2014-03-13 37 views
0

我有一個表格,我使用PHP來驗證,使用一堆嵌套的if語句。它工作,但問題當然是錯誤消息一次顯示一個。我想讓他們一次顯示。所以我試圖重寫我的代碼而不使用嵌套的條件語句。我花了至少4小時嘗試,沒有任何工作。有人能給我一些建議嗎?這將是非常感謝...此外,我不確定是否有可能編寫一個if語句,如果條件滿足,它不執行代碼。這就是我的代碼現在正在嘗試做的事情,我確信這是一種可怕的做法,但我想不到另一種方式。如何使用PHP驗證表單,並獲取所有錯誤消息一次顯示?

<?php 

    if($_POST['submit']==1) 
    { 
     //$submit = strip_tags(isset($_POST['submit'])); 
     $fname = strip_tags($_POST['fname']); 
     $lname = strip_tags($_POST['lname']); 
     $usernamereg = strip_tags($_POST['usernamereg']); 
     $passwordreg = strip_tags($_POST['passwordreg']); 
     $email = strip_tags($_POST['email']); 
     $emailcheck = strip_tags($_POST['emailcheck']); 
     $date = date("Y-m-d"); 
     $connect = mysql_connect("localhost","user","password") or die ("There is a problem connecting to the database"); 
     mysql_select_db("user_db",$connect) or die("Couldn't find the database."); 

     $queryusername = mysql_query("SELECT * FROM users WHERE username = '$usernamereg'"); 
     $numrowsusername = mysql_num_rows($queryusername); 
     $queryemail = mysql_query("SELECT * FROM users WHERE email = '$email'"); 
     $numrowsemail = mysql_num_rows($queryemail); 

     if($fname&&$lname&&$usernamereg&&$passwordreg&&$email&&$emailcheck) 
     { 

     } 
     else 
     { 
      $all_fields = 'All fields must be filled in'; 
     } 
     if (strlen($usernamereg)>25||strlen($fname)>25||strlen($lname)>25) 
     { 
       $length_error = "First name, last name, and username cannot be longer than 25 characters"; 

     } 
     if($numrowsusername = 0) 
     { 

     } 
     else 
     { 
      $username_error ='username already taken'; 
     } 
     if(strlen($passwordreg)<6) 
     { 
      $password_error ="Password must be atleast 6 characters"; 

     } 
     else 
     { 
      //some form of password encryption 
     } 
     if($email != $emailcheck) 
     { 
      $emails_no_match = "Emails don't match"; 
     } 
     if($numrowsemail = 0) 
     { 

     } 
     else 
     { 
      $email_in_use_error ="This email is already in use"; 
     } 


if(isset($all_fields)||isset($length_error)||isset($username_error)||isset($password_error)||isset($emails_no_match)||isset($email_in_use_error)==1) 
      { 

      } 
      else 
      { 
       $queryget =mysql_query("INSERT INTO users(date,fname,lname,username,password,email,emailcheck)VALUES('$date','$fname','$lname','$usernamereg','$passwordreg','$email','$emailcheck')"); 
       echo "You have been registered!"; 
      } 

     } 
     ?> 


Here is my form code 

    <form action ='' method = 'POST' name ='regform'> 
       <table width = '500px'> 
       <tr> 
        <td id ="form_title" align ='left'>Sign Up Here</td>  
       </tr> 
       <tr> 
        <td id="form_subtitle" align ='left'> 100% Free</td> 
       </tr> 
       <tr> 
        <td align ='left'><input type ='text' name = 'fname' placeholder = 'First Name' class = 'firstname' /><input type ='text' name='lname' placeholder = 'Last Name' class = 'lastname' /></td> 
       </tr> 
       <tr> 
        <td></td> 
       </tr> 
       <tr> 
        <td align ='left'><input type ='text' name = 'usernamereg' placeholder = 'Username' class = 'username2' /></td> 
       </tr> 
       <tr> 
        <td><?php 
         if(!empty($username_error)){ 
          echo $username_error; 
         } 
        ?></td> 
       </tr> 
       <tr> 
        <td align ='left'><input type ='password' name='passwordreg' placeholder = 'Password' class = 'password2' /></td> 
       </tr> 
       <tr> 
        <td><?php 
          if(isset($password_error)){ 
          echo $password_error; 
         } 
         ?></td> 
       </tr> 
       <tr> 
        <td align ='left'><input type ='email' name = 'email' placeholder = 'Email' class = 'email'/></td> 
       </tr> 
       <tr> 
        <td><?php 
         if(!empty($emails_no_match)){ 
          echo $emails_no_match; 
         } 
        ?></td> 
       </tr> 
       <tr> 
        <td align ='left'><input type ='email' name = 'emailcheck' placeholder = 'Re-enter Email' class = 'emailcheck'/></td> 
       </tr> 
       <tr> 
        <td><?php 
         if(!empty($email_in_use_error)){ 
          echo $email_in_use_error; 
         } 
        ?></td> 
       </tr> 
       <tr> 
        <td><?php 
         if(!empty($all_fields)){ 
          echo $all_fields; 
         } 
        ?> </td> 
       </tr> 

       <td align='center'><input type = 'submit' name = 'submit' id= 'regbutton' value = 'Register' /></td> 
       </form> 

回答

0

你可以給我們更多詳情,請(原始形式)和問題的一個更好的描述。這很難理解。

然而,在您發佈的代碼有一些缺點我猜...

if($numrowsusername = 0) 

是一個賦值。所以,在這種情況下,總是假的......應該是

if ($numrowsusername == 0) 

同爲「如果($ numrowsemail = 0)」

而且順便說一句,是有可能什麼都沒有執行,如果if語句是真的。不要在托架之間放置任何東西,或者更好,只要放一個;在可讀性之間。

+0

我添加了我的表單代碼。感謝您的答覆。不要問愚蠢的問題,但如果我在括號之間放置了一個分號,當我的代碼執行時,條件滿足時,代碼是否會跳轉到代碼的下一部分(在我的情況下是另一個if語句)或它會停止執行嗎? – user3407857

+0

你可以簡單地檢查一下,但是,它會轉到下一個if語句。 – PBR

+0

和@ user3407857?所有這些代碼都在同一個php源代碼中嗎? – PBR

0

如果發生任何錯誤,您可以將錯誤放入數組中,然後顯示其內容。

<?php 

$errors = array(); 
if ($_POST['submit'] == 1) { 
    //$submit = strip_tags(isset($_POST['submit'])); 
    $fname = strip_tags($_POST['fname']); 
    $lname = strip_tags($_POST['lname']); 
    $usernamereg = strip_tags($_POST['usernamereg']); 
    $passwordreg = strip_tags($_POST['passwordreg']); 
    $email = strip_tags($_POST['email']); 
    $emailcheck = strip_tags($_POST['emailcheck']); 
    $date = date("Y-m-d"); 
    $connect = mysql_connect("localhost","user","password") or die ("There is a problem connecting to the database"); 
    mysql_select_db("user_db",$connect) or die("Couldn't find the database."); 

    $queryusername = mysql_query("SELECT * FROM users WHERE username = '$usernamereg'"); 
    $numrowsusername = mysql_num_rows($queryusername); 
    $queryemail = mysql_query("SELECT * FROM users WHERE email = '$email'"); 
    $numrowsemail = mysql_num_rows($queryemail); 

    if (!$fname || !$lname || !$usernamereg || !$passwordreg || !$email || !$emailcheck) { 
     $errors[] = 'All fields must be filled in'; 
    } 

    if (strlen($usernamereg) > 25 || strlen($fname) > 25 || strlen($lname) > 25) { 
     $errors[] = "First name, last name, and username cannot be longer than 25 characters"; 

    } 

    if ($numrowsusername > 0) { 
     $errors[] ='Username already taken'; 
    } 

    if (strlen($passwordreg) < 6) { 
     $errors[] = "Password must be atleast 6 characters"; 
    } else { 
     $passwordreg = md5($passwordreg); 
    } 

    if ($email != $emailcheck) { 
     $errors[] = "Emails don't match"; 
    } 

    if ($numrowsemail > 0) { 
     $errors[] ="This email is already in use"; 
    } 

    // If no errors occurred, insert the user into the database 
    if (count($errors) == 0) { 
     $queryget =mysql_query("INSERT INTO users(date,fname,lname,username,password,email,emailcheck)VALUES('$date','$fname','$lname','$usernamereg','$passwordreg','$email','$emailcheck')"); 
     echo "You have been registered!"; 
    } 

} 

現在,在那裏你想顯示你的錯誤,只是把這個代碼:

<?php if (count($errors)) { ?><ul><li><?php echo implode('</li><li>', $errors); ?></li></ul><?php } ?> 

我建議你的「100%免費」線下面這樣做。

此外,我建議你看看PHP PSR-2 coding standards文件。該文檔及其前身PSR-1PSR-0定義了編寫可讀的PHP代碼的良好實踐,該代碼易於調試。

另外需要注意的是,strip_tags()不足以保護自己免受SQL注入攻擊。在SQL查詢中使用變量之前,您需要清理變量$_POST。對於整數和浮點數,我推薦的語法如下:

$myInt = (isset($_POST['myInt']) ? (int)$_POST['myInt'] : null); 
$myFloat = (isset($_POST['myFloat']) ? (float)$_POST['myFloat'] : null); 

對於字符串,你應該使用mysql_real_escape_string()以確保變量正確處理如下:

$myStr = (isset($_POST['myStr']) ? mysql_real_escape_string($_POST['myStr']) : null); 

所以,你$fname變量線變爲如下:

$fname = (isset($_POST['fname']) ? mysql_real_escape_string($_POST['fname']) : null); 

依此類推等剩餘的輸入變量。

理想情況下,您希望使用PDO並準備好語句,但這不在此問題的範圍之內。此外,mysql_*()函數已被棄用,並且將在未來的版本中從PHP中刪除,可能會很快。建議您使用mysqli庫。

+0

謝謝。我將用mysqli函數重寫代碼。 – user3407857

+0

不要忘記用strip_tags改變線條!另外,您可能會想要檢查用戶名是否只包含有效的字符,並且該電子郵件地址也是有效的。有很多問題可以告訴你如何做到這一點。 :) –

+0

目前,即使我的所有驗證檢查都符合,我的表單輸入也不會被添加到表單中。當我檢查提交按鈕是否被點擊時,是否與我的第一條if語句有關? – user3407857

相關問題