1. 首頁
  2. 問答
  3. 進行驗證,然後插入到MySQL

進行驗證,然後插入到MySQL

2017-02-25 77 views
0

我想在使用數據庫驗證這些數據之前插入數據。 MySQL表和PHP代碼如下,我嘗試過很多方法,但它不是我的工作,因爲我在PHP中的經驗不低於以及進行驗證,然後插入到MySQL

PHP 5 Forms Required Fields
PHP Insert Data Into MySQL

代碼源鏈接非常好 

CREATE TABLE `myclients` ( 
`id` bigint(20) NOT NULL AUTO_INCREMENT, 
`name` varchar(255) NOT NULL DEFAULT '', 
`email` varchar(255) NOT NULL DEFAULT '', 
`website` varchar(255) NOT NULL DEFAULT '', 
`comment` varchar(255) NOT NULL DEFAULT '', 
`gender` varchar(255) NOT NULL DEFAULT '', 
    PRIMARY KEY (`id`) 
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8; 


<?php 
$servername = "localhost"; 
$username = "username"; 
$password = "password"; 
$dbname = "myDB"; 

// Create connection 
$conn = mysqli_connect($servername, $username, $password, $dbname); 
// Check connection 
if (!$conn) { 
    die("Connection failed: " . mysqli_connect_error()); 
} 



// define variables and set to empty values 
$nameErr = $emailErr = $genderErr = $websiteErr = ""; 
$name = $email = $gender = $comment = $website = ""; 

if ($_SERVER["REQUEST_METHOD"] == "POST") { 
    if (empty($_POST["name"])) { 
    $nameErr = "Name is required"; 
    } else { 
    $name = test_input($_POST["name"]); 
    } 

    if (empty($_POST["email"])) { 
    $emailErr = "Email is required"; 
    } else { 
    $email = test_input($_POST["email"]); 
    } 

    if (empty($_POST["website"])) { 
    $website = "Website is required"; 
    } else { 
    $website = test_input($_POST["website"]); 
    } 

    if (empty($_POST["comment"])) { 
    $comment = "Comment is required"; 
    } else { 
    $comment = test_input($_POST["comment"]); 
    } 

    if (empty($_POST["gender"])) { 
    $genderErr = "Gender is required"; 
    } else { 
    $gender = test_input($_POST["gender"]); 
    } 
} 

function test_input($data) { 
    $data = trim($data); 
    $data = stripslashes($data); 
    $data = htmlspecialchars($data); 
    return $data; 
} 





$sql = "INSERT INTO myclients (name, email, website, comment, gender) 
VALUES ('$name', '$email', '$website', '$comment', '$gender')"; 

if (mysqli_query($conn, $sql)) { 
    echo "New record created successfully"; 
} else { 
    echo "Error: " . $sql . "<br>" . mysqli_error($conn); 
} 

mysqli_close($conn); 
?> 



<p><span class="error">* required field.</span></p> 
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> 
    Name: <input type="text" name="name"> 
    <span class="error">* <?php echo $nameErr;?></span> 
    <br><br> 
    E-mail: <input type="text" name="email"> 
    <span class="error">* <?php echo $emailErr;?></span> 
    <br><br> 
    Website: <input type="text" name="website"> 
    <span class="error"><?php echo $websiteErr;?></span> 
    <br><br> 
    Comment: <textarea name="comment" rows="5" cols="40"></textarea> 
    <br><br> 
    Gender: 
    <input type="radio" name="gender" value="female">Female 
    <input type="radio" name="gender" value="male">Male 
    <span class="error">* <?php echo $genderErr;?></span> 
    <br><br> 
    <input type="submit" name="submit" value="Submit"> 
</form>

來源

2017-02-25 Edward

+1

請一次提出一個問題。選擇是否需要幫助進行驗證,或者相應地插入和編輯您的問題。 –

+2

[Little Bobby](http://bobby-tables.com/)說*** [你的腳本存在SQL注入攻擊風險。](http://stackoverflow.com/questions/60174/how-can- ***)瞭解[MySQLi](http://php.net/manual)[準備](http://en.wikipedia.org/wiki/Prepared_statement)聲明/en/mysqli.quickstart.prepared-statements.php)。即使[轉義字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! –

回答

0

您在驗證的同時將數據插入表中。在插入數據之前確認沒有發生錯誤。 您可以在下面的條件中添加您的INSERT查詢

if(empty($nameErr) && empty($emailErr) && empty($genderErr) && empty($websiteErr)){ 

    $sql = "INSERT INTO myclients (name, email, website, comment, gender) 
    VALUES ('$name', '$email', '$website', '$comment', '$gender')"; 

    if (mysqli_query($conn, $sql)) { 
     echo "New record created successfully"; 
    } else { 
     echo "Error: " . $sql . "<br>" . mysqli_error($conn); 
    } 
}

來源

2017-02-25 11:01:15 Sree

+0

感謝您的回覆,但添加代碼後仍然存在問題,當我打開該頁面時,直接提交空白表格,我看到「新記錄已成功創建」,請幫助我 – Edward

+0

現在正在工作100000謝謝 – Edward

+0

轉過潮反對教學/宣傳馬虎和危險的編碼做法。如果您發佈的答案沒有準備好的陳述[您可能想在發佈之前考慮這一點](http://meta.stackoverflow.com/q/344703/)。另外[一個更有價值的答案來自於顯示OP的正確方法](https://meta.stackoverflow.com/a/290789/1011527)。 –

0

您必須添加錯誤陣列之前校驗值是空或不喜歡這樣的:

$errors = array(); 
if ($_SERVER["REQUEST_METHOD"] == "POST") { 
    if (empty($_POST["name"])) { 
    $errors['name'] = "Name is required"; 
    } else { 
    $name = test_input($_POST["name"]); 
    } 
} 
if (!$errors) { 
     $query = " 
      insert into Table_Name 
      (name) 
      values 
      (
      '".mysql_real_escape_string($v_name)."' 
      ) 
     "; 

     mysql_query($query); 
    }

來源

2017-02-25 10:57:22

+0

***請[停止使用'mysql_ *'功能](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php)。*** [這些擴展名](http://php.net/manual/en/migration70.removed-exts-sapis.php)已在PHP 7中刪除。瞭解[prepared](http://en.wikipedia.org/wiki/Prepared_statement )[PDO]聲明(http://php.net/manual/en/pdo.prepared-statements.php)和[MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared- statement.php),並考慮使用PDO,[這真的很簡單](http://jayblanchard.net/demystifying_php_pdo.html)。 –

相關問題

 相關問題