我正在使用PHP验证HTML表单。我的所有代码都很好,除了消息字段。如果我在消息字段中放置了某些内容并且其他字段显示错误,则它仍会提交。但是,如果我将某些内容放入其他字段并且其他字段有错误,则不会提交,这是正确的。我怀疑它与我的代码的最后一个if-else有关。先感谢您。
contact.php
<?php
include 'includes/config.php';
$errors = FALSE;
$displayErrors = NULL;
if (isset($_POST['submit'])) {
$first = $_POST['first'];
$last = $_POST['last'];
$email = $_POST['email'];
$subject = $_POST['subject'];
$message = $_POST['message'];
//Connect to MYSQL Database server
$connect = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Could not connect to MYSQL Database.");
$result = mysql_select_db(DB_NAME, $connect) or die("Could not connect to MYSQL table.");
//Clean Data to prevent malicous injections
mysql_real_escape_string(strip_tags(stripcslashes(trim($first))));
mysql_real_escape_string(strip_tags(stripcslashes(trim($last))));
mysql_real_escape_string(strip_tags(stripcslashes(trim($email))));
mysql_real_escape_string(strip_tags(stripcslashes(trim($subject))));
mysql_real_escape_string(strip_tags(stripcslashes(trim($message))));
if (empty($first)) {
$errors = TRUE;
$displayErrors .= 'First name is invalid.<br/>';
}
if (empty($last)) {
$errors = TRUE;
$displayErrors .= 'Last name is invalid.<br/>';
}
if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors = TRUE;
$displayErrors .= 'Email is invalid.<br/>';
}
if (empty($subject)) {
$errors = TRUE;
$displayErrors .= 'Subject is invalid.<br/>';
}
if (empty($message)) {
$errors = TRUE;
$displayErrors .= 'Message is invalid.<br/>';
} else {
$errors = FALSE;
//Database insertion goes here
echo 'Form submission successful. Thank you ' . $first . '.';
}
}
?>
答案 0 :(得分:2)
基本上你是说,如果邮件不是空的那么$errors=FALSE,但你没有考虑所有其他字段。
我建议将错误放在如下的数组中:
$errors['email'] = true;
然后使用foreach
答案 1 :(得分:2)
尝试将else转换为
if($errors == FALSE) {//just corrected the equality operator
//Database insertion goes here
echo 'Form submission successful. Thank you ' . $first . '.'
}
答案 2 :(得分:0)
制作你所有的ifs else ifs 这样你的最后一个不会搞砸你的验证。
答案 3 :(得分:0)
在所有这些if之前,你应该把$ errors = FALSE。然后代替代码末尾的else,你可以把if(!$ errors){//数据库插入到这里}
答案 4 :(得分:-1)
首先,Don't use mysql_* functions in new code。它们不再被维护and are officially deprecated。请参阅red box?转而了解prepared statements,并使用PDO或MySQLi - this article将帮助您确定哪个。如果您选择PDO here is a good tutorial。
我已经整理了你的逻辑,而不是使用$error=true等你应该构建一个错误数组(包含你的错误文本),然后检查那里是否为空,我还清理了魔术引号问题吧好像你有,而且可怕的多个mysql_real_escape_string,希望它有帮助
contact.php
<?php
include 'includes/config.php';
//Connect to MYSQL Database server
$connect = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Could not connect to MYSQL Database.");
$result = mysql_select_db(DB_NAME, $connect) or die("Could not connect to MYSQL table.");
$errors = array();
if ($_SERVER['REQUEST_METHOD']=='POST') {
function clean(&$value){
if (get_magic_quotes_gpc()){
$value = mysql_real_escape_string(strip_tags(trim($value)));
}else{
$value = mysql_real_escape_string(trim($value));
}
}
array_walk($_POST,'clean');
if (empty($_POST['first'])) {
$errors['first']= 'First name is invalid.<br/>';
}else{
$first = $_POST['first'];
}
if (empty($_POST['last'])) {
$errors['last']= 'Last name is invalid<br/>';
}else{
$last = $_POST['last'];
}
if (empty($_POST['email']) || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$errors['email'] = 'Email is invalid.<br/>';
}else{
$email = $_POST['email'];
}
if (empty($_POST['subject'])) {
$errors['subject']= 'Subject is invalid.<br/>';
}else{
$subject = $_POST['subject'];
}
if (empty($_POST['message'])) {
$errors['message']= 'Message is invalid.<br/>';
}else{
$message = $_POST['messsage'];
}
if(empty($errors)){
//Database insertion goes here
echo 'Form submission successful. Thank you ' . htmlentities($first) . '.';
}else{
//Errors, so your have $errors['name'] ect to output
//so somthing like:
echo (isset($errors['name'])?$errors['name']:null);
}
}
?>
您也应该添加一个条件,该值是最小特定长度,strlen($_POST['first']) > 2等。