如何在php中驗證表單字段

Question

我有一個註冊表單，它有一些必填字段。我想檢查是否填寫了這些必填字段，以及在我插入數據庫之前是否填寫了正確的字段。

其中一個必填字段是電子郵件，我也想檢查輸入的電子郵件是否是有效的電子郵件。

我的代碼如下。

在此先感謝您的幫助，我真的很感激。

<?php 
include 'config.php'; 
$tbl_name="citizens"; // Table name 
// Get values from form and formatting them as SQL strings 
$firstname = mysql_real_escape_string($_POST['firstname']); 
$middlename = mysql_real_escape_string($_POST['middlename']); 
$lastname = mysql_real_escape_string($_POST['lastname']); 
$sex = mysql_real_escape_string($_POST['sex']); 
$address = mysql_real_escape_string($_POST['address']); 
$employer = mysql_real_escape_string($_POST['employer']); 
$posincom = mysql_real_escape_string($_POST['posincom']); 
$states = mysql_real_escape_string($_POST['states']); 
$agerange = mysql_real_escape_string($_POST['agerange']); 
$income = mysql_real_escape_string($_POST['income']); 
$email = mysql_real_escape_string($_POST['email']); 
$phone = mysql_real_escape_string($_POST['phone']); 

// Insert data into mysql 
$sql="INSERT INTO `$tbl_name` (firstname, middlename, lastname, sex, address, employer, position_in_company, states, age_range, local_govt_area, email, phone) VALUES('$firstname', '$middlename', '$lastname', '$sex', '$address', '$employer', '$posincom', '$states', '$agerange', '$income', '$email', '$phone')"; 
$result=mysql_query($sql); 

// if successfully insert data into database, displays message "Successful". 
if($result){ 
echo "You Have Successful Registered"; 
}else { 
echo "Sorry!!! Could Not Register You. All a* fields must be field."; 
} 
?> 

Answer 1

<?php 
include 'config.php'; 
$tbl_name="citizens"; // Table name 

$required = array('email'); 
$errors = array(); 

foreach($required as $required_fieldname){ 
    if(!isset($_POST[$required_fieldname]) || empty($_POST[$required_fieldname])){ 
     $errors[] = 'Sorry!!! Could Not Register You. All a* fields must be field.'; 
     break; 
    } 
} 

if(isset($_POST['email']) && !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){ 
    $errors[] = "That is not a valid email address."; 
} 

if(count($errors) == 0){ 
    // Get values from form and formatting them as SQL strings 
    $firstname = mysql_real_escape_string($_POST['firstname']); 
    $middlename = mysql_real_escape_string($_POST['middlename']); 
    $lastname = mysql_real_escape_string($_POST['lastname']); 
    $sex = mysql_real_escape_string($_POST['sex']); 
    $address = mysql_real_escape_string($_POST['address']); 
    $employer = mysql_real_escape_string($_POST['employer']); 
    $posincom = mysql_real_escape_string($_POST['posincom']); 
    $states = mysql_real_escape_string($_POST['states']); 
    $agerange = mysql_real_escape_string($_POST['agerange']); 
    $income = mysql_real_escape_string($_POST['income']); 
    $email = mysql_real_escape_string($_POST['email']); 
    $phone = mysql_real_escape_string($_POST['phone']); 

    // Insert data into mysql 
    $sql="INSERT INTO `$tbl_name` (firstname, middlename, lastname, sex, address, employer, position_in_company, states, age_range, local_govt_area, email, phone) VALUES('$firstname', '$middlename', '$lastname', '$sex', '$address', '$employer', '$posincom', '$states', '$agerange', '$income', '$email', '$phone')"; 
    $result= mysql_query($sql); 

    // if successfully insert data into database, displays message "Successful". 
    if($result){ 
     echo "You Have Successfully Registered"; 
    }else { 
     echo "A technical error has occured."; 
    } 
} 
else{ 
    echo '<strong>ERRORS!</strong><br>'; 
    foreach($errors as $error){ 
     echo $error . '<br>'; 
    } 
} 
?> 

Answer 2

您應該在使用JavaScript在客戶端提交之前驗證表單，並在用戶未正確填寫時提醒用戶。一旦通過驗證，就允許它提交。 在其他情況下，在服務器上驗證開銷並在客戶端再次發送響應給用戶。

Answer 3

對於電子郵件，你可以使用這個（或類似）功能從https://stackoverflow.com/questions/3314493/check-for-valid-email-address驗證電子郵件

function isValidEmail($email){ 
    return preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$^", $email); 
} 

或者

function isValidEmail($email){ 
    return filter_var($email, FILTER_VALIDATE_EMAIL); 
} 

對於剩下的，你可以使用下面的

<?php 
    $error = ''; 

    //put chosen function here 
    function isValidEmail($email){ 
     return filter_var($email, FILTER_VALIDATE_EMAIL); 
    } 

    //get values and validate each one as required 
    $firstname = mysql_real_escape_string($_POST['firstname']); 
     if(!$firstname){ $error .= "First name is required<br />"; } 

    //repeat for each field 
    $email = mysql_real_escape_string($_POST['email']); 
     if(!isValidEmail($email)){ $error .= "The email entered is invalid<br />"; } 

    //and so on... 

    if(!$error){ 
     //add insert into database code here 
    } 
    else{ 
     //display $error however you want e.g.... 
     echo "<div class=\"error\">$error</div>"; 
    } 
?> 

Answer 4

<?php 
include 'config.php'; 
$tbl_name="citizens"; // Table name 
// Get values from form and formatting them as SQL strings 

//your other fields ... 
$email = mysql_real_escape_string($_POST['email']); 
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){ 
$errors = 1; 
echo "Please enter a correct email address"; 
} 

//similar approach can be used for other fields.. 
// this is one of the simplest validating approach 


if($errors == 0){ 
// Insert data into mysql 
$sql="INSERT INTO `$tbl_name` (firstname, middlename, lastname, sex, address, employer, position_in_company, states, age_range, local_govt_area, email, phone) VALUES('$firstname', '$middlename', '$lastname', '$sex', '$address', '$employer', '$posincom', '$states', '$agerange', '$income', '$email', '$phone')"; 
$result=mysql_query($sql); 

// if successfully insert data into database, displays message "Successful". 
if($result){ 
echo "You Have Successful Registered"; 
}else { 
echo "Sorry!!! Could Not Register You. All a* fields must be field."; 
} 
} 
?> 

Answer 5

1.）您可以使用PHP_FILTER進行驗證。

2），你可以適當的檢查（變量爲空或不）之前插入數據如果變量爲空的顯示錯誤味精otherwish插入..