问题描述
问题是;我正在尝试修复注册验证,但它仍然保存在我们的数据库中,即使它是空的,希望有人可以提供关于编码错误的明确信息。 即使其中一个输入框为空,它仍会保存到我们的数据库表中
<!DOCTYPE html>
<html>`enter code here`
<head>
<title>Sample Registration Form</title>
</head>
<body>
<form action="submit.PHP" method="POST">
<input type="text" name="userid" placeholder="USER ID"><br>
<input type="text" name="firstname" placeholder="FirsT NAME"><br>
<input type="text" name="lastname" placeholder="LAST NAME"><br>
<input type="text" name="email" placeholder="EMAIL"><br>
<input type="password" name="password" placeholder="PASSWORD"><br>
<button tabindex="submit" name="submit">Sign up</button>
</form>
<a href='login.PHP'><button type='submit' name='submit'>Proceed to Login</button></a>
</body>
</html>
<!DOCTYPE html>
<html>
<head>
<title>Submit </title>
</head>
<body>
<?PHP
$dbservername = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "blogfinal";
$connect = MysqLi_connect($dbservername,$dbusername,$dbpassword,$dbname);
if(isset($_POST['submit'])) {
$userid = $_POST['userid'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$password = $_POST['password'];
$checker = array("userid","firstname","lastname","email","password");
$Error = true;
foreach ($checker as $values) {
if(empty($_POST[$values])) {
echo "Error";
$Error = true;
} else {
$sql = "INSERT INTO userinformation
(userid,firstname,lastname,email,password)
VALUES ('$userid','$firstname','$lastname','$email','$password');";
}
if(MysqLi_query($connect,$sql)) {
echo "Saved Successfully<br>";
echo "<a href='login.PHP'><button type='submit' name='submit'>Proceed to Login</button></a>";
} else {
echo "Error Description: " . MysqLi_error($connect);
}
}
}
?>
</body>
</html>
the code above is the submit function.
the problem is when we hit the sign-up even if the input-Box is empty and it is still functioning and saved to our database,instead of a password,user,or first name is required.
[if you leave it empty then proceed to submit it show saved even there's no data on it.][1]
[the image after we hit the submit button.][2]
[hence,if we at least insert 1 data required and proceed to submit it still saved to our database,instead of showing that the other data is required][3]
[1]: https://i.stack.imgur.com/gVc0i.png
[2]: https://i.stack.imgur.com/Aizjl.png
[3]: https://i.stack.imgur.com/A04c0.png
解决方法
问题是您在 if(empty($_POST[$values]))
循环中使用 foreach
检查每个值是否为空。此 if
有一个每次都运行的 else
。
因此,即使其中一个字段为空,如果至少有 1 个字段不为空,则查询将始终执行。
您应该更改逻辑,即使只有一个字段为空,查询也不会运行。
这是一个快速修复:
$Error = false;
// Check if all fields are not empty
foreach ($checker as $values) {
if(empty($_POST[$values])) {
echo "Error";
$Error = true; // If even just one field is empty,the $Error variable will be true
break;
}
}
if(!$Error) { // Check if I got an error
$sql = 'INSERT INTO userinformation,(userid,firstname,lastname,email,password) VALUES ("?","?","?");';
$stmt = $connect->prepare($sql)
$stmt->bind_param('sssss',$userid,$firstname,$lastname,$email,$password);
if($stmt->execute())
// The rest of your query
}
此外,请参阅 @RiggsFolly 对您的问题的评论,因为您的代码存在与 SQL Injection 相关的安全问题。