有人可以向我解释为什么这种模式被识别为字母数字?字母数字模式PHP与preg_match
\ 13 \ 13 \ 13 \ 13 \ 13 \ 13 \ 13 \ 13 \ 13234234 \ 3
请参见本链接enter link description here
像我写的代码只是为了告诉你,它是公认的字母数字
编辑15.06.214 21:40
我补充一些资料,我很抱歉,我忘了。
您看到的变量取自输入表单。这是我为了使信息清洁并准备插入数据库而使用的代码。
PS:只为您的信息,变量$ errform用于以后的页面
<?php
$username = $password = $fname = $lname = $mail = $id_dept = "";
$usernameERR = $passwordERR = $fnameERR = $lnameERR = $id_deptERR = "";
$errform = 2;
?>
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = clean_data($_POST["username"]);
$password = clean_data($_POST["password"]);
$fname = clean_data($_POST["fname"]);
$lname = clean_data($_POST["lname"]);
$mail = clean_data($_POST["mail"]);
$id_dept = clean_data($_POST["id_dept"]);
if (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
$usernameERR = "Only letters and numbers allowed";
}
if (!preg_match("/^[a-zA-Z0-9]*$/", $password)) {
$passwordERR = "Only letters and numbers allowed";
}
if (!preg_match("/^[a-zA-Z ]*$/", $fname)) {
$fnameERR = "Only letters and white space allowed";
}
if (!preg_match("/^[a-zA-Z ]*$/", $lname)) {
$lnameERR = "Only letters and white space allowed";
}
}
function clean_data($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if (isset($_POST['submit'])) {
if ((!preg_match("/^[a-zA-Z0-9]*$/", $username))
|| (!preg_match("/^[a-zA-Z0-9]*$/", $password))
|| (!preg_match("/^[a-zA-Z ]*$/", $fname))
|| (!preg_match("/^[a-zA-Z ]*$/", $lname))) {
$errform = 1;
} else {
$errform = 0;
$con = mysqli_connect($hostdb,$userdb,$passwdb,$dbTEST);
if (mysqli_connect_errno()) {
echo "Impossibile connettersi a MySQL: " . mysqli_connect_error();
}
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = md5(mysqli_real_escape_string($con, $_POST['password']));
$fname = mysqli_real_escape_string($con, $_POST['fname']);
$lname = mysqli_real_escape_string($con, $_POST['lname']);
$mail = mysqli_real_escape_string($con, $_POST['mail']);
$id_dept = mysqli_real_escape_string($con, $_POST['id_dept']);
if (!mysqli_query($con, "INSERT INTO user (id_user, username, password, fname, lname, mail, id_dept) VALUES (NULL, '$username', '$password', '$fname', '$lname', '$mail', '$id_dept')")) {
die ("Error: " . mysqli_error($con));
}
mysqli_close($con);
}
}
?>
编辑15/06/2014 22:41
的 “触发” 错误消息好吧,
对不起,大家我理解了问题的根源。
什么我检查是
(preg_match("/^[a-zA-Z0-9]*$/", $username))
在我的代码,$用户名得到这个待遇
$username = clean_data($_POST["username"]);
if (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
$usernameERR = "Only letters and numbers allowed";
}
其中
function clean_data($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
所以当我发布 \ q \ q \ q \ q \ q \ q \ q \ q \ q 这被剥离并且变成 qq qqqqqqq
但是,有两个问题。首先的问题是,我与此相呼应
echo "post username: " . $_POST["username"];
以及与此
echo "preg username " . preg_match("/^[a-zA-Z0-9]*$/", $username);
比较,很明显的是$ _ POST [“用户名”]是不是==至$的用户名,因为这最后一个拿到了处理clead_data函数,而POST不行。
所以当我在做preg_match时,我正在做$ username = qqqqqqqqqqq(这是字母数字),而我告诉你的是$ _POST ['username'] = \ q \ q \ q \ q \ q \ q \ q \ q \ q \ q \ q
的第二个问题是,我是发送到数据库
$username = mysqli_real_escape_string($con, $_POST['username']);
,而我应该就这么传这
$username = mysqli_real_escape_string($con, $username);
数据库到达了NON CLEANED数据。
请编辑该问题以包含相关代码和输出,并使其更好地描述情况。现在,即使使用屏幕截图也不清楚,使用屏幕截图来转储这样的信息无论如何都是不被接受的。 – Jon