Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $_POST["emailAdd"] = "johno@email.com";
- $_POST["fullName"] = "John O";
- // $_POST["accountNum"] = "ZAP AND 1=1 --";
- // $_POST["accountNum"] = "ZAP OR 1=1 --";
- // $_POST["accountNum"] = "234-123456-123";
- $upTwo = realpath(__DIR__ . '/../..');
- require_once $upTwo . '/vendor/autoload.php';
- include $upTwo . '/src/helper.php';
- $errors = array();
- $userData = array();
- $inputArray = array();
- $config = new CONFIGConfig();
- // sanitise user data
- if (empty($_POST['fullName'])) {
- $errors['fullName'] = '- Please input your Full Name as per Passport';
- } else {
- $fullName = filter_var($_POST['fullName'], FILTER_SANITIZE_STRING);
- array_push($inputArray, $fullName);
- }
- if (empty($_POST['emailAdd'])) {
- $errors['emailAdd'] = '- Please input your Email address';
- } else {
- if (!filter_var($_POST['emailAdd'], FILTER_VALIDATE_EMAIL)) {
- $errors['emailAdd'] = '- Please input your Email address';
- } else {
- $email = filter_var($_POST['emailAdd'], FILTER_SANITIZE_EMAIL);
- array_push($inputArray, $email);
- }
- }
- if (empty($_POST['accountNum'])) {
- $errors['accountNum'] = '- Please input your Account Number';
- } else {
- // regex looks for exact 14 character combination of 3 digits, one dash, 6 digits, one dash and 3 digits
- if (!filter_var($_POST['accountNum'], FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>"/^d{3}-d{6}-d{3}$/")))) {
- $errors['accountNum'] = '- Please enter correct account number';
- } else {
- $accountNum = filter_var($_POST['accountNum'], FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>"/^d{3}-d{6}-d{3}$/")));
- array_push($inputArray, $accountNum);
- }
- }
- // save user details in db
- if (empty($errors)) {
- try {
- // save user details in db if not sanitisation errors
- $dbh = new PDO("mysql:host=" . $config::DB_HOST . ";dbname=" . $config::DB_NAME . "", $config::DB_USER, $config::DB_PASSWORD);
- $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- $stmt = $dbh->prepare("INSERT INTO " . $config::DB_TABLE . "(full_name, email_address, account_number) VALUES (?, ?, ?)");
- $stmt->bindParam(1, $inputArray[0]);
- $stmt->bindParam(2, $inputArray[1]);
- $stmt->bindParam(3, $inputArray[2]);
- $response = $stmt->execute(); // $response variable added for debugging purposes
- var_dump($response); // var_dump() added for debugging purposes
- $userData["lastId"] = $dbh->lastInsertId();
- } catch (Exception $e) {
- logError($e->getMessage(), $e->getFile(), $e->getLine());
- $errors['dbInsert'] = $e->getMessage();
- throw new Exception($e->getMessage() . " | File: " . $e->getFile() . " | Failure on line: " . $e->getLine());
- }
- }
- johno:php johno$ php process.php
- array(1) {
- ["accountNum"]=>
- string(37) "- Please enter correct account number"
- }
- array(2) {
- [0]=>
- string(6) "John O"
- [1]=>
- string(15) "johno@email.com"
- }
- johno:php johno$ php process.php
- array(1) {
- ["accountNum"]=>
- string(37) "- Please enter correct account number"
- }
- array(2) {
- [0]=>
- string(6) "John O"
- [1]=>
- string(15) "johno@email.com"
- }
- johno:php johno$ php process.php
- array(0) {
- }
- array(3) {
- [0]=>
- string(6) "John O"
- [1]=>
- string(15) "johno@email.com"
- [2]=>
- string(14) "234-123456-123"
- }
- bool(true)
Add Comment
Please, Sign In to add comment