如何防止Web表单提交空白字段

时间:2014-02-28 13:46:40

标签: php html forms

我有一个网络表单,用户需要输入以下字段的信息:全名,联系电话和最佳通话时间。填写完这些字段后,用户将提交表单,然后将数据添加到数据库中,但是,我现在的问题是我的Web表单忽略了我设置的验证并允许用户提交空白Web表单。我不确定这可能是我编写代码的方式吗?不过,我该如何解决这个问题?

PHP

<?php
require_once($_SERVER['DOCUMENT_ROOT'].'/inc/bootstrap.php');
include("config/cn.php");
$template['template']="page";


    // define variables and set to empty values
    $nameErr = $contactErr = $callErrErr = "";
    $full_name = $contact_number = $best_time_to_call = "";

if ($_SERVER["REQUEST_METHOD"] == "POST")
{

   if (empty($_POST["full_name"]))
     {$nameErr = "Full name is required";}
   else
     {$full_name = test_input($_POST["full_name"]);}

   if (empty($_POST["contact_number"]))
     {$contactErr = "Contact number is required";}
   else
     {$contact_number = test_input($_POST["contact_number"]);}

   if (empty($_POST["best_time_to_call"]))
     {$callErr = "Must not be left blank";}
   else
     {$best_time_to_call = test_input($_POST["best_time_to_call"]);}


 $enter_sql = "INSERT INTO contact (full_name,contact_number,best_time_to_call) VALUES('$full_name','$contact_number','$best_time_to_call')";
    /*print($enter_sql);*/

    $enter_query = mysql_query($enter_sql) or die(mysql_error());

    header('Location: /thankyou.php');
    exit;


}

function test_input($data)
{
     $data = trim($data);
     $data = stripslashes($data);
     $data = htmlspecialchars($data);
     return $data;
}


?>

HTML

<form name="frmContact" id="frmCallContact" method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<table width="100%" border="0" cellspacing="1" cellpadding="0" class="TableFormat">
<tr><th align="left" valign="top" colspan="2">Call me back</th></tr>
<tr><td align="right" valign="top">Full Name:</td>
<td><input type="text" name="full_name" id="full_name" style="width:250px;" title="Please enter your full name"/><span class="error">* <?php echo $nameErr;?></span></td></tr>
<tr>
<td align="right" valign="top">Contact Number:</td>
<td><input type="text" name="contact_number" id="contact_number" style="width:250px;" />
<span class="error">*<?php echo $contactErr;?></span></td>
</tr>
<tr>
<td align="right" valign="top">Best Time to Call:</td>
<td><input type="text" name="best_time_to_call" id="best_time_to_call" style="width:250px;"  title="Please enter your best time to call"/>
<span class="error">*<?php echo $callErr;?></span></td>
</tr>
<tr>
<td align="right" valign="top">&nbsp;</td>
<td><!--<a name="submit" href="#"><img src="/img/bn_submit.png" width="93" height="28" /></a>--><input type="submit" name="Submit" value="Submit">
</tr>
</table>
</form>

1 个答案:

答案 0 :(得分:0)

$myflag = true;    //create a flag

1.

if (empty($_POST["full_name"]))
    {
    echo $nameErr = "Full name is required"; // echo the error
    $myflag = false;   //change status of flag
    }

2.

if ( $myflag )
    {
    //if flag is true then insert data;
    $enter_sql = "INSERT INTO contact (full_name,contact_number,best_time_to_call) VALUES('$full_name','$contact_number','$best_time_to_call')";
    }

3.如果数据直接从用户插入数据库

,则您很容易受到SQL注入攻击