即使没有设置item,isset()函数也会返回true

问题描述 投票:3回答:4

这是我的代码。出于某种原因,如果我在没有放置和密码的情况下提交表单,它仍会创建数据库条目。整个代码中都散布着一些注释,但代码非常简单。有任何想法吗?

<?php
//signup.php
include 'connect.php';
include 'header.php';

echo '<h3>Sign up</h3>';

if($_SERVER['REQUEST_METHOD'] != 'POST')
{
    /*The form hasn't been posted yet, display it
      note that the action="" will cause the form to post to the same page it is on */
    echo '<form method="post" action="">
        Username: <input type="text" name="user_name" /><br />
        Password: <input type="password" name="user_pass" /><br />
        Password again: <input type="password" name="user_pass_check" /><br />
        E-mail: <input type="email" name="user_email" /><br />
        <input type="submit" value="Add category" />
        </form>';
}
else
{
    /* so, the form has been posted, we'll process the data in three steps:
        1.  Check the data
        2.  Let the user refill the wrong fields (if necessary)
        3.  Save the data
    */
    $errors = array(); /* declare the array for later use */

    if(isset($_POST['user_name']))
    {
        //the user name exists
        if(!ctype_alnum($_POST['user_name']))
        {
            $errors[] = 'The username can only contain letters and digits.';
        }
        if(strlen($_POST['user_name']) > 30)
        {
            $errors[] = 'The username cannot be longer than 30 characters.';
        }
    }
    else
    {
        $errors[] = 'The username field must not be empty.';
    }

    if(isset($_POST['user_pass']))
    {
        if($_POST['user_pass'] != $_POST['user_pass_check'])
        {
            $errors[] = 'The two passwords did not match.';
        }
    }
    else
    {
        $errors[] = 'The password field cannot be empty.';
    }

    if(!empty($errors))
    {
        echo 'Uh-oh.. a couple of fields are not filled in correctly..';
        echo '<ul>';
        foreach($errors as $key => $value)
        {
            echo '<li>'.$value.'</li>';
        }
        echo '</ul>';
    }
    else
    {
        //the form has been posted without errors, so save it
        //notice the use of mysql_real_escape_string, keep everything safe.
        //also notice the sha1 function which hashes the password
        $sql = "INSERT INTO
                    users(user_name, user_pass, user_email, user_date, user_level)
                VALUES('" . mysql_real_escape_string($_POST['user_name']) . "',
                       '" . sha1($_POST['user_pass']) . "',
                       '" . mysql_real_escape_string($_POST['user_email']) . "',
                       NOW(),
                       0)";

        $result = mysql_query($sql);
        if(!$result)
        {
            //something went wrong, display the error
            echo 'Something went wrong while registering. Please try again later.';
            //echo mysql_error(); //debugging purposes, uncomment when needed
        }
        else
        {
            echo 'Successfully registered. You can now <a href="signin.php">sign in</a>
                     and start posting!';
        }
    }
}
include 'footer.php';
?>
php mysql isset
4个回答
7
投票

如果声明变量,仍然设置空字符串和/或空字符串。试试这个:

if(isset($_POST['user_pass']) && $_POST['user_pass'] != "")


4
投票

isset检查变量是否已设置 - 在这种情况下,它设置为''(空字符串)。尝试使用empty()。


0
投票

简单的解决方案:if(!empty($_POST['xxx']) == true)几乎等于你使用时:

if(isset($_POST['xxx']) == true && $_POST['xxx'] != '')

除了:isset()将0(字符串或数字)视为true,而empty()将0视为true。


0
投票

检查一下

if(isset($_POST['user_pass']) && !empty($_POST['user_pass']))

如果POST设置为'user_pass',则isset()将检查&!empty()将检查该值是否为空。

© www.soinside.com 2019 - 2024. All rights reserved.