1. 首頁
  2. 問答
  3. 如何防止網頁表單提交空白字段

如何防止網頁表單提交空白字段

2014-02-28 53 views
-1

我有一個網頁表單,用戶需要輸入以下字段的信息:全名,聯繫電話號碼和最佳通話時間。一旦這些字段被填充,用戶將提交表單,然後將數據添加到數據庫中,但是現在我的問題是我的Web表單忽略了我設置的驗證並允許用戶提交空白Web表單。我不確定這是否可能是我構建代碼的方式?不過,我該如何解決這個問題?如何防止網頁表單提交空白字段

PHP

<?php 
require_once($_SERVER['DOCUMENT_ROOT'].'/inc/bootstrap.php'); 
include("config/cn.php"); 
$template['template']="page"; 


    // define variables and set to empty values 
    $nameErr = $contactErr = $callErrErr = ""; 
    $full_name = $contact_number = $best_time_to_call = ""; 

if ($_SERVER["REQUEST_METHOD"] == "POST") 
{ 

    if (empty($_POST["full_name"])) 
    {$nameErr = "Full name is required";} 
    else 
    {$full_name = test_input($_POST["full_name"]);} 

    if (empty($_POST["contact_number"])) 
    {$contactErr = "Contact number is required";} 
    else 
    {$contact_number = test_input($_POST["contact_number"]);} 

    if (empty($_POST["best_time_to_call"])) 
    {$callErr = "Must not be left blank";} 
    else 
    {$best_time_to_call = test_input($_POST["best_time_to_call"]);} 


$enter_sql = "INSERT INTO contact (full_name,contact_number,best_time_to_call) VALUES('$full_name','$contact_number','$best_time_to_call')"; 
    /*print($enter_sql);*/ 

    $enter_query = mysql_query($enter_sql) or die(mysql_error()); 

    header('Location: /thankyou.php'); 
    exit; 


} 

function test_input($data) 
{ 
    $data = trim($data); 
    $data = stripslashes($data); 
    $data = htmlspecialchars($data); 
    return $data; 
} 


?>

HTML

<form name="frmContact" id="frmCallContact" method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> 
<table width="100%" border="0" cellspacing="1" cellpadding="0" class="TableFormat"> 
<tr><th align="left" valign="top" colspan="2">Call me back</th></tr> 
<tr><td align="right" valign="top">Full Name:</td> 
<td><input type="text" name="full_name" id="full_name" style="width:250px;" title="Please enter your full name"/><span class="error">* <?php echo $nameErr;?></span></td></tr> 
<tr> 
<td align="right" valign="top">Contact Number:</td> 
<td><input type="text" name="contact_number" id="contact_number" style="width:250px;" /> 
<span class="error">*<?php echo $contactErr;?></span></td> 
</tr> 
<tr> 
<td align="right" valign="top">Best Time to Call:</td> 
<td><input type="text" name="best_time_to_call" id="best_time_to_call" style="width:250px;" title="Please enter your best time to call"/> 
<span class="error">*<?php echo $callErr;?></span></td> 
</tr> 
<tr> 
<td align="right" valign="top">&nbsp;</td> 
<td><!--<a name="submit" href="#"><img src="/img/bn_submit.png" width="93" height="28" /></a>--><input type="submit" name="Submit" value="Submit"> 
</tr> 
</table> 
</form>

來源

2014-02-28 rache_r

+0

要總結你的代碼邏輯:* test不管字段是否爲空,都要根據該字段設置錯誤變量,然後不管是否存在錯誤,都要將數據插入數據庫。*您需要另一個if語句來檢查是否有錯誤... – deceze

+0

我不檢查是否有任何錯誤已經?:S –

+0

確實,你不是。如果有必要,請閱讀您自己的代碼並使用筆和紙遵循其邏輯。嘗試在你的腦海中模擬一個字段爲空時的情況。 – deceze

回答

0 
$myflag = true; //create a flag 

1. 

if (empty($_POST["full_name"])) 
    { 
    echo $nameErr = "Full name is required"; // echo the error 
    $myflag = false; //change status of flag 
    } 

2. 

if ($myflag) 
    { 
    //if flag is true then insert data; 
    $enter_sql = "INSERT INTO contact (full_name,contact_number,best_time_to_call) VALUES('$full_name','$contact_number','$best_time_to_call')"; 
    }

3.you易受SQL注入,如果數據直接從用戶插入到數據庫

來源

2014-02-28 13:52:05

+0

你能否向我解釋你的代碼? –

相關問題

 相關問題