davidolson Posted March 31, 2014 Share Posted March 31, 2014 <? $errors = array(); if(!empty($_POST['submit'])){ $username = filter_input(INPUT_POST, 'username'); $password = filter_input(INPUT_POST, 'password'); $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL); $ip = $_SERVER['REMOTE_ADDR']; $created = time(); if(empty($username)){ $errors[] = $lang['error']['emptyusername']; } elseif(strlen($username) < 5 && strlen($username) > 25){ $errors[] = $lang['error']['invalidusernamelenght']; } elseif(preg_match('/[^a-zA-Z0-9_.-]/', $username)){ $errors[] = $lang['error']['invalidcharactersinusername']; } if(empty($password)){ $errors[] = $lang['error']['emptypassword']; } elseif(strlen($password) < 5 && strlen($password) > 50){ $errors[] = $lang['error']['invalidpasswordlenght']; } if(empty($email)){ $errors[] = $lang['error']['emptyemail']; } elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)){ $errors[] = $lang['error']['invalidemailaddress']; } }else{ $username = ''; $password = ''; $email = ''; } if(!empty($_POST['submit']) && empty($errors)){ $UsersInsertQuery = "INSERT INTO test (username, password, email, ip, created, status) VALUES (:username, :password, :email, :ip , :created, :status)"; $UsersInsert = $dbh->prepare($UsersInsertQuery); $UsersInsert->bindParam(':username', $username, PDO::PARAM_STR); $UsersInsert->bindParam(':email', $email, PDO::PARAM_STR); $UsersInsert->bindParam(':password', $password, PDO::PARAM_STR); $UsersInsert->bindParam(':ip', $ip, PDO::PARAM_STR); $UsersInsert->bindParam(':created', $created, PDO::PARAM_INT); $UsersInsert->bindValue(':status', 1, PDO::PARAM_INT); $UsersInsertSuccess = $UsersInsert->execute(); $TextInsertQuery = "INSERT INTO test2 (text, created) VALUES (:text, :created)"; $TextInsert = $dbh->prepare($TextInsertQuery); $TextInsert->bindValue(':text', ''.$username.' has just became the newest member of our community', PDO::PARAM_STR); $TextInsert->bindParam(':created', $created, PDO::PARAM_INT); $TextInsertSuccess = $TextInsert->execute(); if($UsersInsertSuccess && $TextInsertSuccess){ $SuccessMsg = $lang['success']['sucessregister']; }else{ $ErrorMsg = $lang['error']['databaseerror']; } } if(isset($SuccessMsg)){ print $SuccessMsg; } if(isset($ErrorMsg)){ print $ErrorMsg; } if($errors){ foreach($errors as $error){ print $error; } } print" <form method=\"POST\"> <table style=\"width:100%\" class=\"\"> <tr> <td style=\"width:30%;font-weight:bold\">Username</td> <td style=\"width:70%\"><input type=\"text\" name=\"username\" maxlength=\"255\" style=\"width:350px\" value=\"".htmlspecialchars($username, ENT_QUOTES)."\" /></td> </tr> <tr> <td style=\"font-weight:bold\">Password</td> <td><input type=\"password\" name=\"password\" maxlength=\"55\" style=\"width:350px\" value=\"".$password."\" /></td> </tr> <tr> <td style=\"font-weight:bold\">Email</td> <td><input type=\"text\" name=\"email\" maxlength=\"100\" style=\"width:350px\" value=\"".htmlspecialchars($email, ENT_QUOTES)."\" /></td> </tr> <tr> <td><input type=\"submit\" name=\"submit\" value=\"Submit\" /></td> </tr> </table> </form>"; ?> Is this PDO code safe enought? Is this code coded correctly? Quote Link to comment https://forums.phpfreaks.com/topic/287426-pdo-code/ Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.