1. 首頁
  2. 問答
  3. PHP SQL表單驗證

PHP SQL表單驗證

2012-05-31 69 views
1

我想做一個簡單的表單,如果一個字段沒有被輸入,它會顯示錯誤。我不知道該怎麼做。這裏是我的代碼: PHP代碼:PHP SQL表單驗證

<?php 

    //include the connection file 

    require_once('connection.php'); 

    //save the data on the DB and send the email 

    if(isset($_POST['action']) && $_POST['action'] == 'submitform') 
    { 
     //recieve the variables 

     $name = $_POST['name']; 
     $email = $_POST['email']; 
     $message = $_POST['message']; 
     $ip = gethostbyname($_SERVER['REMOTE_ADDR']); 

     //save the data on the DB 

     mysql_select_db($database_connection, $connection); 

     $insert_query = sprintf("INSERT INTO feedback (name, email, message, date, ip) VALUES (%s, %s, %s, NOW(), %s)", 
           sanitize($name, "text"), 
           sanitize($email, "text"), 
           sanitize($message, "text"), 
           sanitize($ip, "text")); 

     $result = mysql_query($insert_query, $connection) or die(mysql_error()); 

     if($result) 
     { 
      //send the email 

      $to = "[email protected]"; 
      $subject = "New message from the website"; 

      //headers and subject 
      $headers = "MIME-Version: 1.0\r\n"; 
      $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; 
      $headers .= "From: ".$name." <".$email.">\r\n"; 

      $body = "New contact<br />"; 
      $body .= "Name: ".$name."<br />"; 
      $body .= "Email: ".$email."<br />"; 
      $body .= "Message: ".$message."<br />"; 
      $body .= "IP: ".$ip."<br />"; 

      mail($to, $subject, $body, $headers); 

      //ok message 

      echo "Your message has been sent"; 
     } 
    } 

    function sanitize($value, $type) 
    { 
     $value = (!get_magic_quotes_gpc()) ? addslashes($value) : $value; 

     switch ($type) { 
     case "text": 
      $value = ($value != "") ? "'" . $value . "'" : "NULL"; 
      break;  
     case "long": 
     case "int": 
      $value = ($value != "") ? intval($value) : "NULL"; 
      break; 
     case "double": 
      $value = ($value != "") ? "'" . doubleval($value) . "'" : "NULL"; 
      break; 
     case "date": 
      $value = ($value != "") ? "'" . $value . "'" : "NULL"; 
      break; 
     } 

     return $value; 
    } 
    ?> 

<form id="ContactForm" method="post" action="mail.php"> 
          <div class="wrapper"><input class="input" name="name" id="name" type="text" value="Name:" onBlur="if(this.value=='') this.value='Name:'" onFocus="if(this.value =='Name:') this.value=''" ></div> 
          <div class="wrapper"><input class="input" name="email" id="email" type="text" value="E-mail:" onBlur="if(this.value=='') this.value='E-mail:'" onFocus="if(this.value =='E-mail:') this.value=''" ></div> 
          <div class="textarea_box"><textarea cols="1" rows="1" onBlur="if(this.value=='') this.value='Message:'" onFocus="if(this.value =='Message:') this.value=''" >Message:</textarea></div> 
          <input type="hidden" id="action" name="action" value="submitform" /> 
          <input type="submit" class="button" id="submit" name="submit" value="Submit" /> <input type="reset" class="button" id="reset" name="reset" value="Reset" /> 
         </form>

來源

2012-05-31 xan

+1

你可以在服務器端使用php驗證你的表單,但是我會建議使用javascript/jQuery在表單提交前驗證表單輸入,然後用PHP檢查服務器端。有大量的jQuery表單驗證插件,使它非常簡單和容易。 – martincarlin87

+2

@ martincarlin87那麼,我更喜歡做檢查服務器端。因爲不是每個客戶端都啓用javascript ... –

+1

是的,但正如我所說,你可以做兩個。 – martincarlin87

回答

1

之前保存信息到數據庫中檢查,看是否每個提交的值包含有效的數據。如果沒有,請將字段名稱放入數組中。驗證完成後,檢查數組是否爲空。如果它是空的,請將信息保存到數據庫中。如果它被填充,重新顯示錶單,填充提交的數據,以及一個易於閱讀的通知他們犯了什麼錯誤,以便他們知道要解決什麼問題。

一些PHP函數來考慮是:filter_var()ctype_*empty()

僅供參考,你應該考慮,因爲they will soon be going away.

來源

2012-05-31 14:00:22

0

從mysql_遷移走*功能,要做到這一點,你應該建立一個代碼塊做一個空的支票(因爲這是你想檢查的唯一的東西)。 一個簡單的代碼片段如下:

function checkFormErrors($name,$email,$message){ 
    //now we define a function to check for errors 
    $errors = array(); 
    //define an error container 
    if(empty($name)){ 
     //check the name field 
     $errors[] = "You need to enter a name"; 
    } 
    if(empty($email)){ 
     //check the email field 
     $errors[] = "You need to enter an email address"; 
    } 
    .... //do more checks for all fields here 
    return $errors; 
} 
if(isset($_POST['action']) && $_POST['action'] == 'submitform'){ 
    //recieve the variables 
    $name = $_POST['name']; 
    $email = $_POST['email']; 
    $message = $_POST['message']; 
    $ip = gethostbyname($_SERVER['REMOTE_ADDR']); 

    $errors = checkFormErrors($name,$email,$message); 
    //check for errors 
    if(empty($errors)){ 
     //continue with the processing you did above 
     ..... 
    } 
} 


In you HTML file/page, you then need to put this above the form (feel free to style it 
with css) 
<?php 
    if(isset($errors)){ 
     //the variable exists 
     echo implode("<br />", $errors); 
    } 
?>

我提出了一個博客帖子here,也有一些腳本,可以與表單驗證幫助

希望這有助於!

來源

2012-05-31 14:07:13

+0

到目前爲止,表單一直在工作。我更改了表單以避免SQL注入,並對其進行了大量修改(來自各種博客和源代碼)。但是現在我想用md5編碼密碼。我試圖添加「md5 ['密碼']」,但它顯示一個錯誤。我的php代碼是: – xan

+1

代碼在哪裏? –

+0

我已將它貼在上面。我解決了它。 – xan

相關問題

 相關問題