密码超过8个字符的PHP

2018-06-20 20:22:11

我正在做一个网上购物项目。

用户在登录前应该注册他们的信息，他们的详细信息存储在数据库中。但是，我希望只有在没有任何错误时才能将详细信息存储在数据库中。我只想在密码长度超过8个字符时才存储密码。

目前，即使数据少于8个字符，数据仍会添加到数据库中。显示错误消息，但密码仍然输入到数据库中。

我不确定我做错了什么。我希望有人云指出...

先谢谢你！

我更新了我的代码 ：

<?php
$server = "localhost";
$uname = "root";
$pwd = "";
$dbname = "SCINFO";

//connecting to mysqli
$connection = mysqli_connect($server, $uname, $pwd, $dbname);

// Check connection
if (!$connection) {
die("Connection failed: " . mysqli_connect_error());//If connection fails, prints msg
}

$uidErr = $pwdErr = "";
$uid = $pwd = "";

if($_SERVER["REQUEST_METHOD"]=="POST"){

    //check if user field is empty
if(empty($_POST["uid"])){
    $uidErr = "UserID required";
}
else{
    //check if userid exist in database
    $query = "SELECT * FROM USER WHERE USER_ID ='".$_POST["uid"]."'";
    $result = mysqli_query($connection, $query);

    if(mysqli_num_rows($result)>0){
        $uidErr = "Username already in use!";
    }
    else{
        $uid = test_input($_POST["uid"]);
    }
}  
if(empty($_POST["pwd"])){
    $pwdErr = "Password is required!";
  }
  else{
      if(strlen($_POST["pwd"]) < 8){
          $pwdErr = "Password must be more than 8 characters!";
      }
      else{
        $pwd = test_input($_POST["pwd"]);
      }
   }
}
 function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
User_ID:
<input type="text" name="uid" placeholder="ex:johndoe22"><font color="red">&nbsp;<br><?php echo $uidErr;?></font>
Password: 
<input type="password" name="pwd" placeholder="********"><font color="red">&nbsp;<br><?php echo $pwdErr;?></font>
</form>
<?php
if(!empty($_POST) || !isset($_POST)){
//insert data
$fields = array('uid', 'pwd');
$fieldErr = array('uidErr', 'pwdErr');
$error = false;

foreach($fieldErr as $fieldnm){
    if(isset($_POST[$fieldnm])){
        echo $fieldnm." Error(Invalid field)!<br>";
        $error = true;
    }
}

echo "<br><br>";

foreach($fields as $fieldname){
    if(empty($_POST[$fieldname])){
        echo $fieldname." Error(Empty field)!<br>";
        $error = true;
    }
}

if(!$error){
    $sql = "INSERT INTO USER (USER_ID, USER_PWD)
        VALUES ('".$_POST["uid"]."','".$_POST["pwd"]."')";

    //check if data is inserted
    if (mysqli_query($connection, $sql)) {
        //print data
        $sqls = "SELECT USER_ID, USER_PWD";
        $result = mysqli_query($connection, $sqls);

        if (mysqli_num_rows($result) > 0) {
        // output data of each row
        while($row = mysqli_fetch_assoc($result)) {
            echo "<br>"." - UserID: " . $row["USER_ID"]." - Username: " . $row["USER_NAME"]. " - Password: " . 
                $row["USER_PWD"];
            }
        } else {
            echo "0 results";
        }
    } else {
        echo "Error: " . $sql . "<br>" . mysqli_error($connection);
     }
   }
}
?>

我玩过你的代码并做了一些改进。它还远没有完美，但它应该让你开始。

改进的次数不胜枚举。

代码：

<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);

// Set DB credentials
define("DBSERV", "localhost");
define("DBUSER", "root");
define("DBPASS", "");
define("DBNAME", "SCINFO");

class DB {

    public $_connection;

    public function __construct($credentials) {
        if (!$this->_connection = mysqli_connect(
                $credentials['server'],
                $credentials['user'],
                $credentials['password'],
                $credentials['database']
        )) {
            die("Connection failed: " . mysqli_connect_error()); //If connection fails, prints msg
        };
    }

    public function query($sql) {
        return mysqli_query($this->_connection, $sql);
    }

    public function error() {
        return mysqli_error($this->_connection);
    }

    public function rows($query) {
        return mysqli_num_rows($query);
    }

    public function fetch($result) {
        return mysqli_fetch_assoc($result);
    }

}

class Validate {

    public static function uid($uid) {
        global $database;

        //check if user field is empty
        if (empty($uid)) {
            return "UserID required";
        }
        //check if userid exist in database
        if ($database->rows($database->query("SELECT * FROM USER WHERE USER_ID ='" . $uid . "'")) > 0) {
            return "Username already in use!";
        }
        return FALSE;
    }

    public static function pwd($pwd) {
        if (empty($pwd)) {
            return "Password is required!";
        }
        if (strlen($pwd) < 9) {
            return "Password must be more than 8 characters!";
        }
        return FALSE;
    }

}

class Strip {

    public static function input($data) {
        // The code of this method can still be improved a lot
        // You should check for attempts at SQL injection
        // See http://php.net/manual/en/security.database.sql-injection.php
        return stripslashes(trim($data));
    }

}

$database = new DB([
    'server' => DBSERV,
    'user' => DBUSER,
    'password' => DBPASS,
    'database' => DBNAME,
]);

$uid = $pwd = $debug = '';
$uidErr = $pwdErr = FALSE;

if (!empty($_POST)) {

    $uid = Strip::input($_POST['uid']);
    $uidErr = Validate::uid($uid);
    $pwd = Strip::input($_POST['pwd']);
    $pwdErr = Validate::pwd($pwd);

    if (!$uidErr && !$pwdErr) {
        $debug = '';

        //check if data is inserted
        if ($database->query("INSERT INTO USER (USER_ID, USER_PWD) VALUES ('" . $uid . "','" . $pwd . "')")) {
            //print data
            $result = $database->query("SELECT USER_ID, USER_PWD");

            if ($database->rows($result) > 0) {
                // output data of each row
                while ($row = $database->fetch($result)) {
                    $debug . "<br>" . " - UserID: " . $row["USER_ID"] . " - Username: " . $row["USER_NAME"] . " - Password: " . $row["USER_PWD"];
                }
            } else {
                $debug . "0 results";
            }
        } else {
            $debug . "Error: " . $sql . "<br>" . $database->error();
        }
    }
}
?>
<html>
    <head>
        <style>
            .error {
                color : red;
            }
        </style>
    </head>
    <body>
        <form method = "post" action = "<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
            <div>
                User_ID: 
                <input type = "text" name = "uid" placeholder = "ex:johndoe22" value = "<?php echo $uid; ?>">
            </div>
            <div class = "error">
                <?php echo $uidErr; ?>
            </div>
            <div>
                Password: 
                <input type="password" name="pwd" placeholder="********" value = "<?php echo $pwd; ?>">
            </div>
            <div class = "error">
                <?php echo $pwdErr; ?>
            </div>
            <div>
                <button type="submit">Submit</button>
            </div>
        </form>
        <div>
            <?php echo $debug; ?>
        </div>
    </body>
</html>

在插入查询之前，请检查$ pwdErr变量。如果是isset，那么不要运行你的查询...

if (isset($pwdErr)) {
    // there is an error with password...
}
else {
    // run your insert
}

是的...

if(strlen($_POST["pwd"]) < 8){

它不适合你...这里的密码必须小于8个字符。尝试> 8 :)

我认为empty（）可能是一个问题，我把它们放在一起来测试你的代码，并且我把它清理了一下（不需要1行参数的括号）

<?php

testpass("abc123def456");

testpass("");

testpass("abc123");




function testpass($input)
{
$pwdErr="";
$pwd = "";
if($input == "")
  $pwdErr = "Password is required!";
  else
  {
      if(strlen($input) < 8)
          $pwdErr = "Password must be more than 8 characters!";
      else
          $pwd = $input;

  }

     echo "<br>";
echo $pwdErr;
     echo "<br>";
echo $pwd;


}
?>

我希望我帮助你，你可以问我关于这段代码的任何问题！

链接地址: http://www.djcxy.com/p/58595.html

上一篇: password more than 8 characters php

下一篇: Why PHP include is working on local server and not on website