Beispiel #1
0
function register_user()
{
    global $db;
    try {
        $user = $_POST['user'];
        $name = $_POST['name'];
        $email = $_POST['email'];
        $hashPass = $_POST['pass'];
        $confirmationPass = $_POST['confPass'];
        if ($confirmationPass != $hashPass) {
            $msg = "Passwords don't match";
            return $msg;
        } else {
            if (!check_user_name($user)) {
                $msg = "Only letters and numbers allowed for UserName";
                return $msg;
            } else {
                if (!check_name($name)) {
                    $msg = "Only letters and white space allowed for Name";
                    return $msg;
                } else {
                    if (!check_email_exists($email)) {
                        $msg = "E-mail already used";
                        return $msg;
                    } else {
                        if (!check_user($user)) {
                            $msg = "Username already taken, please choose another";
                            return $msg;
                        } else {
                            $pass = md5($hashPass);
                            $ins = $db->prepare('INSERT INTO User (user,name,email,password) Values (?, ?, ?, ?)');
                            $ins->execute(array($user, $name, $email, $pass));
                            return send_email($email, $name);
                        }
                    }
                }
            }
        }
    } catch (PDOException $e) {
        echo $e->getMessage();
    }
}
             3. 对于get方式,服务器端用Request.QueryString获取变量的值,对于post方式,服务器端用Request.Form获取提交的数据。
             4. get传送的数据量较小,不能大于2KB。post传送的数据量较大,一般被默认为不受限制。但理论上,IIS4中最大量为80KB,IIS5中为100KB。
             5. get安全性非常低,post安全性较高。但是执行效率却比Post方法好。 
 
             建议:
             1、get方式的安全性较Post方式要差些,包含机密信息的话,建议用Post数据提交方式;
             2、在做数据查询时,建议用Get方式;而在做数据添加、修改或删除时,建议用Post方式;*/
 $password = trim($_POST['password']);
 $password_again = trim($_POST['password_again']);
 //返回字符串去除首尾空白字符后的结果
 $mobile = trim($_POST['mobile']);
 $email = handle_user_post_string($_POST['email']);
 $has_error = FALSE;
 $errors = [];
 //check name
 $check_user_name_result = check_user_name($name, $medoo);
 if ($check_user_name_result[0]) {
     $has_error = TRUE;
     array_push($errors, $check_user_name_result[1]);
 }
 //check password
 $check_user_password_result = check_user_password($password, $password_again);
 if ($check_user_password_result[0]) {
     $has_error = TRUE;
     array_push($errors, $check_user_password_result[1]);
 }
 //check mobile
 $check_user_mobile_result = check_user_mobile($mobile, $medoo);
 if ($check_user_mobile_result[0]) {
     $has_error = TRUE;
     array_push($errors, $check_user_mobile_result[1]);