davidolson Posted March 31, 2014 Share Posted March 31, 2014 <? $errors = array(); if(!empty($_POST['submit'])){ $username = filter_input(INPUT_POST, 'username'); $password = filter_input(INPUT_POST, 'password'); $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL); $ip = $_SERVER['REMOTE_ADDR']; $created = time(); if(empty($username)){ $errors[] = $lang['error']['emptyusername']; } elseif(strlen($username) < 5 && strlen($username) > 25){ $errors[] = $lang['error']['invalidusernamelenght']; } elseif(preg_match('/[^a-zA-Z0-9_.-]/', $username)){ $errors[] = $lang['error']['invalidcharactersinusername']; } if(empty($password)){ $errors[] = $lang['error']['emptypassword']; } elseif(strlen($password) < 5 && strlen($password) > 50){ $errors[] = $lang['error']['invalidpasswordlenght']; } if(empty($email)){ $errors[] = $lang['error']['emptyemail']; } elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)){ $errors[] = $lang['error']['invalidemailaddress']; } }else{ $username = ''; $password = ''; $email = ''; } if(!empty($_POST['submit']) && empty($errors)){ $UsersInsertQuery = "INSERT INTO test (username, password, email, ip, created, status) VALUES (:username, :password, :email, :ip , :created, :status)"; $UsersInsert = $dbh->prepare($UsersInsertQuery); $UsersInsert->bindParam(':username', $username, PDO::PARAM_STR); $UsersInsert->bindParam(':email', $email, PDO::PARAM_STR); $UsersInsert->bindParam(':password', $password, PDO::PARAM_STR); $UsersInsert->bindParam(':ip', $ip, PDO::PARAM_STR); $UsersInsert->bindParam(':created', $created, PDO::PARAM_INT); $UsersInsert->bindValue(':status', 1, PDO::PARAM_INT); $UsersInsertSuccess = $UsersInsert->execute(); $TextInsertQuery = "INSERT INTO test2 (text, created) VALUES (:text, :created)"; $TextInsert = $dbh->prepare($TextInsertQuery); $TextInsert->bindValue(':text', ''.$username.' has just became the newest member of our community', PDO::PARAM_STR); $TextInsert->bindParam(':created', $created, PDO::PARAM_INT); $TextInsertSuccess = $TextInsert->execute(); if($UsersInsertSuccess && $TextInsertSuccess){ $SuccessMsg = $lang['success']['sucessregister']; }else{ $ErrorMsg = $lang['error']['databaseerror']; } } if(isset($SuccessMsg)){ print $SuccessMsg; } if(isset($ErrorMsg)){ print $ErrorMsg; } if($errors){ foreach($errors as $error){ print $error; } } print" <form method=\"POST\"> <table style=\"width:100%\" class=\"\"> <tr> <td style=\"width:30%;font-weight:bold\">Username</td> <td style=\"width:70%\"><input type=\"text\" name=\"username\" maxlength=\"255\" style=\"width:350px\" value=\"".htmlspecialchars($username, ENT_QUOTES)."\" /></td> </tr> <tr> <td style=\"font-weight:bold\">Password</td> <td><input type=\"password\" name=\"password\" maxlength=\"55\" style=\"width:350px\" value=\"".$password."\" /></td> </tr> <tr> <td style=\"font-weight:bold\">Email</td> <td><input type=\"text\" name=\"email\" maxlength=\"100\" style=\"width:350px\" value=\"".htmlspecialchars($email, ENT_QUOTES)."\" /></td> </tr> <tr> <td><input type=\"submit\" name=\"submit\" value=\"Submit\" /></td> </tr> </table> </form>"; ?> Is this PDO code safe enought? Is this code coded correctly? Link to comment https://forums.phpfreaks.com/topic/287426-pdo-code/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.