感谢您花时间阅读此内容....
我的任务是验证php表单并在新页面“process-comp.php”中处理它 我可以在JS中验证它 我可以在PHP中验证它。 问题:如果验证不正确,则会提示错误。 如果它正确验证它不会去任何地方并且不处理表格
一旦表单完成并经过验证,我需要知道如何将表单及其值重定向到“process-comp.php”。
如果有错误,我不希望用户再次在空白字段中输入信息,只是为了纠正错误的字段。
我如何防范XSS(跨站点脚本)攻击,
请在下面找到代码:
<?PHP
require_once ("formvalidator.php");
$show_form=true;
if(isset($_POST['Submit']))
{// We need to validate only after the form is submitted
//
// The first argument is the name of the input field in the form.
// The second argument is the validation descriptor that tells the type of the validation required.
// The third argument
// is the error message to be displayed if the validation fails.
//
//Setup Server side Validations
//Please note that the element name is case sensitive
$validator = new FormValidator();
$validator->addValidation("FIRSTNAME_FIELD","req","Please enter first name");
$validator->addValidation("LASTNAME_FIELD","req","Please neter your surname");
$validator->addValidation("EMAIL_FIELD","email","Enter a valid email value");
$validator->addValidation("EMAIL_FIELD","req","Please enter an Email");
$validator->addValidation("STORE_NAME_FIELD","req","Please select a store");
//Then validate the form
if($validator->ValidateForm())
{
//
// How do i make it to process the form it is correctly to "process-page.php"
//
}
else
{
echo "<B>Validation Errors:</B>";
$error_hash = $validator->GetErrors();
foreach($error_hash as $inpname => $inp_err)
{
echo "<p>$inpname : $inp_err</p>\n";
}
}
}
if(true == $show_form)
{
?>
<form class="" name="emvForm" id="emvForm" action="" method="POST" style="" >
<table width="380" border="0" cellspacing="10" cellpadding="" style="">
<tr>
<td class="form-comp"><label for="FIRSTNAME_FIELD" style="">First name*</label></td>
<td><input type="text" class="required nameaa " id="FIRSTNAME_FIELD" name="FIRSTNAME_FIELD" value="" size="25" maxlength="64" style=""></td>
</tr>
<tr>
<td class="form-comp"><label for="LASTNAME_FIELD">Surname* </label></td>
<td><input type="text" class="required nameaa" id="LASTNAME_FIELD" name="LASTNAME_FIELD" value="" size="25" maxlength="64" style=""></td>
</tr>
<tr>
<td class="form-comp"><label for="EMAIL_FIELD">Email*</label></td>
<td><input type="text" id="EMAIL_FIELD" class="required email" name="EMAIL_FIELD" value="" size="25" maxlength="64" style=""></td>
</tr>
<tr>
<td class="form-comp"><label for="STORE_NAME_FIELD">Select shop*</label></td>
<td><select id="STORE_NAME_FIELD" name="STORE_NAME_FIELD" class="required" style="">
<option selected disabled="disabled" value="">Select shop</option>
<option value="Aberdeen |T: 0123456789 | 345 Lorem High St EFG 456">Aberdeen </option>
<option value="Acton | T: 0123456789 | 123 Ipsum High St ABD 123">Acton </option>
<option value="Aldgate">Aldgate </option>
<option value="Ashford">Ashford </option>
<option value="Aylesbury">Aylesbury </option>
<option value="Baker Street">Baker Street </option>
</select></td>
</tr>
<tr>
<td> <label for="STORE_NAME_FIELD"> </label>
</td>
<td>
<input type='submit' name='Submit' value='Submit form' style=" cursor:pointer;">
</td>
</tr>
</table>
<input type="hidden" id="SOURCE_FIELD" name="SOURCE_FIELD" value="St-Petes">
<input type="hidden" id="PROMO_FIELD" name="PROMO_FIELD" value="<?php echo($Promo); ?>">
<input type="hidden" id="PROMO2_FIELD" name="PROMO2_FIELD" value="<?php echo($Promo2); ?>">
</form>
<?PHP
}//true == $show_form
?>
</table>
答案 0 :(得分:2)
根据您的流程页面的样子,这应该是最简单的方法。
if($validator->ValidateForm())
{
include("process-page.php");
}
但我建议将文件的相关部分“复制”到当前文件中,因为像这样,任何人(具有相关知识的人)都可以直接POST到处理站点并绕过验证。
答案 1 :(得分:1)
我会sugeest哟用ajax来做。
将表单数据发送到proccess-page.php,如果有效则返回true,如果无效则返回错误消息。
这将为您提供有关如何阻止XSS的信息:How to prevent XSS with HTML/PHP?