($password)); 
    $sth->bindParam(':email', $email, PDO::PARAM_STR, strlen($email)); 
    $sth->bindParam(':code', $code, PDO::PARAM_STR, strlen($code)); 
    $sth->execute(); 

    //Do your mail 
    require_once("mailer.php"); 
    if (sendmail($email,$link, $lang)){ 
     $arr['Code'] = 200; 
    }else{ 
     $arr['Code'] = 422; 
    } 
}else{ 
    #Show your errors 
} 
?>

來源

2011-12-15 16:00:13

0

這裏有很多的可能性,如果你敢嘗試while + break: -

$success = null; 
while (empty($error)) 
{ 
    if (...) 
    { 
    $error = xxx; 
    break; 
    } 
    // repeat other checking 
    // lastly 
    $sql = ...; 
    if ($insert_ok) 
    { 
    $success = ...; 
    break; 
    } 
} 

if (! empty($error)) 
{ 
    // something error 
} 
if (! empty($success)) 
{ 
    // something right 
}

其他control strucutures在PHP

來源

2011-12-15 15:35:40 ajreal

相關問題

 相關問題