-2

こんにちは、PHP に関する簡単な質問ですが、以下のコードの $html[$firstname] がサーバー エラー ログで未定義のインデックスとして表示される理由をまだ学習中です....

こんにちは、わかりやすくするためにすべてのコードを示します。PDO のコードが十分であり、エスケープする必要がないかどうか教えてください。 php をブラウザに。

<?php

$firstname = "";
$lastname = "";
$username = "";
$email = "";
$password = "";
$confirm_password = "";
$_POST['firstname'] = $firstname;
$_POST['lastname'] = $lastname;
$_POST['username'] = $username;
$_POST['email'] = $email;
$_POST['password'] = $password;
$_POST['confirm_password'] = $confirm_password;
$clean =  array();
if(ctype_alnum($firstname)){
  $clean[$firstname] = $firstname;
};
if(ctype_alnum($lastname)){
  $clean[$lastname] = $lastname;
};
if(ctype_alnum($username)){
  $clean[$username] = $username;
};

if(isset($email)){
  filter_var($email, FILTER_SANITIZE_EMAIL);
};
//initialize an array for escaped data
$html = array();
//escape the filtered data
$html[$firstname] = htmlentities($clean[$firstname], ENT_QUOTES, 'UTF-8');
$html[$lastname] = htmlentities($clean[$lastname], ENT_QUOTES, 'UTF-8');
$html[$username] = htmlentities($clean[$username], ENT_QUOTES, 'UTF-8');
$html[$email] = htmlentities($email, ENT_QUOTES, 'UTF-8');
$html[$password] = htmlentities($password, ENT_QUOTES, 'UTF-8');
$html[$confirm_password] = htmlentities($confirm_password, ENT_QUOTES, 'UTF-8');
//
//write function to generate random salt for every password, + bcrypt allpasswords, then store in db


$salt = substr(str_replace('+', '.', base64_encode(pack('N4', mt_rand(),  mt_rand(), mt_rand(), mt_rand()))), 0, 22);
$hash = crypt($html[$password], '$2a$10$'.$salt.'$');


$currentPassword = '$2a$15$Ku2hb./9aA71tPo/E015h.LsNjXrZe8pyRwXOCpSnGb0nPZuxeZP2';
$checkPassword = $password;
if(crypt($checkPassword, $currentPassword) === $currentPassword){
    echo 'You are in!';
}else{
    echo 'You entered the wrong password';
}

// store everything in the database execute prepare, then send back the email verification, do not send
//new password to email, and don't send forgotten password to email, just get them to remember it and click the link'
//connect to the database
$user = "*****";
$dbpassword = "****";
$db = new PDO('mysql:host=localhost;dbname=_virtualpiersclose', $user, $dbpassword);
$statement = $db->prepare("INSERT INTO users (firstname, lastname, username, email, password)
    VALUES (:firstname, :lastname, :username, :email, :password)");
$statement->bindParam(':firstname', $html[$firstname]);
$statement->bindParam(':lastname', $html[$lastname]);
$statement->bindParam(':username', $html[$username]);
$statement->bindParam(':email', $html[$email]);
$statement->bindParam(':password',$html[$password]);

$statement->execute();

$db = NULL;

?>
4

1 に答える 1

3

あなたが望んでいたのは次のとおりだと思います:

$html['firstname']

そうは言っても、あなたのコードは少しクレイジーで、あまり意味がありません。いくつかのアクセス パターンを次に示します。

$ar = array(
    'firstname' => 'Joe',
    'hello' => 'Hi there!'
);

$n = 'firstname';  // assign the string 'firstname' to $n
$x = $ar['firstname'];  // $x becomes 'Joe'
$x = $ar[$n]; // also $x becomes 'Joe', because $n is 'firstname'
$x = $ar[$firstname]; // doesn't return anything, because the variable $firstname is not assigned.  Will trigger a warning, too.
$firstname = 'hello'; // assign 'hello' to $firstname
$x = $ar[$firstname]; // $x becomes 'Hi there!'
$ar['hello'] = 'Good Bye.'; // Change $ar['hello']
$ar[$firstname] = 'So long!'; // Also changes $ar['hello']

また、割り当てステートメントを逆さまにしています。等号の左側の変数は、右側から値を受け取ります。$_POST['firstname']の内容を変数に保存したかったと思います$firstname。おそらく修正が必要な数行を次に示します。

$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
// ... etc ...
if(ctype_alnum($firstname)){
    $clean['firstname'] = $firstname;
};
于 2013-01-24T22:16:37.703 に答える