-1
PHPとMySQLを使用して簡単なユーザ登録フォームを作成しようとしています。 「パスワードを入力してください」というメッセージ以外はすべて正常に動作しています。パスワード入力フィールドが空で、データが空のパスワードでデータベースに挿入された場合は、エコーされません。これをどうすれば解決できますか?PHP MySQLユーザ登録フォームで空のパスワードフィールドがブロックされない
<?php
if(isset($_SESSION['username'])){
header("Location: index.php");
}
if(isset($_POST['register'])){
include_once('connect.php');
$name = $surname = $email = $username = "";
$name = strip_tags($_POST['name']);
$surname = strip_tags($_POST['surname']);
$email = strip_tags($_POST['email']);
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$password_confirm = strip_tags($_POST['password_confirm']);
$name = stripslashes($name);
$surname = stripslashes($surname);
$email = stripslashes($email);
$username = stripslashes($username);
$password = stripslashes($password);
$password_confirm = stripslashes($password_confirm);
$name = mysqli_real_escape_string($conn, $name);
$surname = mysqli_real_escape_string($conn, $surname);
$email = mysqli_real_escape_string($conn, $email);
$username = mysqli_real_escape_string($conn, $username);
$password = mysqli_real_escape_string($conn, $password);
$password_confirm = mysqli_real_escape_string($conn, $password_confirm);
$password = md5($password);
$password_confirm = md5($password_confirm);
$sql_store = "insert into user (username, name, surname, email, password) values ('$username', '$name', '$surname', '$email', '$password')";
$sql_fetch_username = "select username from user where username = '$username'";
$sql_fetch_email = "select email from user where email = '$email'";
$query_username = mysqli_query($conn, $sql_fetch_username);
$query_email = mysqli_query($conn, $sql_fetch_email);
if (!empty($name) && !empty($surname) && !empty($email) && !empty($username) && !empty($password) && !empty($password_confirm)){
if(mysqli_num_rows($query_username)){
echo "That username is already in use.<br>";
}
else{
if(mysqli_num_rows($query_email)){
echo "That email is already in use.<br>";
}
else{
if($password != $password_confirm){
echo "The passwords do not match.<br>";
}
else{
mysqli_query($conn, $sql_store);
header("Location: index.php");
}
}
}
}
else{
if($name == ""){
echo "Please insert a name.<br>";
}
if($surname == ""){
echo "Please insert a surname.<br>";
}
if(mysqli_num_rows($query_username)){
echo "That username is already in use.<br>";
}
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
if($email == ""){
echo "Please insert an email.<br>";
}
else{
echo "The email is not valid.<br>";
}
}
if(mysqli_num_rows($query_email)){
echo "That email is already in use.<br>";
}
if($username == ""){
echo "Please insert an username.<br>";
}
if($password == "" || $password_confirm == ""){
echo "Please insert a password.<br>";
}
}
}
?>
<html>
<body>
<form action="register.php" method="POST">
<input placeholder="Name" name="name" type="text" value="<?php if(!empty($name)){echo $name;}?>">
<input placeholder="Surname" name="surname" type="text" value="<?php if(!empty($surname)){echo $surname;} ?>"><br><br>
<input placeholder="E-Mail Address" name="email" type="text" value="<?php if(!empty($email)){echo $email;} ?>">
<input placeholder="Username" name="username" type="text" value="<?php if(!empty($username)){echo $username;} ?>"><br><br>
<input placeholder="Password" name="password" type="password">
<input placeholder="Confirm Password" name="password_confirm" type="password">
<input name="register" type="submit" value="Register">
</form>
</body>
</html>
ロジックがオフである –
ライブに行く予定がある場合は、このコードを使用しないでください。安全ではありません。プリペアドステートメントと 'password_hash()'を使用してください。 –