我为我的婚礼网站制作了一个歌曲请求表格,并希望在POST到数据库之前检查我存储表格输入的变量是否为空。我的目标是简单地防止在关闭for时将空行添加到mysql db。
<?php
// extract data from form; store in variable
$artist = $_POST["artist"];
$song = $_POST["song"];
// connect to server
$conn = mysql_connect('host', 'user', 'pass');
// check if you can connect; if not then die
if (!$conn) {
echo "<center>";
die('Could Not Connect: ' . mysql_error());
echo "</center>";
}
// check if you can select table; in not then die
$db = mysql_select_db('database', $conn);
if (!$db) {
echo "<center>";
die('Database Not Selected: ' . mysql_error());
echo "</center>";
}
// Define the query to inser the song request
$insert = mysql_query("INSERT INTO Songs (Artist, Song) VALUES ('$artist', '$song')");
// check if above variables are empty
if (!empty($artist) and !empty($song)) {
echo "<center>";
echo "Insert was succesful<br>";
echo "<a href='index.html' target='_self' >Back</a>";
echo "</center>";
}
else {
echo "<center>";
die("Please fill in at least the artist name");
echo "</center>";
}
// close the connection to the server
mysql_close($conn);
?>
我在一个名为insert.php的文件中有上述内容,当提交索引页面上的表单时会触发该文件。表单使用POST提交并且工作得很好,但是我想阻止空白提交。
编程很新,想学习如何做到这一点。
感谢您的耐心等待。
答案 0 :(得分:4)
作为编程新手,我会给你使用mysql_*函数给人们的经典信息:
Please, don't use
mysql_*functions in new code。它们不再被维护and are officially deprecated。请参阅red box?转而了解prepared statements,并使用PDO或MySQLi - this article将帮助您确定哪个。如果您选择PDO here is a good tutorial。
但是,作为您问题的直接答案:在插入结果后进行验证,而不是之前验证。
另外,如果您使用mysql_ *函数,请记住清理(使用mysql_real_escape_string)您插入数据库的任何内容。清理输入将阻止SQL injections并删除一些漏洞问题。
if($errors) {
// there are errors, don't submit to database
// run through error display process
} else {
// submit to database
$insert = mysql_query("INSERT INTO Songs (Artist, Song) VALUES ('$artist', '$song')");
}
答案 1 :(得分:2)
你真是太近了!所有你需要做的就是检查艺术家和歌曲是否填写后插入插页!
<?php
// extract data from form; store in variable
$artist = $_POST["artist"];
$song = $_POST["song"];
// connect to server
$conn = mysql_connect('host', 'user', 'pass');
// check if you can connect; if not then die
if (!$conn) {
echo "<center>";
die('Could Not Connect: ' . mysql_error());
echo "</center>";
}
// check if you can select table; in not then die
$db = mysql_select_db('database', $conn);
if (!$db) {
echo "<center>";
die('Database Not Selected: ' . mysql_error());
echo "</center>";
}
// check if above variables are empty
if (!empty($artist) and !empty($song)) {
// Define the query to inser the song request
$insert = mysql_query("INSERT INTO Songs (Artist, Song) VALUES ('$artist', '$song')");
if($insert) {
echo "<center>";
echo "Insert was succesful<br>";
echo "<a href='index.html' target='_self' >Back</a>";
echo "</center>";
}
}
else {
echo "<center>";
die("Please fill in at least the artist name");
echo "</center>";
}
// close the connection to the server
mysql_close($conn);
就是这样!
答案 2 :(得分:0)
使用空应该就够了。还有isset
答案 3 :(得分:0)
嗯,您已经与empty核对了。只需在插入之前移动它并采取相应的行动
if (empty($artist)) {
echo "<center>";
die("Please fill in at least the artist name");
echo "</center>";
}
或检查两者
if (empty($artist) or empty($song)) {
...
}
答案 4 :(得分:0)
首先通过函数验证变量或使用if语句
if (!empty($artist) && !empty($song))
{ $insert = mysql_query("INSERT INTO Songs (Artist, Song) VALUES ('$artist', '$song')");}