1. 首页
  2. 问答
  3. PHP SQL表单验证

PHP SQL表单验证

2012-05-31 38 views
1

我想做一个简单的表单,如果一个字段没有被输入,它会显示错误。我不知道该怎么做。这里是我的代码: PHP代码:PHP SQL表单验证

<?php 

    //include the connection file 

    require_once('connection.php'); 

    //save the data on the DB and send the email 

    if(isset($_POST['action']) && $_POST['action'] == 'submitform') 
    { 
     //recieve the variables 

     $name = $_POST['name']; 
     $email = $_POST['email']; 
     $message = $_POST['message']; 
     $ip = gethostbyname($_SERVER['REMOTE_ADDR']); 

     //save the data on the DB 

     mysql_select_db($database_connection, $connection); 

     $insert_query = sprintf("INSERT INTO feedback (name, email, message, date, ip) VALUES (%s, %s, %s, NOW(), %s)", 
           sanitize($name, "text"), 
           sanitize($email, "text"), 
           sanitize($message, "text"), 
           sanitize($ip, "text")); 

     $result = mysql_query($insert_query, $connection) or die(mysql_error()); 

     if($result) 
     { 
      //send the email 

      $to = "[email protected]"; 
      $subject = "New message from the website"; 

      //headers and subject 
      $headers = "MIME-Version: 1.0\r\n"; 
      $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; 
      $headers .= "From: ".$name." <".$email.">\r\n"; 

      $body = "New contact<br />"; 
      $body .= "Name: ".$name."<br />"; 
      $body .= "Email: ".$email."<br />"; 
      $body .= "Message: ".$message."<br />"; 
      $body .= "IP: ".$ip."<br />"; 

      mail($to, $subject, $body, $headers); 

      //ok message 

      echo "Your message has been sent"; 
     } 
    } 

    function sanitize($value, $type) 
    { 
     $value = (!get_magic_quotes_gpc()) ? addslashes($value) : $value; 

     switch ($type) { 
     case "text": 
      $value = ($value != "") ? "'" . $value . "'" : "NULL"; 
      break;  
     case "long": 
     case "int": 
      $value = ($value != "") ? intval($value) : "NULL"; 
      break; 
     case "double": 
      $value = ($value != "") ? "'" . doubleval($value) . "'" : "NULL"; 
      break; 
     case "date": 
      $value = ($value != "") ? "'" . $value . "'" : "NULL"; 
      break; 
     } 

     return $value; 
    } 
    ?> 

<form id="ContactForm" method="post" action="mail.php"> 
          <div class="wrapper"><input class="input" name="name" id="name" type="text" value="Name:" onBlur="if(this.value=='') this.value='Name:'" onFocus="if(this.value =='Name:') this.value=''" ></div> 
          <div class="wrapper"><input class="input" name="email" id="email" type="text" value="E-mail:" onBlur="if(this.value=='') this.value='E-mail:'" onFocus="if(this.value =='E-mail:') this.value=''" ></div> 
          <div class="textarea_box"><textarea cols="1" rows="1" onBlur="if(this.value=='') this.value='Message:'" onFocus="if(this.value =='Message:') this.value=''" >Message:</textarea></div> 
          <input type="hidden" id="action" name="action" value="submitform" /> 
          <input type="submit" class="button" id="submit" name="submit" value="Submit" /> <input type="reset" class="button" id="reset" name="reset" value="Reset" /> 
         </form>

来源

2012-05-31 xan

+1

你可以在服务器端使用php验证你的表单,但是我会建议使用javascript/jQuery在表单提交前验证表单输入,然后用PHP检查服务器端。有大量的jQuery表单验证插件,使它非常简单和容易。 – martincarlin87

+2

@ martincarlin87那么,我更喜欢做检查服务器端。因为不是每个客户端都启用javascript ... –

+1

是的,但正如我所说,你可以做两个。 – martincarlin87

回答

1

之前保存信息到数据库中检查,看是否每个提交的值包含有效的数据。如果没有,请将字段名称放入数组中。验证完成后,检查数组是否为空。如果它是空的,请将信息保存到数据库中。如果它被填充,重新显示表单,填充提交的数据,以及一个易于阅读的通知他们犯了什么错误,以便他们知道要解决什么问题。

一些PHP函数来考虑是:filter_var()ctype_*empty()

仅供参考,你应该考虑,因为they will soon be going away.

来源

2012-05-31 14:00:22

0

从mysql_迁移走*功能,要做到这一点,你应该建立一个代码块做一个空的支票(因为这是你想检查的唯一的东西)。 一个简单的代码片段如下:

function checkFormErrors($name,$email,$message){ 
    //now we define a function to check for errors 
    $errors = array(); 
    //define an error container 
    if(empty($name)){ 
     //check the name field 
     $errors[] = "You need to enter a name"; 
    } 
    if(empty($email)){ 
     //check the email field 
     $errors[] = "You need to enter an email address"; 
    } 
    .... //do more checks for all fields here 
    return $errors; 
} 
if(isset($_POST['action']) && $_POST['action'] == 'submitform'){ 
    //recieve the variables 
    $name = $_POST['name']; 
    $email = $_POST['email']; 
    $message = $_POST['message']; 
    $ip = gethostbyname($_SERVER['REMOTE_ADDR']); 

    $errors = checkFormErrors($name,$email,$message); 
    //check for errors 
    if(empty($errors)){ 
     //continue with the processing you did above 
     ..... 
    } 
} 


In you HTML file/page, you then need to put this above the form (feel free to style it 
with css) 
<?php 
    if(isset($errors)){ 
     //the variable exists 
     echo implode("<br />", $errors); 
    } 
?>

我提出了一个博客帖子here,也有一些脚本,可以与表单验证帮助

希望这有助于!

来源

2012-05-31 14:07:13

+0

到目前为止,表单一直在工作。我更改了表单以避免SQL注入,并对其进行了大量修改(来自各种博客和源代码)。但是现在我想用md5编码密码。我试图添加“md5 ['密码']”,但它显示一个错误。我的php代码是: – xan

+1

代码在哪里? –

+0

我已将它贴在上面。我解决了它。 – xan

相关问题

 相关问题