php:表单仍然在无效表单上提交

php:表单仍然在无效表单上提交

问题描述:

i got a problem on my validation script using php; when the user only fills out username form and emptied the password it still logs the user in it should show the user that the password field is blank error. i'm kinda new to php and i'm hoping you can help me. thanks!

here's my code for checking login

<?php
$usernameErr = $passwordErr = "";
$username = $password = "";

if ($_SERVER["REQUEST_METHOD"] == "POST")
{

   if (empty($_POST['username']))
     {$usernameErr = "Username is required.";}
   else
     {$username =($_POST['username']);}

   if (empty($_POST['password']))
     {$passwordErr = "Password is required.";}
   else
     {$password =($_POST['password']);}
}
?>

<body>
<div id="header" align="center">
<h1>PT. Sumber Urip Alfindo</h1>
</div>
<br/>
<div id="content" align="center">
<form id="login" name="login" method="post" action="checklogin.php">
<table>
<tr>
<td>Username</td>
<td></td>
<td><input name="username" type="text" id="username"><span class="error"><?php echo $usernameErr;?></span></td>
</tr>
<tr>
<td>Password</td>
<td></td>
<td><input name="password" type="password" id="password"><span class="error"><?php echo $passwordErr;?></span></td>
</tr>
<tr>
<td colspan="3" align="center"><input type="submit" name="submit" value="Login"></td>
</tr>
</table>
</form>

<?php
$sql="SELECT * FROM $tbl_name WHERE usrname='$username'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);

if($count==1 && $username="admin")
{
header("location:mainadmin.php");
}

else if($count==1)
{
header("location:main.php");
}

else
{
echo "Wrong username or password";
}
?>

我的验证脚本使用php时出现问题; 当用户只填写用户名表格并清空密码时,它仍然记录用户在其中应该向用户显示密码字段为空白错误。 我是一个新的PHP,我希望你能帮助我。 谢谢! p>

这是我的检查登录的代码 p>

 &lt;?php 
 $ usernameErr = $ passwordErr =“”; 
  $ username = $ password =“”; 
 
if($ _SERVER [“REQUEST_METHOD”] ==“POST”)
 {
 
 if(empty($ _ POST ['username']))
 {  $ usernameErr =“用户名是必需的。”;}} 
其他
 {$ username =($ _ POST ['username']);} 
 
 if(empty($ _ POST ['password']))
  {$ passwordErr =“密码是必需的。”;}} 
其他
 {$ password =($ _ POST ['password']);} 
} 
?&gt; 
 
&lt; body&gt; 
&lt;  div id =“header”align =“center”&gt; 
&lt; h1&gt; PT。  Sumber Urip Alfindo&lt; / h1&gt; 
&lt; / div&gt; 
&lt; br /&gt; 
&lt; div id =“content”align =“center”&gt; 
&lt; form id =“login”name =“login”  method =“post”action =“checklogin.php”&gt; 
&lt; table&gt; 
&lt; tr&gt; 
&lt; td&gt;用户名&lt; / td&gt; 
&lt; td&gt;&lt; / td&gt; 
&lt; td&gt;&lt;  ;输入名称=“用户名”type =“text”id =“username”&gt;&lt; span class =“error”&gt;&lt;?php echo $ usernameErr;?&gt;&lt; / span&gt;&lt; / td&gt;  
&lt; / tr&gt; 
&lt; tr&gt; 
&lt; td&gt;密码&lt; / td&gt; 
&lt; td&gt;&lt; / td&gt; 
&lt; td&gt;&lt;输入名称=“密码”type =“password”id  =“password”&gt;&lt; span class =“error”&gt;&lt;?php echo $ passwordErr;?&gt;&lt; / span&gt;&lt; / td&gt; 
&lt; / tr&gt; 
&lt; tr&gt; 
&lt;  ; td colspan =“3”align =“center”&gt;&lt; input type =“submit”name =“submit”value =“Login”&gt;&lt; / td&gt; 
&lt; / tr&gt; 
&lt; / table&gt  ; 
&lt; / form&gt; 
 
&lt;?php 
 $ sql =“SELECT * FROM $ tbl_name WHERE usrname ='$ username'”; 
 $ result = mysql_query($ sql); 
 $ count =  mysql_num_rows($ result); 
 
if($ count == 1&amp;&amp; $ username =“admin”)
 {
header(  “location:mainadmin.php”); 
} 
 
如果($ count == 1)
 {
header(“location:main.php”); 
} 
 
else 
 {\  necho“用户名或密码错误”; 
} 
?&gt; 
  code>  pre> 
  div>

Before anyone moans, I'm not replacing mysql with mysqli/PDO to answer the question. Yes it's wrong that it's used but it's not related to the question.

Correct model: if (there is not an error) { log the person in } else { do something else}.

Your model: check for errors. log the user in anyway.

This is what you're doing now

// checking stuff
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
   if (empty($_POST['username']))
     {$usernameErr = "Username is required.";}
   // blah blah check check check 
}
// don't bother considering the error, just log them in anyway
$sql="SELECT * FROM $tbl_name WHERE usrname='$username'";
// etc

But what you need to do is this:

// check for errors and store them

$errors=array(); // create an empty array to store errors
if (empty($_POST['username'])){
    $errors['usernameErr'] = "Username is required."; // add an error
}else{
    $username =($_POST['username']);
}

if (empty($_POST['password'])){
     $errors['passwordErr'] = "Password is required."; // add an error
}else{
     $password =($_POST['password']);
}

// etc etc

// check if there were any errors anywhere along the way
// and if not, proceed with login
if (!count($errors)) { // check there are no errors
    $sql="SELECT * FROM $tbl_name WHERE usrname='$username'";
    $result=mysql_query($sql);
    $count=mysql_num_rows($result);
    // etc etc
}else{
    // if there were errors do something else
    echo implode("<br />", $errors); // output the errors however you like
}

Try this for a start

<?php

/* validate form first */
if (!empty($_POST['username']))
{ $username = $_POST['username'];
}
else{ echo "Username is required."; }

if (!empty($_POST['password']))
{ $password = $_POST['password'];
}
 else{ echo "password is required."; }


/* Do the queries second i.e */

SELECT * FROM Persons WHERE username='' AND password ='';



?>

hi,You should describe your question clearly,I have read your code and checked it ,when i not fills out password,it was really display Password is required. general validation method is as follows:

if(empty($_POST['username'])){
    $usererror = '...';
    return false;
}else{
    $username = $_POST['username'];
}
if(empty($_POST['password'])){
     $passerror = '...';
     return false;
}else{
   $password = $_POST['password'];
}

The best way to handle error validation is to use same variable, especially if you have many input form data

$username = $_POST['username'];
$password = $_POST['password'];

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if ($username == '') {
        $error_msg[]= 'Username is required';
    } else if ($password == '') {
        $error_msg[]= 'Password is required';
    }
}

if (!empty($error_msg)) {
    $ERROR_MSG = implode($error_msg);
    exit;
}