我的注册页面 register.php 表单POST提交到 regok.php页面处理,现在我发现地址栏直接输入localhost/regok.php 也进行验证了,怎么防止这个Bug呢 ??? regok.php代码
<?php
require ("conn.php");
$_POST = mysqlClean($_POST);
$name=$_POST['user_name'];
$passwd=$_POST['pwd'];
$repasswd=$_POST['repwd'];
$city=$_POST['city'];
$email=$_POST['email']; if(($name=="") or ($passwd=="") or ($repasswd=="") or ($city=="") or ($email==""))
{
echo "<script language=javascript>alert('带*号的选项必须填写全!');history.go(-1)</script>";
exit;
} if(substr_count($name, " ")>0)
{
echo "<script language=javascript>alert('帐号不能有空格');history.go(-1)</script>";
exit;
}
if (!ereg("^[_a-zA-Z0-9-]",$name))
{
echo "<script language=javascript>alert('您的帐号格式不对,只能是英文或者数字');history.go(-1)</script>";
exit;
}
$sql="SELECT * FROM user where name='$name'";
$result=mysql_query($sql);
if($myrow=mysql_fetch_row($result))
{
echo "<script language=javascript>alert('此帐号有人注册,请重新填写!');history.go(-1)</script>";
exit;
}if($passwd<>$repasswd)
{
echo "<script language=javascript>alert('二次输入的密码不一样,请检查');history.go(-1)</script>";
exit;
}
//mysql_query("SET NAMES gb2312");
$query = "insert into user(user_id,name,pw,city,email)
values(null,'$name','$passwd','$city','$email')";
//echo $query;
//exit;
$result = mysql_query($query)
or die("注册失败: " . mysql_error()); echo $result;
$rowid = mysql_insert_id();
if ($rowid>0)
{
echo "注册成功!<hr><p>";
echo "新注册的用户是:".$name."<p>";
echo "<br><a href='login.php'>登录</a>";
}
else
{
echo "注册失败!<hr><p>";
echo "<br><a href='register.php'>重新注册</a>";
}mysql_close();
?>
<?php
require ("conn.php");
$_POST = mysqlClean($_POST);
$name=$_POST['user_name'];
$passwd=$_POST['pwd'];
$repasswd=$_POST['repwd'];
$city=$_POST['city'];
$email=$_POST['email']; if(($name=="") or ($passwd=="") or ($repasswd=="") or ($city=="") or ($email==""))
{
echo "<script language=javascript>alert('带*号的选项必须填写全!');history.go(-1)</script>";
exit;
} if(substr_count($name, " ")>0)
{
echo "<script language=javascript>alert('帐号不能有空格');history.go(-1)</script>";
exit;
}
if (!ereg("^[_a-zA-Z0-9-]",$name))
{
echo "<script language=javascript>alert('您的帐号格式不对,只能是英文或者数字');history.go(-1)</script>";
exit;
}
$sql="SELECT * FROM user where name='$name'";
$result=mysql_query($sql);
if($myrow=mysql_fetch_row($result))
{
echo "<script language=javascript>alert('此帐号有人注册,请重新填写!');history.go(-1)</script>";
exit;
}if($passwd<>$repasswd)
{
echo "<script language=javascript>alert('二次输入的密码不一样,请检查');history.go(-1)</script>";
exit;
}
//mysql_query("SET NAMES gb2312");
$query = "insert into user(user_id,name,pw,city,email)
values(null,'$name','$passwd','$city','$email')";
//echo $query;
//exit;
$result = mysql_query($query)
or die("注册失败: " . mysql_error()); echo $result;
$rowid = mysql_insert_id();
if ($rowid>0)
{
echo "注册成功!<hr><p>";
echo "新注册的用户是:".$name."<p>";
echo "<br><a href='login.php'>登录</a>";
}
else
{
echo "注册失败!<hr><p>";
echo "<br><a href='register.php'>重新注册</a>";
}mysql_close();
?>
if( isset($_POST['submit']) ){ //submit为你提交按钮的名字.或者获取判断empty($_POST)是否为空
} else{
跳转到注册页
}
从你的code看不出你说的情况....你再试试