在 Slim 应用程序中实施标准 PHP 表单验证
Implementing standard PHP form validation within a Slim application
所以我正在尝试对注册表单实施 php 服务器端验证。我正在使用 slim 框架和 twig 模板来显示 html。我一直在尝试使用 this example 来实现这一点,但我认为我设置 slim 路由的方式会干扰注册表单上正确显示的错误消息。
我的应用程序当前的工作方式是用户导航到显示注册表单的注册表单页面。此处显示:
$app->get('/register', function(Request $request, Response $response)
{
return $this->view->render($response,
'register.html.twig',
[
'css_path' => CSS_PATH,
'landing_page' => $_SERVER["SCRIPT_NAME"],
'action_register' => './register/success',
//'initial_input_box_value' => null,
'page_title' => 'Login App - Register',
]);
})->setName('register');
'action_register' => './register/success', 表示 html twig 表单中的表单“action”属性,并指示表单数据的处理位置和方式以及对提交表单的响应。这可以在这里看到:(请注意 register/success 页面的前几行是我一直用于 php 验证的指南中使用的示例)
$app->post('/register/success', function(Request $request, Response $response) use ($app)
{
$nameError = " ";
if(isset($_POST['submit']))
{
if (empty($_POST["username"])) {
$nameError = "Name is required";
} else {
$name = test_input($_POST["username"]);
// check name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameError = "Only letters and white space allowed";
}
}
}
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$arr_tainted_params = $request->getParsedBody();
$sanitizer_validator = $this->get('validate_sanitize');
$password_hasher = $this->get('hash_password');
$tainted_email = $arr_tainted_params['email'];
$tainted_username = $arr_tainted_params['username'];
$tainted_password = $arr_tainted_params['password'];
$model = $this->get('model');
$sql_wrapper = $this->get('sql_wrapper');
$sql_queries = $this->get('sql_queries');
$db_handle = $this->get('dbase');
$cleaned_email = $sanitizer_validator->validate_email($tainted_email);
$cleaned_username = $sanitizer_validator->validate_username($tainted_username);
$cleaned_password = $sanitizer_validator->validate_password($tainted_password);
$hashed_cleaned_password = $password_hasher->hash_password($cleaned_password);
$model->set_user_values($cleaned_username, $cleaned_email, $hashed_cleaned_password);
$model->set_sql_wrapper($sql_wrapper);
$model->set_sql_queries($sql_queries);
$model->set_db_handle($db_handle);
if ($sanitizer_validator->get_validate_messages() == ' ')
{
$model->store_user_details();
$_SESSION["loggedin"] = true;
$_SESSION["username"] = $cleaned_username;
$arr_storage_result_message = '';
echo $sanitizer_validator->get_validate_messages(); //this will be turned into a proper alert prompt at a later date
}
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true)
{
return $this->view->render($response,
'display_user.html.twig',
[
'css_path' => CSS_PATH,
'landing_page' => $_SERVER["SCRIPT_NAME"],
//'action_register' => 'index.php/register',
//'initial_input_box_value' => null,
'page_title' => 'Login App - Display',
'username' => $cleaned_username,
'hashed_password' => $cleaned_password,
]);
}
});
想法是用户创建一个帐户然后登录,从而显示 'display_user.html.twig'。否则,有关表单验证的错误消息应显示在注册表单本身上。但是注册表单只显示在 /register 页面上。但是注册表单会在 registration/success 页面上发布数据并进行处理。
所以我不确定 php 验证指南代码是否在错误的位置,或者我的 slim 路由对于表单验证的目的不正确。我认为问题在于提交表单时它将用户重定向到一个新页面,即 register/success.
总而言之,我正在尝试在使用 twig 模板的超薄应用程序中实现 php 表单验证,例如 this。
如果有帮助,我还会包括注册表的 register.html.twig 页面:
{% extends 'header_footer.html.twig'%}
{% block content %}
<h3>Register A New Account</h3>
<form method = "post" action = " {{ action_register }} ">
<p>Email: <input type="text" name="email" ><br></p>
<p>Username: <input type="text" name="username" ><br></p>
<span class="error">* <?php echo $nameError;?></span> //code used in the php validation guide
<p>Password: <input type="text" name="password" ><br></p>
<!--<p>Password Confirm: <input type="text" name="password_confirm"><br></p> THIS WILL BE IMPLEMENTED LATER-->
<input type="submit" value="Create Account">
</form>
{% endblock %}
你不能像那样在 Twig 中使用 PHP。
看看这些:
借助 Flash 和 Slim-Validation,您可以获得所需的错误消息。
如果您不想使用上述组件,那么您可以简单地将 $nameError 变量传递给模板:
PHP:
return $this->view->render($response,
'display_user.html.twig',
[
'nameError' => $nameError, // HERE
'css_path' => CSS_PATH,
'landing_page' => $_SERVER["SCRIPT_NAME"],
//'action_register' => 'index.php/register',
//'initial_input_box_value' => null,
'page_title' => 'Login App - Display',
'username' => $cleaned_username,
'hashed_password' => $cleaned_password,
]
);
树枝:
{% if nameError %}<span class="error">* {{ nameError }}</span>{% endif %}
所以我正在尝试对注册表单实施 php 服务器端验证。我正在使用 slim 框架和 twig 模板来显示 html。我一直在尝试使用 this example 来实现这一点,但我认为我设置 slim 路由的方式会干扰注册表单上正确显示的错误消息。
我的应用程序当前的工作方式是用户导航到显示注册表单的注册表单页面。此处显示:
$app->get('/register', function(Request $request, Response $response)
{
return $this->view->render($response,
'register.html.twig',
[
'css_path' => CSS_PATH,
'landing_page' => $_SERVER["SCRIPT_NAME"],
'action_register' => './register/success',
//'initial_input_box_value' => null,
'page_title' => 'Login App - Register',
]);
})->setName('register');
'action_register' => './register/success', 表示 html twig 表单中的表单“action”属性,并指示表单数据的处理位置和方式以及对提交表单的响应。这可以在这里看到:(请注意 register/success 页面的前几行是我一直用于 php 验证的指南中使用的示例)
$app->post('/register/success', function(Request $request, Response $response) use ($app)
{
$nameError = " ";
if(isset($_POST['submit']))
{
if (empty($_POST["username"])) {
$nameError = "Name is required";
} else {
$name = test_input($_POST["username"]);
// check name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameError = "Only letters and white space allowed";
}
}
}
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$arr_tainted_params = $request->getParsedBody();
$sanitizer_validator = $this->get('validate_sanitize');
$password_hasher = $this->get('hash_password');
$tainted_email = $arr_tainted_params['email'];
$tainted_username = $arr_tainted_params['username'];
$tainted_password = $arr_tainted_params['password'];
$model = $this->get('model');
$sql_wrapper = $this->get('sql_wrapper');
$sql_queries = $this->get('sql_queries');
$db_handle = $this->get('dbase');
$cleaned_email = $sanitizer_validator->validate_email($tainted_email);
$cleaned_username = $sanitizer_validator->validate_username($tainted_username);
$cleaned_password = $sanitizer_validator->validate_password($tainted_password);
$hashed_cleaned_password = $password_hasher->hash_password($cleaned_password);
$model->set_user_values($cleaned_username, $cleaned_email, $hashed_cleaned_password);
$model->set_sql_wrapper($sql_wrapper);
$model->set_sql_queries($sql_queries);
$model->set_db_handle($db_handle);
if ($sanitizer_validator->get_validate_messages() == ' ')
{
$model->store_user_details();
$_SESSION["loggedin"] = true;
$_SESSION["username"] = $cleaned_username;
$arr_storage_result_message = '';
echo $sanitizer_validator->get_validate_messages(); //this will be turned into a proper alert prompt at a later date
}
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true)
{
return $this->view->render($response,
'display_user.html.twig',
[
'css_path' => CSS_PATH,
'landing_page' => $_SERVER["SCRIPT_NAME"],
//'action_register' => 'index.php/register',
//'initial_input_box_value' => null,
'page_title' => 'Login App - Display',
'username' => $cleaned_username,
'hashed_password' => $cleaned_password,
]);
}
});
想法是用户创建一个帐户然后登录,从而显示 'display_user.html.twig'。否则,有关表单验证的错误消息应显示在注册表单本身上。但是注册表单只显示在 /register 页面上。但是注册表单会在 registration/success 页面上发布数据并进行处理。
所以我不确定 php 验证指南代码是否在错误的位置,或者我的 slim 路由对于表单验证的目的不正确。我认为问题在于提交表单时它将用户重定向到一个新页面,即 register/success.
总而言之,我正在尝试在使用 twig 模板的超薄应用程序中实现 php 表单验证,例如 this。
如果有帮助,我还会包括注册表的 register.html.twig 页面:
{% extends 'header_footer.html.twig'%}
{% block content %}
<h3>Register A New Account</h3>
<form method = "post" action = " {{ action_register }} ">
<p>Email: <input type="text" name="email" ><br></p>
<p>Username: <input type="text" name="username" ><br></p>
<span class="error">* <?php echo $nameError;?></span> //code used in the php validation guide
<p>Password: <input type="text" name="password" ><br></p>
<!--<p>Password Confirm: <input type="text" name="password_confirm"><br></p> THIS WILL BE IMPLEMENTED LATER-->
<input type="submit" value="Create Account">
</form>
{% endblock %}
你不能像那样在 Twig 中使用 PHP。
看看这些:
借助 Flash 和 Slim-Validation,您可以获得所需的错误消息。
如果您不想使用上述组件,那么您可以简单地将 $nameError 变量传递给模板:
PHP:
return $this->view->render($response,
'display_user.html.twig',
[
'nameError' => $nameError, // HERE
'css_path' => CSS_PATH,
'landing_page' => $_SERVER["SCRIPT_NAME"],
//'action_register' => 'index.php/register',
//'initial_input_box_value' => null,
'page_title' => 'Login App - Display',
'username' => $cleaned_username,
'hashed_password' => $cleaned_password,
]
);
树枝:
{% if nameError %}<span class="error">* {{ nameError }}</span>{% endif %}