password more than 8 characters php

I'm doing a project for online shopping.

Users are supposed to register their information before logging in and their details are stored in database. However, I want the details to be stored in the database only if there aren't any errors. I want the password to be stored only if the password is more than 8 characters long.

Currently, data is still added to the database even if it is less than 8 character. The error message is shown but the password is still entered in the database.

I'm not sure what is it that I'm doing wrong. I hope someone cloud point it out...

Thank you in advance!

I updated my code :

<?php
$server = "localhost";
$uname = "root";
$pwd = "";
$dbname = "SCINFO";

//connecting to mysqli
$connection = mysqli_connect($server, $uname, $pwd, $dbname);

// Check connection
if (!$connection) {
die("Connection failed: " . mysqli_connect_error());//If connection fails, prints msg
}

$uidErr = $pwdErr = "";
$uid = $pwd = "";

if($_SERVER["REQUEST_METHOD"]=="POST"){

    //check if user field is empty
if(empty($_POST["uid"])){
    $uidErr = "UserID required";
}
else{
    //check if userid exist in database
    $query = "SELECT * FROM USER WHERE USER_ID ='".$_POST["uid"]."'";
    $result = mysqli_query($connection, $query);

    if(mysqli_num_rows($result)>0){
        $uidErr = "Username already in use!";
    }
    else{
        $uid = test_input($_POST["uid"]);
    }
}  
if(empty($_POST["pwd"])){
    $pwdErr = "Password is required!";
  }
  else{
      if(strlen($_POST["pwd"]) < 8){
          $pwdErr = "Password must be more than 8 characters!";
      }
      else{
        $pwd = test_input($_POST["pwd"]);
      }
   }
}
 function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
User_ID:
<input type="text" name="uid" placeholder="ex:johndoe22"><font color="red">&nbsp;<br><?php echo $uidErr;?></font>
Password: 
<input type="password" name="pwd" placeholder="********"><font color="red">&nbsp;<br><?php echo $pwdErr;?></font>
</form>
<?php
if(!empty($_POST) || !isset($_POST)){
//insert data
$fields = array('uid', 'pwd');
$fieldErr = array('uidErr', 'pwdErr');
$error = false;

foreach($fieldErr as $fieldnm){
    if(isset($_POST[$fieldnm])){
        echo $fieldnm." Error(Invalid field)!<br>";
        $error = true;
    }
}

echo "<br><br>";

foreach($fields as $fieldname){
    if(empty($_POST[$fieldname])){
        echo $fieldname." Error(Empty field)!<br>";
        $error = true;
    }
}

if(!$error){
    $sql = "INSERT INTO USER (USER_ID, USER_PWD)
        VALUES ('".$_POST["uid"]."','".$_POST["pwd"]."')";

    //check if data is inserted
    if (mysqli_query($connection, $sql)) {
        //print data
        $sqls = "SELECT USER_ID, USER_PWD";
        $result = mysqli_query($connection, $sqls);

        if (mysqli_num_rows($result) > 0) {
        // output data of each row
        while($row = mysqli_fetch_assoc($result)) {
            echo "<br>"." - UserID: " . $row["USER_ID"]." - Username: " . $row["USER_NAME"]. " - Password: " . 
                $row["USER_PWD"];
            }
        } else {
            echo "0 results";
        }
    } else {
        echo "Error: " . $sql . "<br>" . mysqli_error($connection);
     }
   }
}
?>

---

I've played around with your code and made several improvements. It's still far from perfect, but it should get you started.

The number of improvements is too numerous to summarize.

The code :

<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);

// Set DB credentials
define("DBSERV", "localhost");
define("DBUSER", "root");
define("DBPASS", "");
define("DBNAME", "SCINFO");

class DB {

    public $_connection;

    public function __construct($credentials) {
        if (!$this->_connection = mysqli_connect(
                $credentials['server'],
                $credentials['user'],
                $credentials['password'],
                $credentials['database']
        )) {
            die("Connection failed: " . mysqli_connect_error()); //If connection fails, prints msg
        };
    }

    public function query($sql) {
        return mysqli_query($this->_connection, $sql);
    }

    public function error() {
        return mysqli_error($this->_connection);
    }

    public function rows($query) {
        return mysqli_num_rows($query);
    }

    public function fetch($result) {
        return mysqli_fetch_assoc($result);
    }

}

class Validate {

    public static function uid($uid) {
        global $database;

        //check if user field is empty
        if (empty($uid)) {
            return "UserID required";
        }
        //check if userid exist in database
        if ($database->rows($database->query("SELECT * FROM USER WHERE USER_ID ='" . $uid . "'")) > 0) {
            return "Username already in use!";
        }
        return FALSE;
    }

    public static function pwd($pwd) {
        if (empty($pwd)) {
            return "Password is required!";
        }
        if (strlen($pwd) < 9) {
            return "Password must be more than 8 characters!";
        }
        return FALSE;
    }

}

class Strip {

    public static function input($data) {
        // The code of this method can still be improved a lot
        // You should check for attempts at SQL injection
        // See http://php.net/manual/en/security.database.sql-injection.php
        return stripslashes(trim($data));
    }

}

$database = new DB([
    'server' => DBSERV,
    'user' => DBUSER,
    'password' => DBPASS,
    'database' => DBNAME,
]);

$uid = $pwd = $debug = '';
$uidErr = $pwdErr = FALSE;

if (!empty($_POST)) {

    $uid = Strip::input($_POST['uid']);
    $uidErr = Validate::uid($uid);
    $pwd = Strip::input($_POST['pwd']);
    $pwdErr = Validate::pwd($pwd);

    if (!$uidErr && !$pwdErr) {
        $debug = '';

        //check if data is inserted
        if ($database->query("INSERT INTO USER (USER_ID, USER_PWD) VALUES ('" . $uid . "','" . $pwd . "')")) {
            //print data
            $result = $database->query("SELECT USER_ID, USER_PWD");

            if ($database->rows($result) > 0) {
                // output data of each row
                while ($row = $database->fetch($result)) {
                    $debug . "<br>" . " - UserID: " . $row["USER_ID"] . " - Username: " . $row["USER_NAME"] . " - Password: " . $row["USER_PWD"];
                }
            } else {
                $debug . "0 results";
            }
        } else {
            $debug . "Error: " . $sql . "<br>" . $database->error();
        }
    }
}
?>
<html>
    <head>
        <style>
            .error {
                color : red;
            }
        </style>
    </head>
    <body>
        <form method = "post" action = "<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
            <div>
                User_ID: 
                <input type = "text" name = "uid" placeholder = "ex:johndoe22" value = "<?php echo $uid; ?>">
            </div>
            <div class = "error">
                <?php echo $uidErr; ?>
            </div>
            <div>
                Password: 
                <input type="password" name="pwd" placeholder="********" value = "<?php echo $pwd; ?>">
            </div>
            <div class = "error">
                <?php echo $pwdErr; ?>
            </div>
            <div>
                <button type="submit">Submit</button>
            </div>
        </form>
        <div>
            <?php echo $debug; ?>
        </div>
    </body>
</html>

---

Before your insert query, check the $pwdErr variable. If it is isset, then dont run your query...

if (isset($pwdErr)) {
    // there is an error with password...
}
else {
    // run your insert
}

And yes...

if(strlen($_POST["pwd"]) < 8){

It is not okay for you... Here the password must be smaller then 8 characters. Try > 8 :)

---

i think the empty() might have been a problem i have thrown this together to test your code,and i cleaned it up a bit (no need for brackets on 1 line arguments)

<?php

testpass("abc123def456");

testpass("");

testpass("abc123");




function testpass($input)
{
$pwdErr="";
$pwd = "";
if($input == "")
  $pwdErr = "Password is required!";
  else
  {
      if(strlen($input) < 8)
          $pwdErr = "Password must be more than 8 characters!";
      else
          $pwd = $input;

  }

     echo "<br>";
echo $pwdErr;
     echo "<br>";
echo $pwd;


}
?>

i hope i helped you,you can ask me any question about this code!

链接地址: http://www.djcxy.com/p/58596.html

上一篇: 在PHP中使用==和===

下一篇: 密码超过8个字符的PHP