嘿!
我有一个带有一些参数的user_register php,它们都应该被证明。我的格式非常丑陋。我把所有的验证都包装在复杂的if子句中。
看一看:
include '../db_connect.php';
$arr = array('Data' => null,'Code' => null);
$birthdate = mysql_real_escape_string($_POST['birth']);
$gender = mysql_real_escape_string($_POST['gender']);
$uname = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['pw']);
$email = mysql_real_escape_string($_POST['email']);
$lang = mysql_real_escape_string($_POST['lang']);
if (!proof_value($birthdate) && !proof_value($gender) && !proof_value($uname) && !proof_value($password) && !proof_value($email))
{
if (!user_exist($uname))
{
if(!email_exist($email))
{
if (count($pw)==32)
{
if(count($gender)==1 && ($gender=='m' ||$gender =='f'))
{
$code = genverification();
$sql = "Insert into USER (DATE_BIRTH,GENDER,USER_NAME,PASSWORD,EMAIL,VERIFICATION) VALUES ('$birthdate','$gender','$uname','$password','$email','$code')";
$result = mysql_query("Insert into USER (DATE_BIRTH,GENDER,USER_NAME,PASSWORD,EMAIL,VERIFICATION) VALUES ('$birthdate','$gender','$uname','$password','$email','$code')");
if ($result)
{
require_once("mailer.php");
if (sendmail($email,$link, $lang))
{
$arr['Code'] = 200;
}
else
{
$arr['Code'] = 422;
}
}
else
{
$arr['Code'] = 421;
//$arr['Date'] = $sql;
}
}
else
{
$arr['Code'] = 420;
}
}
else
{
$arr['Code']=423;
}
}
else
{
$arr['Code']=419;
}
}
else
{
$arr['Code']=418;
}
}
else
{
$arr['Code']=400;
}
mysql_close($db);
echo json_encode($arr);
如您所见,如果验证失败,我的脚本将返回错误代码。我想将我的精算格式更改为更好的可读格式,但现在我知道如何解决这个问题了
感谢
<?php
//Allowed array of parameters
$allowed = array('birth','gender','username','passwordw','email','lang');
$cont=true;
//Loop through the post and check & assign the variables
foreach($_POST as $key=>$value){
if(in_array($key,$allowed) && $value!=''){
//m or f set $cont to false if not
if($key=='gender' && ($value!='m' || $value!='f')){$arr['Code'] = 420; $cont=false;}
//chek if email set $cont to false if not
if($key=='email' && filter_var($value, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED)==true){$arr['Code'] = 419; $cont=false;}
//check pass len set $cont to false if not
if($key=='password' && strlen($value)==32){$arr['Code'] = 423; $cont=false;}
//Assign the variable
$$key=$value;
}else{
//Rouge key in post or value blank
$cont=false;
}
}
//if alls ok
if($cont===true){
$code = genverification();
//PDO connect to database
try {
$dbh = new PDO("mysql:host=localhost;dbname=YOURDB", $dbusername, $dbpassword);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
//Use prepared statement to avoid sql injections
$sth = $dbh->prepare('INSERT into USER
(DATE_BIRTH,GENDER,USER_NAME,PASSWORD,EMAIL,VERIFICATION)
VALUES (:birth,:gender,:username,:password,:email,:code)');
//bind the variables to the parameters
$sth->bindParam(':birth', $birth, PDO::PARAM_STR, strlen($birth));
$sth->bindParam(':gender', $gender, PDO::PARAM_STR, 1);
$sth->bindParam(':username', $username, PDO::PARAM_STR, strlen($username));
$sth->bindParam(':password', $password, PDO::PARAM_STR, strlen($password));
$sth->bindParam(':email', $email, PDO::PARAM_STR, strlen($email));
$sth->bindParam(':code', $code, PDO::PARAM_STR, strlen($code));
$sth->execute();
//Do your mail
require_once("mailer.php");
if (sendmail($email,$link, $lang)){
$arr['Code'] = 200;
}else{
$arr['Code'] = 422;
}
}else{
#Show your errors
}
?>
有很多
可能性,如果你敢,试试 while + break :-
$success = null;
while (empty($error))
{
if (...)
{
$error = xxx;
break;
}
// repeat other checking
// lastly
$sql = ...;
if ( $insert_ok )
{
$success = ...;
break;
}
}
if ( ! empty($error))
{
// something error
}
if ( ! empty($success))
{
// something right
}
PHP 中的其他控件结构