Валидация данных.
\classes\DB.php
<?php
class DB {
private static function
connect() {
$pdo = new
PDO('mysql:host=127.0.0.1;dbname=SocialNetwork;charset=utf8', 'root',
'');
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
return $pdo;
}
public static function
query($query, $params = array()) {
$statement =
self::connect()->prepare($query);
$statement->execute($params);
if(explode(' ', $query)[0]
== 'SELECT') {
$data =
$statement->fetchAll();
return $data;
}
}
}
?>
create-account.php
<?php
include('classes/DB.php');
if(isset($_POST['createaccount']))
{
$username =
$_POST['username'];
$password =
$_POST['password'];
$email =
$_POST['email'];
if(!DB::query('SELECT username FROM users WHERE username=:username',
array(':username'=>$username))) {
if(strlen($username) >= 3 && strlen($username) <= 32) {
if(preg_match('/[a-zA-Z0-9_]+/', $username)) {
if(strlen($password) >= 6 && strlen($password) <= 60) {
if(filter_var($email, FILTER_VALIDATE_EMAIL)) {
DB::query('INSERT INTO users VALUES (:id, :username, :password,
:email)', array(':id'=>null, ':username'=>$username,
':password'=>password_hash($password, PASSWORD_BCRYPT),
':email'=>$email));
echo "Success!";
} else {
echo 'Invalid email!';
}
}
else {
echo 'Invalid password!';
}
} else
{
echo 'Invalid username!';
}
} else {
echo
'Invalid username!';
}
} else {
echo 'User
already exists!';
}
}
?>
<h1>Register</h1>
<form
action="create-account.php" method="post">
<p><input
type="text" name="username"
placeholder="Username"/></p>
<p><input
type="password" name="password"
placeholder="Password"/></p>
<p><input
type="email" name="email"
placeholder="someone@somesite.com"/></p>
<input
type="submit" name="createaccount" value="Create
Account"/>
</form>
Комментариев нет:
Отправить комментарий