刷新浏览器时输入数据库的空值

时间:2014-05-06 10:20:12

标签: php

我有一个用户类,它匹配表单中包含输入值的所有名称属性,然后在单击提交按钮时将它们输入到数组中。然后使用PDO将这些key =>值输入数据库。

当我运行代码时,空值将插入到数据库中。屏幕上没有显示错误。

问题出在哪里?

<?php

require_once(&#39; db.php&#39;); 

class Users{

    public    $dbh;
    public    $table = "users";
    public    $data = array();
    public    $cols;
    public    $values;
    public    $valid_keys = array("name", "firstname", "email", "office");

    public function reg_user($data) {
        if($_SERVER['REQUEST_METHOD'] == 'POST'){
            ksort($_POST);
            ksort($this->valid_keys);
            $dataDB = array();

        $this->data = $_POST;
        $this->pop_submit = array_pop($this->dataDB);

        $this->cols    =  '`'.implode('`, `', array_keys($this->dataDB)).'`' ;
        $this->values  = ':' . implode(", :", array_keys($this->dataDB));
        }
        //return $this->cols ."<br />".$this->values;
        $db = new  db;
        try{
        $stmt = $db->dbh->prepare ("INSERT INTO $this->table ($this->cols ) VALUES ($this->values)");
        foreach ($_POST as $k => $v) {
            if (in_array($k,$this->valid_keys)) {
                $dataDB[$k] = $v;
            $stmt -> bindValue(':'.$k, $v);
        }
    }
        $stmt->execute();

    } catch (PDOException $e) {
        $error = new Errors();
        echo "<b>".$error->displayError($e)."</b>";
    }
    }
}
?>

<form  action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" >  
<input type="text" name="firstname">
<input type="text" name="name">
<input type="text" name="email">
<input type="text" name="office">
<input type="submit" name="submit" value="Submit">
 </form>

修改

我添加了一个新属性$valid_keys,以仅检查在bind语句中使用的指定键。

当我运行上面的代码(带编辑)时,在所有4列中输入Submit,而不是输入的输入。

我做错了什么?

2 个答案:

答案 0 :(得分:1)

if($_SERVER['REQUEST_METHOD'] == 'POST'){

$dataDB = array();

foreach ($_POST as $k => $v) {
  if (in_array($k,$this->valid_keys)) {
     $dataDB[$k] = $v;
  }
}

从这一刻开始,而不是在$ _POST上运行,你应该只在$ dataDB上运行

所以你的代码应该是:

<?php
require_once ('db.php');

class Users{

    public    $dbh;
    public    $table = "users";
    public    $data = array();
    public    $cols;
    public    $values;
    public    $valid_keys = array("name", "firstname", "email", "office");

    public function reg_user($data) {
        if($_SERVER['REQUEST_METHOD'] == 'POST'){
            $dataDB = array();

            foreach ($_POST as $k => $v) {
              if (in_array($k,$this->valid_keys)) {
                 $dataDB[$k] = $v;
              }
            }



        $this->cols    =  '`'.implode('`, `', array_keys($dataDB)).'`' ;
        $this->values  = ':' . implode(", :", array_keys($dataDB));

        //return $this->cols ."<br />".$this->values;
        $db = new  db;
        try{
        $stmt = $db->dbh->prepare ("INSERT INTO $this->table ($this->cols ) VALUES ($this->values)");
        foreach ($dataDB as $k => $v) {

            $stmt -> bindValue(':'.$k, $v);

        }
        $stmt->execute();

    } catch (PDOException $e) {
        $error = new Errors();
        echo "<b>".$error->displayError($e)."</b>";
    }
    }
   }
}
?>

<form  action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" >  
<input type="text" name="firstname">
<input type="text" name="name">
<input type="text" name="email">
<input type="text" name="office">
<input type="submit" name="submit" value="Submit">
 </form>

如果输入表单和数据库中的键不同,则代码应如下所示:

<?php
require_once ('db.php');

class Users{

    public    $dbh;
    public    $table = "users";
    public    $data = array();
    public    $cols;
    public    $values;
    public    $valid_keys = array("name" => 'db_name', "firstname" => 'db_firstname', "email" => 'db_email', "office" => "db_office");

    public function reg_user($data) {
        if($_SERVER['REQUEST_METHOD'] == 'POST'){
            $dataDB = array();
            $fieldsDB = array();

            foreach ($_POST as $k => $v) {
                if (isset($this->valid_keys[$k])) {                  
                 $dataDB[$k] = $v;
                 $fieldsDB[] = $this->valid_keys[$k];
              }
            }



        $this->cols    =  '`'.implode('`, `', array_values($fieldsDB)).'`' ;
        $this->values  = ':' . implode(", :", array_keys($dataDB));

        //return $this->cols ."<br />".$this->values;
        $db = new  db;
        try{
        $stmt = $db->dbh->prepare ("INSERT INTO $this->table ($this->cols ) VALUES ($this->values)");
        foreach ($dataDB as $k => $v) {

            $stmt -> bindValue(':'.$k, $v);

        }
        $stmt->execute();

    } catch (PDOException $e) {
        $error = new Errors();
        echo "<b>".$error->displayError($e)."</b>";
    }
    }
   }
}
?>

<form  action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" >  
<input type="text" name="firstname">
<input type="text" name="name">
<input type="text" name="email">
<input type="text" name="office">
<input type="submit" name="submit" value="Submit">
 </form>

答案 1 :(得分:0)

您应该验证post数组是否包含您需要的条目(非空值)。

除了验证@ marcin-nabialek答案中提供的密钥外,您还应该验证您的价值观。

e.g:

<?php
$errors = [];
foreach($dataDB as $key => $value) {
    if(empty($value) || someValidationFunction($value) === false) {
        $errors[] = sprintf('%s field was empty or invalid. "%s" is not a valid value for that field', $key, $value);
    }
}

if(!empty($errors)) {
    // do something with the errors here(display a notification to the user) and end the script.
    exit;
}
相关问题
最新问题