0

I already browsed the Internet, but could not find and understand any solution provided.

Basically, I created (or rather copied some scripts from the Internet) and tried to work on the scripts to make a registration page. I'm using PHP, Mysql and XAMPP. The connection is fine already.. I tested some data inputs on a basic form etc.

but My problem is, after I messed around with the scripts, I managed to insert data into the table (peekdoordb)...all the hashing and validation form worked..except that, the form keeps submitting data into the DB even when data is wrong or the field is empty. After I messed around again, then the problem arises. The error is on " $stmt->bindValue(':name', $name);"

I keep getting this error on browser;

Notice: Undefined variable: stmt in C:\xampp\htdocs\eventsite\TMP1kjqc3x.php on line 194

and

Fatal error: Call to a member function bindValue() on a non-object in C:\xampp\htdocs\eventsite\TMP1kjqc3x.php on line 194

The registration.php (registration page) include 2 files which are connect.php and password.php but I never messed anything with those 2 files, because before that, data could be submitted only the problem was with the form, data keeps inserting in DB like I mentioned previously. But the main problem now is about this error.

<?php

//register.php

/**
* Start the session.
*/
session_start();

//Include  password_compat library.

require 'lib/password.php';


//Include MySQL connection.

require 'connect.php';


//define variables and define to null.
$nameError = $telnoError = $usernameError = $passwordError ="";
$name = $telno = $username = $pass = "";


//Retrieve the field values from registration form.
$name = !empty($_POST ['name']) ? trim($_POST['name']) : null ;
$telno = !empty ($_POST ['telno']) ? trim($_POST['telno']) : null;
$username = !empty($_POST['username']) ? trim($_POST['username']) : null;
$pass = !empty($_POST['password']) ? trim($_POST['password']) : null;

function test_input($data) {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}   

$formValid = true; // Boolean - Set to true b4 validating  

//If the POST var "register" exists ( the submit button), then I can
//assume that the user has submitted the registration form.
if(isset($_POST['register'])){


//TO ADD: Error checking (username characters, password length, etc).
//Basically, you will need to add your own error checking BEFORE
//the prepared statement is built and executed.

//Now, we need to check if the supplied username already exists.

//Construct the SQL statement and prepare it.

    if (empty($_POST["name"])) {
        $nameError = "Name is required";
    }else {
        $name = test_input($_POST["name"]);
// check name only contains letters and whitespace
        if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
            $nameError = "Only letters and white space allowed";
        }
    }

    if (empty($_POST["telno"])) {
        $telnoError = "Tel number is required";
    } else {
        $telno = test_input($_POST["telno"]);
// check if e-mail address syntax is valid or not
        if (!preg_match("/^[a-zA-Z ]*$/",$telno)) {
            $telnoError = "Invalid tel no format";
        }
    }

    if (empty($_POST["username"])) {
        $usernameError = "username is required";
    } else {
        $username = test_input($_POST["username"]);
// check name only contains letters and email syntax
        if (!preg_match("/^[a-zA-Z ]*$/",$username)) {
            $usernameError = "Only letters and email syntax required";
        }
    }


    if (empty($_POST["password"])) {
        $passwordError = "passworde is required";
    } else {
        $pass = test_input($_POST["password"]);
// check name only contains letters and email syntax
        if (!preg_match("/^[a-zA-Z ]*$/",$pass)) {
            $passwordError = "Only password letter syntax";
        }
    }


//*******************************************************************   



    $sql = "SELECT COUNT(username) AS num FROM users WHERE username = :username";

    $stmt = $pdo->prepare($sql);

//Bind the provided username to our prepared statement.
    $stmt->bindValue(':username', $username);


//Execute.
    $stmt->execute();

//Fetch the row.
    $row = $stmt->fetch(PDO::FETCH_ASSOC);

//If the provided username already exists - display error.
//TO ADD - Your own method of handling this error. For example purposes,
//I'm just going to kill the script completely, as error handling is outside
//the scope of this tutorial.
    if($row['num'] > 0){
        die('That username already exists!');
    }

//Hash the password as we do NOT want to store our passwords in plain text.
    $passwordHash = password_hash($pass, PASSWORD_BCRYPT, array("cost" => 12));
}



//If the signup process is successful.
elseif($formValid){


//******************************ppppp       

//Bind our variables.

    $stmt->bindValue(':name', $name);
    $stmt->bindValue(':telno', $telno);
    $stmt->bindValue(':username', $username);
    $stmt->bindValue(':password', $passwordHash);
    $stmt = $pdo->prepare($sql); 


//Prepare our INSERT statement.
//Remember: We are inserting a new row into our users table.
    $sql = "INSERT INTO users (name, telno, username, password) VALUES (:name, :telno, :username, :password)";




//Execute the statement and insert the new account.
    $result = $stmt->execute();





//What you do here is up to you!
    echo 'Thank you for registering with our website.';
}
else {
    die('something wrong!'); 
}
?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <title>Register</title>
    <style type="text/css">
        .lucida {
            font-family: "MS Serif", "New York", serif;
        }
        body form table {
            font-weight: bold;
        }
    </style>
</head>
<body>
    <h1>&nbsp;</h1>
    <h1>&nbsp;</h1>
    <h1 align="center">     Register</h1>
    <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"  method="post">
        <div align="center">
            <table width="800" border="0">
                <tr>
                    <td width="404" class="lucida"><div align="right">Name :</div></td>
                    <td width="386"><input class="input" name="name" type="text" value="<?PHP print $name ; ?>">
                        <span class="error">* <?php echo $nameError;?></span></td>
                    </tr>
                    <tr>
                        <td class="lucida"><div align="right">Contact Number :</div></td>
                        <td><input class="input" name="telno" type="text" value="<?PHP print $telno ; ?>">
                            <span class="error">* <?php echo $telnoError;?></span></td>
                        </tr>
                        <tr>
                            <td class="lucida"><div align="right">Email (Username) :</div></td>
                            <td><input class="input" name="username" type="text" value="<?PHP print $username ; ?>">
                                <span class="error">* <?php echo $usernameError;?></span></td>
                            </tr>
                            <tr>
                                <td class="lucida"><div align="right">Password :</div></td>
                                <td><input class="input" name="password" type="text" value="">
                                    <span class="error">* <?php echo $passwordError;?></span></td>
                                </tr>
                                <tr>
                                    <td class="lucida"><div align="right"></div></td>
                                    <td>&nbsp;</td>
                                </tr>
                                <tr>
                                    <td><div align="right"></div></td>
                                    <td>&nbsp;</td>
                                </tr>
                                <tr>
                                    <td>&nbsp;</td>
                                    <td>&nbsp;</td>
                                </tr>
                                <tr>
                                    <td><div align="right"></div></td>
                                    <td>&nbsp;</td>
                                </tr>
                            </table>
                            <input type="submit" name="register" value="Register">
                            <br>
                        </div>
                    </button>
                </form>
            </body>
            </html>
4

2 に答える 2

0

データが間違っていたり、フィールドが空の場合でも、フォームはデータを DB に送信し続けます

$formValid間違った場所でチェックインしています。条件は次のように要約できます。

$formValid = true;
if (isset($_POST['register'])) {

} else if ($formValid) {

} else { ...

上記のように、$_POST['register']が設定されていない場合 (たとえば、登録フォームをロードするとき)、コードは 2 番目の if ステートメントにあるものを実行します。条件構造を修正して、最初の条件内にフォームの有効性チェックを含める必要があります。

$formValid = true;
if (isset($_POST['register'])) {
    // validation stuff goes here
    if ($formValid) {
        //database insert goes here
    }
    else {
        //invalid data. Tell the user
    }
}

また、原則として、そうでないことが証明されない限り、ユーザーからのデータは無効であると想定する必要があり$formValidますfalse

注意: 未定義の変数: 19 行目の C:\xampp\htdocs\eventsite\TMP1kjqc3x.php の stmt 致命的なエラー: C:\xampp\htdocs\eventsite\TMP1kjqc3x の非オブジェクトでメンバー関数 bindValue() を呼び出します。 194行目のphp

$stmtのスコープ内で定義されていない変数を使用しようとしていますelse if($formValid)。についても同様です$sql。変数は、使用する前に設定する必要があります。順序は次のとおりです。

$sql = "INSERT INTO users (name, telno, username, password) VALUES (:name, :telno, :username, :password)";

$stmt = $pdo->prepare($sql); 

$stmt->bindValue(':name', $name);
$stmt->bindValue(':telno', $telno);
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', $passwordHash);
于 2015-12-15T12:07:16.953 に答える
-1

これを試して -

//Prepare our INSERT statement.
//Remember: We are inserting a new row into our users table.
$sql = "INSERT INTO users (name, telno, username, password) VALUES (:name, :telno, :username, :password)";

$stmt = $pdo->prepare($sql); 

$stmt->bindValue(':name', $name);
$stmt->bindValue(':telno', $telno);
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', $passwordHash);


//Execute the statement and insert the new account.
$stmt->execute();

ステートメントの前にあるため、このエラーが発生していますbindValue。変数の下のステートメントで値をバインドprepareできますか。これは私のために働いています。prepare$sql

更新された回答

<?php
//register.php

/**
 * Start the session.
 */
session_start();

//Include  password_compat library.
require 'lib/password.php';
//Include MySQL connection.

require 'connect.php';


//define variables and define to null.
$nameError = $telnoError = $usernameError = $passwordError = "";
$name = $telno = $username = $pass = "";


//Retrieve the field values from registration form.
$name = !empty($_POST ['name']) ? trim($_POST['name']) : null;
$telno = !empty($_POST ['telno']) ? trim($_POST['telno']) : null;
$username = !empty($_POST['username']) ? trim($_POST['username']) : null;
$pass = !empty($_POST['password']) ? trim($_POST['password']) : null;

function test_input($data) {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}

$formValid = true; // Boolean - Set to true b4 validating  
//If the POST var "register" exists ( the submit button), then I can
//assume that the user has submitted the registration form.
if (isset($_POST['register'])) {


//TO ADD: Error checking (username characters, password length, etc).
//Basically, you will need to add your own error checking BEFORE
//the prepared statement is built and executed.
//Now, we need to check if the supplied username already exists.
//Construct the SQL statement and prepare it.

    if (empty($_POST["name"])) {
        $nameError = "Name is required";
        $formValid = false;
    } else {
        $name = test_input($_POST["name"]);
// check name only contains letters and whitespace
        if (!preg_match("/^[a-zA-Z ]*$/", $name)) {
            $nameError = "Only letters and white space allowed";
            $formValid = false;
        }
    }

    if (empty($_POST["telno"])) {
        $telnoError = "Tel number is required";
        $formValid = false;
    } else {
        $telno = test_input($_POST["telno"]);
// check if e-mail address syntax is valid or not
        if (!preg_match("/^[a-zA-Z ]*$/", $telno)) {
            $telnoError = "Invalid tel no format";
            $formValid = false;
        }
    }

    if (empty($_POST["username"])) {
        $usernameError = "username is required";
        $formValid = false;
    } else {
        $username = test_input($_POST["username"]);
// check name only contains letters and email syntax
        if (!preg_match("/^[a-zA-Z ]*$/", $username)) {
            $usernameError = "Only letters and email syntax required";
            $formValid = false;
        }
    }


    if (empty($_POST["password"])) {
        $passwordError = "passworde is required";
        $formValid = false;
    } else {
        $pass = test_input($_POST["password"]);
// check name only contains letters and email syntax
        if (!preg_match("/^[a-zA-Z ]*$/", $pass)) {
            $passwordError = "Only password letter syntax";
            $formValid = false;
        }
    }


//*******************************************************************   



    $sql = "SELECT COUNT(username) AS num FROM users WHERE username = :username";

    $stmt = $pdo->prepare($sql);

//Bind the provided username to our prepared statement.
    $stmt->bindValue(':username', $username);


//Execute.
    $stmt->execute();

//Fetch the row.
    $row = $stmt->fetch(PDO::FETCH_ASSOC);

//If the provided username already exists - display error.
//TO ADD - Your own method of handling this error. For example purposes,
//I'm just going to kill the script completely, as error handling is outside
//the scope of this tutorial.
    if ($row['num'] > 0) {
        $usernameError = 'That username already exists!';
        $formValid = false;
    }

//Hash the password as we do NOT want to store our passwords in plain text.
    $passwordHash = password_hash($pass, PASSWORD_BCRYPT, array("cost" => 12));
    //$passwordHash = $pass;

    if ($formValid) {
//******************************ppppp       
//Bind our variables.
//Prepare our INSERT statement.
//Remember: We are inserting a new row into our users table.
        $sql = "INSERT INTO users (name, telno, username, password) VALUES (:name, :telno, :username, :password)";
        $stmt = $pdo->prepare($sql);

        $stmt->bindValue(':name', $name);
        $stmt->bindValue(':telno', $telno);
        $stmt->bindValue(':username', $username);
        $stmt->bindValue(':password', $passwordHash);





//Execute the statement and insert the new account.
        $result = $stmt->execute();





//What you do here is up to you!
        echo 'Thank you for registering with our website.';
    }
}
?>
<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8">
        <title>Register</title>
        <style type="text/css">
            .lucida {
                font-family: "MS Serif", "New York", serif;
            }
            body form table {
                font-weight: bold;
            }
        </style>
    </head>
    <body>
        <h1>&nbsp;</h1>
        <h1>&nbsp;</h1>
        <h1 align="center">     Register</h1>
        <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>"  method="post">
            <div align="center">
                <table width="800" border="0">
                    <tr>
                        <td width="404" class="lucida"><div align="right">Name :</div></td>
                        <td width="386"><input class="input" name="name" type="text" value="<?PHP print $name; ?>">
                            <span class="error">* <?php echo $nameError; ?></span></td>
                    </tr>
                    <tr>
                        <td class="lucida"><div align="right">Contact Number :</div></td>
                        <td><input class="input" name="telno" type="text" value="<?PHP print $telno; ?>">
                            <span class="error">* <?php echo $telnoError; ?></span></td>
                    </tr>
                    <tr>
                        <td class="lucida"><div align="right">Email (Username) :</div></td>
                        <td><input class="input" name="username" type="text" value="<?PHP print $username; ?>">
                            <span class="error">* <?php echo $usernameError; ?></span></td>
                    </tr>
                    <tr>
                        <td class="lucida"><div align="right">Password :</div></td>
                        <td><input class="input" name="password" type="text" value="">
                            <span class="error">* <?php echo $passwordError; ?></span></td>
                    </tr>
                    <tr>
                        <td class="lucida"><div align="right"></div></td>
                        <td>&nbsp;</td>
                    </tr>
                    <tr>
                        <td><div align="right"></div></td>
                        <td>&nbsp;</td>
                    </tr>
                    <tr>
                        <td>&nbsp;</td>
                        <td>&nbsp;</td>
                    </tr>
                    <tr>
                        <td><div align="right"></div></td>
                        <td>&nbsp;</td>
                    </tr>
                </table>
                <input type="submit" name="register" value="Register">
                <br>
            </div>
        </button>
    </form>
</body>
</html>
于 2015-12-15T11:52:57.197 に答える