こんにちは、PHP に関する簡単な質問ですが、以下のコードの $html[$firstname] がサーバー エラー ログで未定義のインデックスとして表示される理由をまだ学習中です....
こんにちは、わかりやすくするためにすべてのコードを示します。PDO のコードが十分であり、エスケープする必要がないかどうか教えてください。 php をブラウザに。
<?php
$firstname = "";
$lastname = "";
$username = "";
$email = "";
$password = "";
$confirm_password = "";
$_POST['firstname'] = $firstname;
$_POST['lastname'] = $lastname;
$_POST['username'] = $username;
$_POST['email'] = $email;
$_POST['password'] = $password;
$_POST['confirm_password'] = $confirm_password;
$clean = array();
if(ctype_alnum($firstname)){
$clean[$firstname] = $firstname;
};
if(ctype_alnum($lastname)){
$clean[$lastname] = $lastname;
};
if(ctype_alnum($username)){
$clean[$username] = $username;
};
if(isset($email)){
filter_var($email, FILTER_SANITIZE_EMAIL);
};
//initialize an array for escaped data
$html = array();
//escape the filtered data
$html[$firstname] = htmlentities($clean[$firstname], ENT_QUOTES, 'UTF-8');
$html[$lastname] = htmlentities($clean[$lastname], ENT_QUOTES, 'UTF-8');
$html[$username] = htmlentities($clean[$username], ENT_QUOTES, 'UTF-8');
$html[$email] = htmlentities($email, ENT_QUOTES, 'UTF-8');
$html[$password] = htmlentities($password, ENT_QUOTES, 'UTF-8');
$html[$confirm_password] = htmlentities($confirm_password, ENT_QUOTES, 'UTF-8');
//
//write function to generate random salt for every password, + bcrypt allpasswords, then store in db
$salt = substr(str_replace('+', '.', base64_encode(pack('N4', mt_rand(), mt_rand(), mt_rand(), mt_rand()))), 0, 22);
$hash = crypt($html[$password], '$2a$10$'.$salt.'$');
$currentPassword = '$2a$15$Ku2hb./9aA71tPo/E015h.LsNjXrZe8pyRwXOCpSnGb0nPZuxeZP2';
$checkPassword = $password;
if(crypt($checkPassword, $currentPassword) === $currentPassword){
echo 'You are in!';
}else{
echo 'You entered the wrong password';
}
// store everything in the database execute prepare, then send back the email verification, do not send
//new password to email, and don't send forgotten password to email, just get them to remember it and click the link'
//connect to the database
$user = "*****";
$dbpassword = "****";
$db = new PDO('mysql:host=localhost;dbname=_virtualpiersclose', $user, $dbpassword);
$statement = $db->prepare("INSERT INTO users (firstname, lastname, username, email, password)
VALUES (:firstname, :lastname, :username, :email, :password)");
$statement->bindParam(':firstname', $html[$firstname]);
$statement->bindParam(':lastname', $html[$lastname]);
$statement->bindParam(':username', $html[$username]);
$statement->bindParam(':email', $html[$email]);
$statement->bindParam(':password',$html[$password]);
$statement->execute();
$db = NULL;
?>