UserEmail的驗證不在php

Question

中工作我要驗證POST變量userEmail。但問題是，即使我使用filter_var進行驗證，即使輸入錯誤的電子郵件並插入，也不起作用。你能幫我解決問題嗎？

insert_dummy.php

<html> 
<head><title>Insertion</title> 

</head> 
<body> 
<style> 

#colour { 
text-decoration:none; 
} 
</style> 
<div id="display"> 
<?php 
include('header/page_header.php'); 
include('db.php'); 



if(isset($_POST['add'])) 
{ 
$userName=mysql_real_escape_string($_POST['userName']); 



$userEmail=mysql_real_escape_string($_POST['userEmail']); 
if(!filter_var($userEmail, FILTER_VALIDATE_EMAIL)) 
{ 
echo "Please Enter The Valid Email Address"; 
} 

$userPassword=mysql_real_escape_string($_POST['userPassword']); 
$expiry_date1=mysql_real_escape_string($_POST['expiry_date']); 
$expiry_date=date("Y-m-d" ,strtotime($expiry_date1)); 
$end_date1=mysql_real_escape_string($_POST['end_date']); 
$end_date=date("Y-m-d",strtotime($end_date1)); 



$regDate = date("Y-m-d"); 



function generateCode($characters) 
{ 
    $possible = '23456789abcdefghjkmnpqrstuvwxyz!@#$%^&*'; 
    $code = ''; 
    $i = 0; 
    while ($i < $characters) { 
     $code .= substr($possible, mt_rand(0, strlen($possible)-1), 1); 
     $i++; 
    } 
    return $code; 
} 

$registration_key=generateCode(10); 



$str="insert into coeds_user(userName,userEmail,userPassword,regDate,expiry_date,registration_key) values('$userName','$userEmail','$userPassword','$regDate','$expiry_date','$registration_key')"; 


$query=mysql_query($str); 
$userid=mysql_insert_id(); 
if($query) 
{ 
$display="Success"; 
} 

else 
{ 
$display= "Failed"; 
} 








$string="select * from coeds_user where userId=$userid"; 
$query2=mysql_query($string); 
$display.="<table border='1' align='center'>"; 
$display.="<tr><th>UserName</th><th>UserEmail</th><th>UserPassword</th><th>RegDate</th><th>ExpiryDate</th><th>RegistrationKey</th><th colspan='3'>Action</th></tr>"; 
while($result=mysql_fetch_array($query2)) 
{ 
$display.="<tr>"; 

$display.="<td>".$result['userName']."</td>"; 
$display.="<td>".$result['userEmail']."</td>"; 
$display.="<td>".$result['userPassword']."</td>"; 
$display.="<td>".$result['regDate']."</td>"; 
$display.="<td>".$result['expiry_date']."</td>"; 
$display.="<td>".$result['registration_key']."</td>"; 
$display.="<td><a id='colour' class='tooltip' title='Edit' href='user_update.php?user_Id=".$result['userId']."'><img id='image' src='./images/small.gif'/></a></td>"; 
$display.="<td><a id='colour' class='tooltip' data-toggle='tooltip' title='Delete' href='user_delete.php?user_Id=".$result['userId']." '><img id='image' src='./images/trash.png'/></a></td>"; 

$display.="<td><a id='colour' class='tooltip' data-toggle='tooltip' title='insert' href='chapter_subscription_search.php?user_Id=".$result['userId']." '>i</a></td>"; 
$display.="</tr>"; 

$display.="</table>"; 

$end_date1 = date('Y-m-d', strtotime("+3 months")); 
$end_date2 = date('Y-m-d', strtotime("+6 months")); 
$end_date3 = date('Y-m-d', strtotime("+9 months")); 
$page=""; 


?> 

<table align='center' border='1'> 

    <tr> 

      <td> <label for="userId">UserId</label></td> 
      <td ><input id="userId" name="userId" type="text" value="<?php echo $userid;?>"/></td> 


     </tr> 
     <tr> 
     <td> <label for="userName">UserName</label></td> 
     <td ><input id="userName" name="userName" type="text" value="<?php echo $result['userName'];?>"/></td> 
     </tr> 
     <tr> 
     <td> <label for="userEmail">UserEmail</label></td> 
     <td ><input id="userEmail" name="userEmail" type="text" value="<?php echo $result['userEmail'];?>"/></td> 
     </tr> 
     <tr> 
     <td> <label for="userPassword">UserPassword</label></td> 
     <td ><input id="userPassword" name="userPassword" type="password" value="<?php echo $result['userPassword'];?>"/></td> 
     </tr> 
     <tr> 
     <td> <label for="expiry_date">ExpiryDate</label></td> 
     <td ><input id="expiry_date" name="expiry_date" type="text" value="<?php echo $result['expiry_date'];?>"/></td> 
     </tr> 
     <tr> 
     <td> <label for="end_date">EndDate</label></td> 
     <td > <select name="end_date" id="end_date"> 
      <option value=<?php echo $end_date1; ?>><?php echo $end_date1; ?></option> 
      <option value=<?php echo $end_date2; ?>><?php echo $end_date2; ?> </option> 
      <option value=<?php echo $end_date3;?>><?php echo $end_date3;?> </option> 

     </select> 
</td> 
     </tr> 




     </table> 

<?php 
} 
$str="select chapter_no from chapter_details "; 


$query7=mysql_query($str); 

$count=mysql_num_rows($query7); 
for($i=0;$i<$count;$i++) 
{ 
$chap_lic=generateCode(50); 
$chapter_no=mysql_result($query7,$i,'chapter_no'); 
$start_date=date('Y-m-d'); 
$expiry_date=mysql_real_escape_string($_POST['end_date']); 
$end_date1=mysql_real_escape_string($_POST['end_date']); 
$end_date=date("Y-m-d",strtotime($end_date1)); 
$s="insert into chapter_subscriptions (userId,chapter_no,start_date,end_date) values($userid,$chapter_no,'$start_date','$end_date')"; 

$query8=mysql_query($s); 
} 
$strings="select * from chapter_subscriptions where userId=$userid"; 
$query9=mysql_query($strings); 
$display.="<table border='1' align='center'>"; 
$display.="<tr><th>ChapterNumber</th><th>StartDate</th><th>EndDate</th><th colspan='2'>Action</th></tr>"; 
while($result=mysql_fetch_array($query9)) 
{ 
$display.="<tr>"; 
$display.="<td>".$result['chapter_no']."</td>"; 
$display.="<td>".$result['start_date']."</td>"; 


$display.="<td>".$result['end_date']."</td>"; 


$display.="<td><a id='colour' class='tooltip' title='Edit' href='chapter_subscription_update.php?user_Id=".$result['userId']."'><img id='image' src='./images/small.gif'/></a></td>"; 
$display.="<td><a id='colour' class='tooltip' data-toggle='tooltip' title='Delete' href='chapter_subscription_delete.php?user_Id=".$result['userId']." '><img id='image' src='./images/trash.png'/></a></td>"; 

$display.="</tr>"; 
} 
$display.="</table>"; 


echo $display; 
} 

?> 
</div> 
<script type="text/javascript"> 
    $(document).ready(function() { 
    $("#expiry_date").datepicker(); 
    $("#menuwrapper").hide(); 
    $("#unicode").click(function() { 
     $("#menuwrapper").slideToggle(500); 
    }); 
    }); 

</script> 


</body> 
</html> 

Answer 1

除了這個事實，你正在使用過時的代碼與MySQL進行交互，記錄被插入，因爲雖然電子郵件驗證是否正常工作，該代碼的其餘部分是仍在執行中。

如果插入die();或將用戶重定向到錯誤頁面，則不會創建該記錄。

$userEmail=mysql_real_escape_string($_POST['userEmail']); 
if(!filter_var($userEmail, FILTER_VALIDATE_EMAIL)) 
{ 
echo "Please Enter The Valid Email Address"; 
exit(); 
// Or add a redirection here 
} 

Answer 2

你可以考慮使用一個標誌變量$valid。

$valid = true; 

if (!filter_var($userEmail, FILTER_VALIDATE_EMAIL)) { 
    echo "Please Enter The Valid Email Address"; 
    $valid = false; // Change to false when an error encounters 
} 


$userPassword=mysql_real_escape_string($_POST['userPassword']); 
/* ------ Other code ---------- */ 
$registration_key=generateCode(10); 

/* Execute INSERT query ONLY IF INPUTS ARE VALID i.e if $valid = true */ 

if ($valid) { 

    $str="insert into coeds_user(userName,userEmail,userPassword,regDate,expiry_date,registration_key) values('$userName','$userEmail','$userPassword','$regDate','$expiry_date','$registration_key')"; 

    $query=mysql_query($str); 
    $userid=mysql_insert_id(); 
    if($query) { 
     $display="Success"; 
    } else { 
     $display= "Failed"; 
    } 
} 

Answer 3

請以下

$userEmail=mysql_real_escape_string($_POST['userEmail']); 
    $email = (preg_match('/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/', $userEmail))?$userEmail:"invalid email"; 
    if($email == "invalid email") 
    { 
     echo "Please Enter The Valid Email Address"; 
     return; 
    }