楼主判断数据是否正确的流程有问题,你只是判断了提交了表单后的数据验证而没判断如果是直接访问写数据库页面时的数据验证,这样就没验证过数据,而是直接写数据库了应该不管是否正确提交都要判断所有的数据<?php
session_start();
//if(isset($_POST['submit'])) { //这里只有正常提交了才判断数据,如果没提交直接访问就跳过验证了而直接写数据库了
if(!isset($_POST['submit'])) {//============
echo "请不要直接访问该页面!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
$user=$_POST['user'];
$pass=($_POST['pass']);
$pass1=($_POST['pass1']);
$email=$_POST['email'];
$yanzhengma=$_POST['yanzhengma'];
$ty=$_POST['ty'];
if (empty($user)) {
echo "请输入用户名!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if (!ereg("^[a-zA-Z0-9_]*$",$user)) {
echo "用户名书写格式错误!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if (ereg("^[_]*$",$user)) {
echo "用户名不能单独由_组成!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if ((strlen($user) <3)||(strlen($user)>10)){
echo "用户名必须3-10位!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if (empty($pass)) {
echo "请输入密码!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if (!ereg("^[a-zA-Z0-9_.]*$",$pass)) {
echo "密码书写格式错误!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if (ereg("^[_.]*$",$pass)) {
echo "密码不能只由._或单独由.或单独由_组成!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if ((strlen($pass) <6)||(strlen($pass)>20)){
echo "密码必须6-20位!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if ($pass !==$pass1) {
echo "两次输入的密码不一致!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
$ps=md5($pass);
if (empty($email)) {
echo "请填写Email!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if (!eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$", $email)) {
echo "电子邮件格式错误!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
} if (empty($yanzhengma)) {
echo "请输入验证码!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if ($_SESSION["randval"] !== $yanzhengma) {
echo "验证码输入错误!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if(empty($ty)) {
echo "请选择遵守用户协议!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
//}//==================================
include "conn.php";
$query = "SELECT * FROM user WHERE user = '$user'";
$result = mysql_query($query) or die ("fail");
if (mysql_num_rows($result)>0) {
echo "已有此用户,请重新填写用户名!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
else {
$quer= "INSERT INTO user (user,password,email,sj) VALUES ('$user','$ps','$email',now())";
$result = mysql_query($quer) or die (mysql_error());
echo $user.":恭喜您,注册成功!";
mysql_close($conn);
echo ' <a href="index.php">返回 </a>';
} ?>
session_start();
//if(isset($_POST['submit'])) { //这里只有正常提交了才判断数据,如果没提交直接访问就跳过验证了而直接写数据库了
if(!isset($_POST['submit'])) {//============
echo "请不要直接访问该页面!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
$user=$_POST['user'];
$pass=($_POST['pass']);
$pass1=($_POST['pass1']);
$email=$_POST['email'];
$yanzhengma=$_POST['yanzhengma'];
$ty=$_POST['ty'];
if (empty($user)) {
echo "请输入用户名!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if (!ereg("^[a-zA-Z0-9_]*$",$user)) {
echo "用户名书写格式错误!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if (ereg("^[_]*$",$user)) {
echo "用户名不能单独由_组成!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if ((strlen($user) <3)||(strlen($user)>10)){
echo "用户名必须3-10位!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if (empty($pass)) {
echo "请输入密码!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if (!ereg("^[a-zA-Z0-9_.]*$",$pass)) {
echo "密码书写格式错误!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if (ereg("^[_.]*$",$pass)) {
echo "密码不能只由._或单独由.或单独由_组成!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if ((strlen($pass) <6)||(strlen($pass)>20)){
echo "密码必须6-20位!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if ($pass !==$pass1) {
echo "两次输入的密码不一致!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
$ps=md5($pass);
if (empty($email)) {
echo "请填写Email!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if (!eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$", $email)) {
echo "电子邮件格式错误!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
} if (empty($yanzhengma)) {
echo "请输入验证码!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if ($_SESSION["randval"] !== $yanzhengma) {
echo "验证码输入错误!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
if(empty($ty)) {
echo "请选择遵守用户协议!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
//}//==================================
include "conn.php";
$query = "SELECT * FROM user WHERE user = '$user'";
$result = mysql_query($query) or die ("fail");
if (mysql_num_rows($result)>0) {
echo "已有此用户,请重新填写用户名!";
echo ' <a href="Javascript:history.back(-1);">返回 </a>';
exit(0);
}
else {
$quer= "INSERT INTO user (user,password,email,sj) VALUES ('$user','$ps','$email',now())";
$result = mysql_query($quer) or die (mysql_error());
echo $user.":恭喜您,注册成功!";
mysql_close($conn);
echo ' <a href="index.php">返回 </a>';
} ?>
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货