• PHP学习记录02


    PHP学习记录02

    PHP 表单验证

    参考:https://www.runoob.com/php/php-form-validation.html

    第一步开启环境:phpstudy、Sublime TEXT、浏览器、操作系统

     <!DOCTYPE HTML> 
     <html>
     <head>
     <meta charset="utf-8">
     <title></title>
     <style>
     .error {color: #FF0000;}
     </style>
     </head>
     <body><?php
     // 定义变量并默认设置为空值
     $nameErr = $emailErr = $genderErr = $websiteErr = "";
     $name = $email = $gender = $comment = $website = "";
     ​
     if ($_SERVER["REQUEST_METHOD"] == "POST")
     {
         if (empty($_POST["name"]))
         {
             $nameErr = "名字是必需的";
         }
         else
         {
             $name = test_input($_POST["name"]);
             // 检测名字是否只包含字母跟空格
             if (!preg_match("/^[a-zA-Z ]*$/",$name))
             {
                 $nameErr = "只允许字母和空格"; 
             }
         }
         
         if (empty($_POST["email"]))
         {
           $emailErr = "邮箱是必需的";
         }
         else
         {
             $email = test_input($_POST["email"]);
             // 检测邮箱是否合法
             if (!preg_match("/([w-]+@[w-]+.[w-]+)/",$email))
             {
                 $emailErr = "非法邮箱格式"; 
             }
         }
         
         if (empty($_POST["website"]))
         {
             $website = "";
         }
         else
         {
             $website = test_input($_POST["website"]);
             // 检测 URL 地址是否合法
             if (!preg_match("/(?:(?:https?|ftp)://|www.)[-a-z0-9+&@#/%?=~_|!:,.;]*[-a-z0-9+&@#/%=~_|]/i",$website))
             {
                 $websiteErr = "非法的 URL 的地址"; 
             }
         }
         
         if (empty($_POST["comment"]))
         {
             $comment = "";
         }
         else
         {
             $comment = test_input($_POST["comment"]);
         }
         
         if (empty($_POST["gender"]))
         {
             $genderErr = "性别是必需的";
         }
         else
         {
             $gender = test_input($_POST["gender"]);
         }
     }
     ​
     function test_input($data)
     {
         $data = trim($data);
         $data = stripslashes($data);
         $data = htmlspecialchars($data);
         return $data;
     }
     ?><h2>PHP 表单验证实例</h2>
     <p><span class="error">* 必需字段。</span></p>
     <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> 
        名字: <input type="text" name="name" value="<?php echo $name;?>">
        <span class="error">* <?php echo $nameErr;?></span>
        <br><br>
        E-mail: <input type="text" name="email" value="<?php echo $email;?>">
        <span class="error">* <?php echo $emailErr;?></span>
        <br><br>
        网址: <input type="text" name="website" value="<?php echo $website;?>">
        <span class="error"><?php echo $websiteErr;?></span>
        <br><br>
        备注: <textarea name="comment" rows="5" cols="40"><?php echo $comment;?></textarea>
        <br><br>
        性别:
        <input type="radio" name="gender" <?php if (isset($gender) && $gender=="female") echo "checked";?>  value="female"><input type="radio" name="gender" <?php if (isset($gender) && $gender=="male") echo "checked";?>  value="male"><span class="error">* <?php echo $genderErr;?></span>
        <br><br> 
       <input type="submit" name="submit" value="Submit">  
    </form><?php 
    echo "<h2>您输入的内容是:</h2>"; 
    echo $name; 
    echo "<br>"; 
    echo $email; 
    echo "<br>"; 
    echo $website; 
    echo "<br>"; 
    echo $comment; 
    echo "<br>"; 
    echo $gender; 
    ?></body> 
    </html>

    html界面

     <!DOCTYPE html>
     <html>
     <head>
         <meta charset="utf-8">
         <title></title>
     </head>
     <body><h2>PHP表单验证实例</h2>
     <p>*必需字段</p>
     <form>
     名字:<input type="text" name="name">*<br>
     E-mail:<input type="text" name="email">*<br>
     网址:<input type="text" name="website"><br>
     备注:<textarea name="comment" rows="5" cols="40"></textarea><br>
     性别:<input type="radio" name="gender" value="female"><input type="radio" name="gender" value="man">男*<br>
     <input type="submit" name="submit" value="Submit">
     <h2>您输入的内容是:</h2>
     </form>
     </body>
     </html>

    php代码

    <script>alert(document.cookie)</script>
     /%22%3E%3Cscript%3Ealert('hacked')%3C/script%3E
     <script>alert('hacked')</script>

    漏洞分析

    在输入框中输入

    php1.php

     <!DOCTYPE html>
     <html>
     <head>
         <meta charset="utf-8">
         <title></title>
     </head>
     <body>
         <form action="php3.php" method="post">
     user:<input type="text" name="1">
     pass:<input type="text" name="2">
     <br>
     <input type="submit" name="3">
         </form></body>
     </html>

    php2.php

     <!DOCTYPE html>
     <html>
     <head>
         <meta charset="utf-8">
         <title></title>
     </head>
     <body>
         <h1>这是GET获取的位置</h1>
     用户名:<?php  
     echo $_GET['1']; 
     ?>
     <br>
     密码:<?php  
     echo $_GET['2'];
     ?>
     </body>
     </html>

    php3.php

    在url中输入

     /%22%3E%3Cscript%3Ealert('hacked')%3C/script%3E
     <!DOCTYPE html>
     <html>
     <head>
         <meta charset="utf-8">
         <title></title>
     </head>
     <body>
             <h1>这是POST获取的位置</h1>
     用户名:<?php  
     echo $_POST['1']; 
     ?>
     <br>
     密码:<?php  
     echo $_POST['2'];
     ?>
     <form action="<?php echo $_SERVER["PHP_SELF"];?>" method="post">
     user:<input type="text" name="1">
     pass:<input type="text" name="2">
     <br>
     <input type="submit" name="3">
         </form></body>
     </html>

    php5.php

     <!DOCTYPE html>
     <html>
     <head>
         <meta charset="utf-8">
         <title></title>
     </head>
     <body><h1>这是POST获取的位置</h1>
     用户名:<?php  
     echo $_POST['1']; 
     ?>
     <br>
     密码:<?php  
     echo $_POST['2'];
     ?>
     <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
     user:<input type="text" name="1">
     pass:<input type="text" name="2">
     <br>
     <input type="submit" name="3">
         </form></body>
     </html>

    PHP 验证表单数据

    当用户提交表单时,我们将做以下两件事情:

    1. 使用 PHP trim() 函数去除用户输入数据中不必要的字符 (如:空格,tab,换行)。

    2. 使用PHP stripslashes()函数去除用户输入数据中的反斜杠 ()

    接下来让我们将这些过滤的函数写在一个我们自己定义的函数中,这样可以大大提高代码的复用性。

    将函数命名为 test_input()。

    现在,我们可以通过test_input()函数来检测 $_POST 中的所有变量, 脚本代码如下所示:

    注意我们在执行以上脚本时,会通过$_SERVER["REQUEST_METHOD"]来检测表单是否被提交 。如果 REQUEST_METHOD 是 POST, 表单将被提交 - 数据将被验证。如果表单未提交将跳过验证并显示空白。
    <?php
    // 定义变量并默认设置为空值
    $name = $email = $gender = $comment = $website = "";
     
    if ($_SERVER["REQUEST_METHOD"] == "POST")
    {
      $name = test_input($_POST["name"]);
      $email = test_input($_POST["email"]);
      $website = test_input($_POST["website"]);
      $comment = test_input($_POST["comment"]);
      $gender = test_input($_POST["gender"]);
    }
     
    function test_input($data)
    {
      $data = trim($data);
      $data = stripslashes($data);
      $data = htmlspecialchars($data);
      return $data;
    }
    ?>
     <!DOCTYPE HTML> 
    <html>
    <head>
    <meta charset="utf-8">
    <title></title>
    </head>
    <body> 
    
    <?php
    // 定义变量并默认设置为空值
    $name = $email = $gender = $comment = $website = "";
    
    if ($_SERVER["REQUEST_METHOD"] == "POST")
    {
       $name = test_input($_POST["name"]);
       $email = test_input($_POST["email"]);
       $website = test_input($_POST["website"]);
       $comment = test_input($_POST["comment"]);
       $gender = test_input($_POST["gender"]);
    }
    
    function test_input($data)
    {
       $data = trim($data);
       $data = stripslashes($data);
       $data = htmlspecialchars($data);
       return $data;
    }
    ?>
    
    <h2>PHP 表单验证实例</h2>
    <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> 
       名字: <input type="text" name="name">
       <br><br>
       E-mail: <input type="text" name="email">
       <br><br>
       网址: <input type="text" name="website">
       <br><br>
       备注: <textarea name="comment" rows="5" cols="40"></textarea>
       <br><br>
       性别:
       <input type="radio" name="gender" value="female"><input type="radio" name="gender" value="male"><br><br>
       <input type="submit" name="submit" value="Submit"> 
    </form>
    
    <?php
    echo "<h2>您输入的内容是:</h2>";
    echo $name;
    echo "<br>";
    echo $email;
    echo "<br>";
    echo $website;
    echo "<br>";
    echo $comment;
    echo "<br>";
    echo $gender;
    ?>
    
    </body>

    表单 - 必需字段

    字段验证规则
    名字 必需。 + 只能包含字母和空格
    E-mail 必需。 + 必需包含一个有效的电子邮件地址(包含"@"和".")
    网址 可选。 如果存在,它必需包含一个有效的URL
    备注 可选。多行字段(文本域)。
    性别 必需。必需选择一个。
    在以下代码中我们加入了一些新的变量: $nameErr, $emailErr, $genderErr, 和 $websiteErr.。这些错误变量将显示在必需字段上。 我们还为每个$_POST变量增加了一个if else语句。 这些语句将检查 $_POST 变量是 否为空(使用php的 empty() 函数)。如果为空,将显示对应的错误信息。 如果不为空,数据将传递给test_input() 函数:

    必需字段

    <?php
    // 定义变量并默认设为空值
    $nameErr = $emailErr = $genderErr = $websiteErr = "";
    $name = $email = $gender = $comment = $website = "";
    
    if ($_SERVER["REQUEST_METHOD"] == "POST") {
      if (empty($_POST["name"])) {
        $nameErr = "名字是必需的。";
      } else {
        $name = test_input($_POST["name"]);
      }
    
      if (empty($_POST["email"])) {
        $emailErr = "邮箱是必需的。";
      } else {
        $email = test_input($_POST["email"]);
      }
    
      if (empty($_POST["website"])) {
        $website = "";
      } else {
        $website = test_input($_POST["website"]);
      }
    
      if (empty($_POST["comment"])) {
        $comment = "";
      } else {
        $comment = test_input($_POST["comment"]);
      }
    
      if (empty($_POST["gender"])) {
        $genderErr = "性别是必需的。";
      } else {
        $gender = test_input($_POST["gender"]);
      }
    }
    ?>

    显示错误信息

    <form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>"> 
       名字: <input type="text" name="name">
       <span class="error">* <?php echo $nameErr;?></span>
       <br><br>
       E-mail: <input type="text" name="email">
       <span class="error">* <?php echo $emailErr;?></span>
       <br><br>
       网址: <input type="text" name="website">
       <span class="error"><?php echo $websiteErr;?></span>
       <br><br>
       备注: <textarea name="comment" rows="5" cols="40"></textarea>
       <br><br>
       性别:
       <input type="radio" name="gender" value="female"><input type="radio" name="gender" value="male"><span class="error">* <?php echo $genderErr;?></span>
       <br><br>
       <input type="submit" name="submit" value="Submit"> 
    </form>
    <!DOCTYPE HTML> 
    <html>
    <head>
    <meta charset="utf-8">
    <title></title>
    <style>
    .error {color: #FF0000;}
    </style>
    </head>
    <body> 
    <?php
    // 定义变量并默认设为空值
    $nameErr = $emailErr = $genderErr = $websiteErr = "";
    $name = $email = $gender = $comment = $website = "";
    
    if ($_SERVER["REQUEST_METHOD"] == "POST") {
       if (empty($_POST["name"])) {
          $nameErr = "名字是必须的。";
       } else {
          $name = test_input($_POST["name"]);
       }
    
       if (empty($_POST["email"])) {
          $emailErr = "邮箱是必须的。";
       } else {
          $email = test_input($_POST["email"]);
       }
    
       if (empty($_POST["website"])) {
          $website = "";
       } else {
          $website = test_input($_POST["website"]);
       }
    
       if (empty($_POST["comment"])) {
          $comment = "";
       } else {
          $comment = test_input($_POST["comment"]);
       }
    
       if (empty($_POST["gender"])) {
          $genderErr = "性别是必须的。";
       } else {
          $gender = test_input($_POST["gender"]);
       }
    }
    
    function test_input($data) {
       $data = trim($data);
       $data = stripslashes($data);
       $data = htmlspecialchars($data);
       return $data;
    }
    ?>
    
    <h2>PHP 表单验证实例</h2>
    <p><span class="error">* 必填字段。</span></p>
    <form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>"> 
       名字: <input type="text" name="name">
       <span class="error">* <?php echo $nameErr;?></span>
       <br><br>
       E-mail: <input type="text" name="email">
       <span class="error">* <?php echo $emailErr;?></span>
       <br><br>
       网址: <input type="text" name="website">
       <span class="error"><?php echo $websiteErr;?></span>
       <br><br>
       备注: <textarea name="comment" rows="5" cols="40"></textarea>
       <br><br>
       性别:
       <input type="radio" name="gender" value="female"><input type="radio" name="gender" value="male"><span class="error">* <?php echo $genderErr;?></span>
       <br><br>
       <input type="submit" name="submit" value="Submit"> 
    </form>
    
    <?php
    echo "<h2>您的输入:</h2>";
    echo $name;
    echo "<br>";
    echo $email;
    echo "<br>";
    echo $website;
    echo "<br>";
    echo $comment;
    echo "<br>";
    echo $gender;
    ?>
    
    </body>
    </html>

    验证邮件和URL

    preg_match() 函数;https://www.runoob.com/php/php-preg_match.html

    preg_match — 进行正则表达式匹配。
    
    语法:
    int preg_match ( string $pattern , string $subject [, array $matches [, int $flags ]] )
    
    
    在 subject 字符串中搜索与 pattern 给出的正则表达式相匹配的内容。如果提供了 matches ,则其会被搜索的结果所填充。$matches[0] 将包含与整个模式匹配的文本,$matches[1] 将包含与第一个捕获的括号中的子模式所匹配的文本,以此类推。

    验证名称

    $name = test_input($_POST["name"]);
    if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
      $nameErr = "只允许字母和空格"; 
    }

    验证邮件

    $email = test_input($_POST["email"]);
    if (!preg_match("/([w-]+@[w-]+.[w-]+)/",$email)) {
      $emailErr = "非法邮箱格式"; 
    }

    验证 URL

    $website = test_input($_POST["website"]);
    if (!preg_match("/(?:(?:https?|ftp)://|www.)[-a-z0-9+&@#/%?=~_|!:,.;]*[-a-z0-9+&@#/%=~_|]/i",$website)) {
      $websiteErr = "非法的 URL 的地址"; 
    }

    验证 Name, E-mail, 和 URL

     <?php
     // 定义变量并默认设置为空值
     $nameErr = $emailErr = $genderErr = $websiteErr = "";
     $name = $email = $gender = $comment = $website = "";
     ​
     if ($_SERVER["REQUEST_METHOD"] == "POST") {
        if (empty($_POST["name"])) {
           $nameErr = "Name is required";
           } else {
              $name = test_input($_POST["name"]);
              // 检测名字是否只包含字母跟空格
              if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
              $nameErr = "只允许字母和空格"; 
              }
          }
        
        if (empty($_POST["email"])) {
           $emailErr = "Email is required";
        } else {
           $email = test_input($_POST["email"]);
           // 检测邮箱是否合法
           if (!preg_match("/([w-]+@[w-]+.[w-]+)/",$email)) {
              $emailErr = "非法邮箱格式"; 
           }
        }
          
        if (empty($_POST["website"])) {
           $website = "";
        } else {
           $website = test_input($_POST["website"]);
           // 检测 URL 地址是否合法
          if (!preg_match("/(?:(?:https?|ftp)://|www.)[-a-z0-9+&@#/%?=~_|!:,.;]*[-a-z0-9+&@#/%=~_|]/i",$website)) {
              $websiteErr = "非法的 URL 的地址"; 
           }
        }
     ​
        if (empty($_POST["comment"])) {
           $comment = "";
        } else {
           $comment = test_input($_POST["comment"]);
        }
     ​
        if (empty($_POST["gender"])) {
           $genderErr = "性别是必需的";
        } else {
           $gender = test_input($_POST["gender"]);
        }
     }
     ?>
     <!DOCTYPE HTML> 
     <html>
     <head>
     <meta charset="utf-8">
     <title>菜鸟教程(runoob.com)</title>
     <style>
     .error {color: #FF0000;}
     </style>
     </head>
     <body><?php
     // 定义变量并默认设置为空值
     $nameErr = $emailErr = $genderErr = $websiteErr = "";
     $name = $email = $gender = $comment = $website = "";
     ​
     if ($_SERVER["REQUEST_METHOD"] == "POST") {
        if (empty($_POST["name"])) {
           $nameErr = "Name is required";
           } else {
              $name = test_input($_POST["name"]);
              // 检测名字是否只包含字母跟空格
              if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
              $nameErr = "只允许字母和空格"; 
              }
          }
        
        if (empty($_POST["email"])) {
           $emailErr = "Email is required";
        } else {
           $email = test_input($_POST["email"]);
           // 检测邮箱是否合法
           if (!preg_match("/([w-]+@[w-]+.[w-]+)/",$email)) {
              $emailErr = "非法邮箱格式"; 
           }
        }
          
        if (empty($_POST["website"])) {
           $website = "";
        } else {
           $website = test_input($_POST["website"]);
           // 检测 URL 地址是否合法
          if (!preg_match("/(?:(?:https?|ftp)://|www.)[-a-z0-9+&@#/%?=~_|!:,.;]*[-a-z0-9+&@#/%=~_|]/i",$website)) {
              $websiteErr = "非法的 URL 的地址"; 
           }
        }
     ​
        if (empty($_POST["comment"])) {
           $comment = "";
        } else {
           $comment = test_input($_POST["comment"]);
        }
     ​
        if (empty($_POST["gender"])) {
           $genderErr = "性别是必需的";
        } else {
           $gender = test_input($_POST["gender"]);
        }
     }
     ​
     function test_input($data) {
        $data = trim($data);
        $data = stripslashes($data);
        $data = htmlspecialchars($data);
        return $data;
     }
     ?><h2>PHP 表单验证实例</h2>
     <p><span class="error">* 必需字段。</span></p>
     <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> 
        名字: <input type="text" name="name">
        <span class="error">* <?php echo $nameErr;?></span>
        <br><br>
        E-mail: <input type="text" name="email">
        <span class="error">* <?php echo $emailErr;?></span>
        <br><br>
        网址: <input type="text" name="website">
        <span class="error"><?php echo $websiteErr;?></span>
        <br><br>
        备注: <textarea name="comment" rows="5" cols="40"></textarea>
        <br><br>
        性别:
        <input type="radio" name="gender" value="female"><input type="radio" name="gender" value="male"><span class="error">* <?php echo $genderErr;?></span>
        <br><br>
        <input type="submit" name="submit" value="Submit"> 
     </form><?php
     echo "<h2>您输入的内容是:</h2>";
     echo $name;
     echo "<br>";
     echo $email;
     echo "<br>";
     echo $website;
     echo "<br>";
     echo $comment;
     echo "<br>";
     echo $gender;
     ?></body> 
    </html>

    愿路途漫长,以后莫失莫忘。 愿你不骄不躁,安稳顺心。

    作者:菜鸟-传奇
    本文版权归作者和博客园共有,不以任何盈利为目的,欢迎转载。但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文链接,否则保留追究法律声明责任的权利。
  • 相关阅读:
    C/C++ volatile
    Linux fopen/fread/fwrite和open/read/write
    反思 承认失败,负重前行。
    算法和数据结构 打印回形矩阵
    Linux 软链接和硬链接
    数据库 CAS原理和ABA问题
    算法和数据结构 海量数据求前K个数
    算法和数据结构 冒泡排序
    java中的经典算法之选择排序(SelectionSort)
    【Java】常量、关键字、标识符、注释
  • 原文地址:https://www.cnblogs.com/cainiao-chuanqi/p/14861565.html
Copyright © 2020-2023  润新知