0
這可能是非常髒和雜亂的代碼,所以任何輸入也會有所幫助,但我的主要問題是我無法獲得「ISBN」輸入處理字符串是否是正確的字符數(10或13)。我不確定它出錯的地方。它在線64.if(mb_strlen()!=#)問題
請幫忙!謝謝。
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Link Generator</title>
</head>
<body>
<?php
function showForm() {
if (empty($_POST['title'])) {
$title = "Book Title";
} else {
$title = $_POST['title'];
}
?>
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
Search by ISBN<br />
<input type="text" maxlength="13" name="ISBN" size="30" value="ISBN" onblur="if(this.value == '') { this.value='ISBN'}" onfocus="if (this.value == 'ISBN') {this.value=''}" /><br />
<br />OR<br /><br />
Search by Title <strong>and</strong> Author<br />
<input type="text" maxlength="13" name="title" size="30" value="<?php echo $title; ?>" onblur="if(this.value == '') { this.value='Book Title'}" onfocus="if (this.value == 'Book Title') {this.value=''}" /><br />
<input type="text" maxlength="13" name="aname" size="30" value="Author Name" onblur="if(this.value == '') { this.value='Author Name'}" onfocus="if (this.value == 'Author Name') {this.value=''}" /><br />
<br /><input type="submit" name="submit" value="Generate Link" />
</form>
<?php
}
function generateLink_ISBN() {
echo "Your link has been generated:<br />";
echo "http://xxx.com/uhtbin/cgisirsi.exe/x/0/0/5?search_type=search&searchdata1=" . $_POST['ISBN'] . "&library=ALL&sort_by=PBYR";
}
function generateLink_title() {
echo "Your link has been generated:<br />";
echo "http://xxx.com/uhtbin/cgisirsi.exe/x/0/0/5?search_type=search&searchdata1=" . $_POST['title'] . "+" . $_POST['aname'] . "&library=ALL&sort_by=PBYR";
}
if(isset($_POST['submit'])) {
if (isset($_POST['ISBN']) && isset($_POST['title']) && isset($_POST['aname']) && ($_POST['ISBN'] == 'ISBN') && ($_POST['aname'] == 'Author Name') && ($_POST['title'] == 'Book Title')) {
echo "<h1>You did not input any information</h1>";
showForm();
} elseif (isset($_POST['ISBN']) && ($_POST['ISBN'] != 'ISBN')) {
if (isset($_POST['ISBN']) && ($_POST['ISBN'] != 'ISBN') && (!is_numeric ($_POST['ISBN']))) {
echo "<h1>The ISBN you entered did not contain all numerics</h1>";
showForm();
} elseif (isset($_POST['ISBN']) && ($_POST['ISBN'] != 'ISBN') && ((mb_strlen($_POST['ISBN'], 'utf-8') != 13) | (mb_strlen($_POST['ISBN'], 'utf-8') != 10))) {
echo "<h1>The ISBN you entered was too long or too short. ISBN's are 10 or 13 numbers in length.</h1>";
showForm();
} else {
generateLink_ISBN();
}
} elseif (isset($_POST['title']) && isset($_POST['aname']) && ($_POST['aname'] != 'Author Name') | ($_POST['title'] != 'Book Title')) {
if (isset($_POST['title']) && isset($_POST['aname']) && ($_POST['title'] == 'Book Title') && ($_POST['aname'] != 'Author Name')) {
echo "<h1>To search by author's name, you must also include the book title.</h1>";
showForm();
} elseif (isset($_POST['title']) && isset($_POST['aname']) && ($_POST['aname'] == 'Author Name') && ($_POST['title'] != 'Book Title')) {
echo "<h1>To search by book title, you must also include the author's name.</h1>";
showForm();
} else {
generateLink_title();
}
} else {
showForm();
}
} else {
showForm();
}
?>
</body>
由於您詢問了有關代碼的輸入信息,請執行以下操作:盡你所能地分開處理和演示文稿。我喜歡爲Smarty使用模板系統。如果這太大了,請考慮在一個文件中準備好你的表單並用另一個文件顯示。當你知道你可以改變邏輯而不需要涉及/打破界面時,它會使生活變得更容易。另外,不要忘記驗證來自POST的數據。假設用戶是邪惡的。 :) – 2012-02-23 21:57:15
對不起,我是新來的PHP,我將如何驗證它?在這種情況下,我不認爲這將是必要的,因爲它只是生成一個鏈接到搜索查詢? – jmalais 2012-02-23 22:14:13
@jmalais正確。您在上面執行的驗證應該足以生成鏈接 - 您呼叫的Web服務也應驗證其輸入,因此可能發生的最糟糕的情況是您生成的鏈接不正確,導致用戶向您提供了不良數據。但是,一般來說,驗證是一個好主意,如果沒有別的只是爲了阻止腳本的轟炸,如果它對輸入進行假設的話。看看PHP過濾器文檔:http://www.php.net/manual/en/book.filter.php – 2012-02-23 22:29:07