PHP验证和检查
今天,我们要检讨的web应用程序的开发过程中的一个非常重要的一部分。用户输入的验证。这是一个任何应用程序中最棘手的部分。这是为什么?由于开发商无法控制它。你可以写在世界上最好的算法,但仍然如果它包含用户输入的是有失误的地方。即使我们把一些coplicated的逻辑,以防止错误的符号的输入,检查数据的一致性,并尽一切可能以确保它是一切OK,仍然是有可能,用户输入了错误号码。虽然都表示,我们必须尽量避免人为错误的和做到这一点的最好办法是使用正则表达式。 Basicly正则表达式用于字符串匹配。它们都是基于搜索和模式匹配的文本字符串。了大量的书籍,他们写的,甚至还有一些编程语言设计,尤其是正则表达式。但今天我们只是要在正则表达式可以帮助我们与用户输入的简单介绍一下。首先,我建议你熟悉的语言的一些基本概念。完全解释它的语法在PHP手册- >模式语法 现在,让我们的工作。我将介绍一些最常见的问题与用户输入的。我敢肯定,你见过他们大多数如果不是全部。我们要创建所需的输入域的登记表格。他们是如下: -姓名 -地址 -护照 -电子邮件 -电话 -邮编 -日期 -用户名 -密码 这里是测试表(下载), 我们必须定义一些变量,我们将使用PHP验证的例子,将持有我们错误消息。他们的价值观,我们刷新页面每次被清除。
$errName = "";
$errAddress = "";
$errEmail = "";
$errPassport = "";
$errPhone = "";
$errZip = "";
$errDate = "";
$errUser = "";
$errPass = "";
在PHP中使用正则表达式的方法有两种。一个是真正的PHP风格,在这种情况下,我们必须使用ereg()函数,另一种是使用Perl风格的语法,我们验证。在这种情况下,我们必须使用preg_match()函数。在本教程中,我们将使用preg_match(),因为它是在大多数情况下,更快,同时还支持最常见的正则表达式语法。它还为我们提供了更多的功能,我们可以使用。 我们将开始与用户名的验证。我们将只允许字母,空格和破折号。因此,我们创建我们的regexp(正则表达式)。我们将尽一类为我们的可能值。类的创建时我们括在parences中的一些符号。这是我们的类: [A-ZA-Z的-我们的类包含所有字母AZ(全部小写字母),字母(大写字母),空间和破折号之间, 现在我们要设置这个类申请每一个字符,我们进入。因此,我们添加了一个(+),再加上签署后,我们的类定义。我们仍然缺少的东西。我们还没有定义我们的验证测试的范围。我们要设置文本的一部分,我们正在验证。如果我们不这样做,如果发现在我们进入,这是我们没有使用的字符,甚至一场比赛,将满足我们的正则表达式。我们如何做到这一点?我们把我们之间/ ^ $ /开始和结束字符的字符串。“^”是指该行的开始和“$”是指它的结束。我们准备建立我们的regexp。 / ^ [A-ZA-Z的- ] + $ /斜线preg_match用来定义我们的正则表达式的开始和结束, 现在我们已完成,我们呢?有刚做的一件事。我们定义我们班的方式,允许用户输入名称begining破折号。这是我们要防止的东西。因此,我们必须添加一些我们的regexp,所以将不允许 排序,我们定义为一类新的用户名的首字母。它可以只包含大写字母。 现在我们结合我们所做的工作,到目前为止,得到最终结果。如果没有匹配的preg_match()返回0。在这种情况下,我们要设置我们的错误变量,这样我们就可以显示一些有意义的信息给用户 / ^ [AZ] [A-ZA-Z的- ] + $ /
// Full Name must contain letters, dashes and spaces only and must start with upper case letter.
if(preg_match("/^[A-Z][a-zA-Z -]+$/", $_POST["name"]) === 0)
$errName = '
Name must be from letters, dashes, spaces and must not start with dash
';让我们前进到下valitaion领域,这将是该地址。这里不多做,因为它可以包含大量的符号。我们只需要定义一个类持有它们。 / ^ [A-ZA-Z0-9,_:“'] + $ / 翻译本的regexp:不要灰心丧气,从一开始到地址字符串结束检查如果我们的性格是以下AZ,包括AZ,0-9,空格,下划线,破折号,点,逗号,分号,双和事务所报价。您可以添加任何字符,你认为可能是一个地址的一部分。的东西这里要注意的是,当我们有引号的话,我们必须把他们面前的一个转义字符。
// Address must be word characters only
if(preg_match("/^[a-zA-Z0-9 _-.,:"']+$/", $_POST["address"]) === 0)
$errAddress = '
Address must be only letters, numbers or one of the following _ - . , : " '
';我们的下一个任务是创建一个正则表达式验证电子邮件。我们在这里要包括未来的另一表达,这是预定义类的CONSTANS,represend。这里的人的名单,我们将使用: W = [0-9A-ZA-Z_]类,包括数字,字母和下划线。 D = [0-9]类只包括数字 这些常量节省大量的输入和使源代码更容易阅读和理解。什么是电子邮件的面具?第一部分的用户名可以包含字母,数字,点和下划线字符。它以字母开始,如果我们有点,它必须由字母后跟。然后,它必须遵循的@符号和再次的第一部分。在最后,我们必须有2至4个字母的一个点。每当我们有在regexp的特殊含义的字符,我们要使用它作为字符,我们必须以反斜杠转义。
// Email mask
if(preg_match("/^[a-zA-Z]w+(.w+)*@w+(.[0-9a-zA-Z]+)*.[a-zA-Z]{2,4}$/", $_POST["email"]) === 0)
$errEmail = '
Email must comply with this mask: chars(.chars)@chars(.chars).chars(2-4)
';验证字符串是护照。它只能包含数字,是10位或12位数字。但是,我们如何设置我们要多少个字符。我们把所需数量的characteras parences {}和正则表达式看起来像这样/ ^ D {10} $ / / ^ D {12} /美元。我们如何结合这两个词语,让我们使用一个或其他。我们使用。它的标志是“|”。我们的声明是完整/ ^ D {10} $ | ^ D {12} $ /。
// Passport must be only digits

Reasons for PHPSession failure include configuration errors, cookie issues, and session expiration. 1. Configuration error: Check and set the correct session.save_path. 2.Cookie problem: Make sure the cookie is set correctly. 3.Session expires: Adjust session.gc_maxlifetime value to extend session time.

Methods to debug session problems in PHP include: 1. Check whether the session is started correctly; 2. Verify the delivery of the session ID; 3. Check the storage and reading of session data; 4. Check the server configuration. By outputting session ID and data, viewing session file content, etc., you can effectively diagnose and solve session-related problems.

Multiple calls to session_start() will result in warning messages and possible data overwrites. 1) PHP will issue a warning, prompting that the session has been started. 2) It may cause unexpected overwriting of session data. 3) Use session_status() to check the session status to avoid repeated calls.

Configuring the session lifecycle in PHP can be achieved by setting session.gc_maxlifetime and session.cookie_lifetime. 1) session.gc_maxlifetime controls the survival time of server-side session data, 2) session.cookie_lifetime controls the life cycle of client cookies. When set to 0, the cookie expires when the browser is closed.

The main advantages of using database storage sessions include persistence, scalability, and security. 1. Persistence: Even if the server restarts, the session data can remain unchanged. 2. Scalability: Applicable to distributed systems, ensuring that session data is synchronized between multiple servers. 3. Security: The database provides encrypted storage to protect sensitive information.

Implementing custom session processing in PHP can be done by implementing the SessionHandlerInterface interface. The specific steps include: 1) Creating a class that implements SessionHandlerInterface, such as CustomSessionHandler; 2) Rewriting methods in the interface (such as open, close, read, write, destroy, gc) to define the life cycle and storage method of session data; 3) Register a custom session processor in a PHP script and start the session. This allows data to be stored in media such as MySQL and Redis to improve performance, security and scalability.

SessionID is a mechanism used in web applications to track user session status. 1. It is a randomly generated string used to maintain user's identity information during multiple interactions between the user and the server. 2. The server generates and sends it to the client through cookies or URL parameters to help identify and associate these requests in multiple requests of the user. 3. Generation usually uses random algorithms to ensure uniqueness and unpredictability. 4. In actual development, in-memory databases such as Redis can be used to store session data to improve performance and security.

Managing sessions in stateless environments such as APIs can be achieved by using JWT or cookies. 1. JWT is suitable for statelessness and scalability, but it is large in size when it comes to big data. 2.Cookies are more traditional and easy to implement, but they need to be configured with caution to ensure security.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

Dreamweaver CS6
Visual web development tools

SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.

SublimeText3 Linux new version
SublimeText3 Linux latest version

SublimeText3 Mac version
God-level code editing software (SublimeText3)
