的index.php
<?php
/**
* This function can be used to check the sanity of variables
*
* @access private
*
* @param string $type The type of variable can be bool, float, numeric, string, array, or object
* @param string $string The variable name you would like to check
* @param string $length The maximum length of the variable
*
* return bool
*/
function sanityCheck($string, $type, $length){
// assign the type
$type = 'is_'.$type;
if(!$type($string))
{
return FALSE;
}
// now we see if there is anything in the string
elseif(empty($string))
{
return FALSE;
}
// then we check how long the string is
elseif(strlen($string) > $length)
{
return FALSE;
}
else
{
// if all is well, we return TRUE
return TRUE;
}
}
/**
* This function if the $_POST vars are set
*
* @access private
*
* return bool
*/
function checkSet(){
return isset($_POST['phone'], $_POST['email']);
}
/**
* This function checks a number is greater than zero
* and exactly $length digits. returns TRUE on success.
*
* @access private
*
* @param int $num The number to check
* @param int $length The number of digits in the number
*
* return bool
*/
function checkNumber($phone){
return preg_match('/^([7][7]|[7][8])([0-9]{6})$/i', $phone) ? TRUE : FALSE;
}
/**
* This function checks if an email address in a valid format
*
* @access private
*
* @param string $email The email address to check
*
* return bool
*/
function checkemail($email){
return preg_match('/^[^0-9][a-zA-Z0-9_]+([.][a-zA-Z0-9_]+)*[@][a-zA-Z0-9_]+([.][a-zA-Z0-9_]+)*[.][a-zA-Z]{2,4}$/', $email) ? TRUE : FALSE;
}
// check all our variables are set
if(checkSet() != FALSE)
{
// check the POST variable phone number is same, and is not empty
if(empty($_POST['phone'])==FALSE && sanityCheck($_POST['phone'], 'numeric', 8) != FALSE && checkNumber($_POST['phone'], 8) == TRUE)
{
//If all is well we can assign the value of POST field to a variable
$phone = $_POST['phone'];
}
else
{
// if all is not well, we echo an error and exit the script
echo 'Invalid phone number';
// and exit the script
exit();
}
// check the sanity of the useremail sent from the form
if(sanityCheck($_POST['email'], 'string', 50) != FALSE && checkemail($_POST['email']) != FALSE)
{
// if the checks are ok for the email we assign the email address to a variable
$email = $_POST['email'];
}
else
{
// if all is not well we echo an error message
echo 'Invalid email';
// and exit the script
exit();
}
// Connect to the MySQL
$link = mysql_connect('localhost', 'root', '');
if (!$link)
{
die('Not connected : ' . mysql_error());
}
// select test as the current db
$db_selected = mysql_select_db('mydb', $link);
if (!$db_selected)
{
die ("Database not selected : " . mysql_error());
}
// Build our query here and check each variable with mysql_real_escape_string()
$query = sprintf("INSERT INTO users (phone, email)
VALUES( '%s', '%s')",
mysql_real_escape_string($phone),
mysql_real_escape_string($email));
// run the query
if(!mysql_query($query))
{
echo 'Query failed '.mysql_error();
exit();
}
else
{
echo '';
}
}
?>
<html>
<head>
<title>Info</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<div align="center">
<table width="320" height="350" border="0" cellpadding="0" cellspacing="0">
<tr>
<td valign="top" background="front.jpg"><p align="center"></p>
<p> </p>
<p> </p>
<form method="post" name="form2" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" >
<table align="center">
<tr valign="baseline">
<td nowrap align="right">Phone Number:</td>
<td><input type="numeric" name="phone" value="" size="25" maxlength="8"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">Email:</td>
<td><input type="text" name="email" value="" size="25"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right"> </td>
<td><input name="submit" type="submit" value="Confirm">
</td>
</tr>
</table>
<input type="hidden" name="MM_insert" value="form2">
</form>
<p> </p></td>
</tr>
</table>
<p> </p>
</div>
</body>
</html>
答案 0 :(得分:0)
将所有错误放入错误数组中。然后,在每个输入旁边输出与该输入相对应的错误。
if (!isset('email') errors['email'] = 'You must enter a valid email.';
// More validation
// In the form...
<input type="email" name="email" value="<?php $_POST['email']; ?>" />
<?php if (isset($errors['email']) echo "<span>$errors['email']</span>"; ?>