服务器端验证和插入表

时间:2014-05-15 21:07:55

标签: php mysql forms

当用户将数据输入到输入设备时,此php文件通过post方法使用服务器端验证。我唯一的问题是将数据插入到customers表中,因为它不起作用。我知道这是因为我创建了测试php文件,显示所有客户表格内容和用户输入的数据不存在。我哪里出错了? 

    <?xml version="1.0" encoding="utf-8"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-
    strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
    <title>Prac 2 Task 12</title>

    </head>

    <body>
    <?php

     $conn = mysql_connect("localhost", "twa291", "......"); 
     mysql_select_db("factory291", $conn) 
     or die ('Database not found ' . mysql_error() ); 
     $sql = "SELECT * FROM customer"; 
     $rs = mysql_query($sql, $conn) 
     or die ('Problem with query' . mysql_error()); 

    $ename = $elname = $ecus = $epcode = "";
    $fnamecus = $lnamecus = $idcus = $pcde = "";

    $error_report = false;

    if ($_SERVER["REQUEST_METHOD"] == "POST") {
       if (empty($_POST["customerid"])) {
         $ecus = "Customer ID is required";
    $error_report = true;
       } else {
         $idcus = input_t($_POST["customerid"]);
         // check if numeric
         if (preg_match("/[^0-9]/",$idcus)) {
           $ecus = "Only numbers allowed"; 
    $error_report = true;
    }
        if(strlen($idcus) != 6 && ($idcus) != null)
    {
          $ecus = "Customer ID must be 6 digits"; 
    $error_report = true;
    }
       }
       if (empty($_POST["customerfname"])) {
         $ename = "First name is required";
    $error_report = true;
       } else {
         $fnamecus= input_t($_POST["customerfname"]);
         // check if name only contains letters and whitespace
         if (!preg_match("/^[a-zA-Z-]*$/",$fnamecus)) {
           $ename = "Only alphabetic letters and hyphen";
    $error_report = true; 
         }
        if(strlen($fnamecus) > 20 && ($fnamecus) != null)
    {
          $ename = "First name can't be more that 20 characters long"; 
    $error_report = true;
    }
       }
    if (empty($_POST["customerlname"])) {
         $elname = "Last name is required";
    $error_report = true;
       } else {
         $lnamecus = input_t($_POST["customerlname"]);
         // check if name only contains letters and whitespace
         if (!preg_match("/^[a-zA-Z-]*$/",$lnamecus)) {
           $elname = "Only alphabetic letters and hyphen";
    $error_report = true; 
         }
      if(strlen($lnamecus) > 20 && ($lnamecus) != null)
    {
          $elname = "Last name can't be more that 20 characters long";
    $error_report = true; 
    }
       }
    if (!is_null($_POST["postcode"])) {
         $pcde = input_t($_POST["postcode"]);
         // check if name only contains letters and whitespace
         if (preg_match("/[^0-9]/",$pcde)) {
           $epcode = "Only numbers allowed";
    $error_report = true; 
         }
        if(strlen($pcde) != 4 && ($pcde) != null)
    {
          $epcode = "Post code must be 4 digits";
    $error_report = true; 
    }
      } 
    }
    if($error_report != true) {
    $query="INSERT INTO customer (customerID, firstName, lastName, Address, suburb, state, postcode)
    VALUES ('customerid', 'customerfname', ‘customerlname', 'customeraddress', 'suburb', 
    'state', 'postcode')";
   $queryResult = mysql_query($query, $conn) 
   or die ('Problem with query' . mysql_error()); 
    echo "correct";

    }



    function input_t($data) {
       $data = trim($data);
       $data = stripslashes($data);
       $data = htmlspecialchars($data);
       return $data;
    }
    ?>


    <h1>Customer Information Collection <br /></h1>
    <p><span class="error">* required field.</span></p>
    <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" id="custinfo" >
       <table>
       <tr>
            <td><label for="customerid">Customer ID (integer value): </label></td>
            <td><input type="text" id="customerid" name="customerid" size=11 value="<?php 
    echo $idcus;?>"/><span class="error">* <?php echo $ecus;?></span></td>
        </tr>
       <tr>
            <td><label for="customerfname">Customer Frist Name: </label></td>
            <td><input type="text" id="customerfname" name="customerfname" size=50 value="<?php 
    echo $fnamecus;?>"/><span class="error">* <?php echo $ename;?></span></td>
        </tr>
        <tr>
            <td><label for="customerlname">Customer Last Name: </label></td>
            <td><input type="text" id="customerlname" name="customerlname" size=50 value="<?php 
    echo $lnamecus;?>"/><span class="error">* <?php echo $elname;?></span></td>
        </tr>
       <tr>
            <td><label for="customeraddress">Customer Address: </label></td>
            <td><input type="text" id="customeraddress" name="customeraddress" size=65/></td>

            <td><label for="suburb"> Suburb: </label></td>
        <td><input type="text" id="suburb" name="suburb"/></td>
       </tr>
       <tr>
       <td>
        State:<select name="state" id="state">
            <option value="select">--</option>
            <option value="ACT">ACT</option>
            <option value="NSW">NSW</option>
            <option value="NT">NT</option>
            <option value="QLD">QLD</option>
            <option value="SA">SA</option>
            <option value="TAS">TAS</option>
            <option value="VIC">VIC</option>
             <option value="WA">WA</option>
          </select>
     </td>
        <td><label for="postcode"> Post Code: </label><input type="text" id="postcode" 
    name="postcode" size=4 value="<?php 
    echo $pcde;?>"/><span class="error"><?php echo $epcode;?></span></td>
       </tr>
       </table>
        <p><input type="submit" value="Save Data"/>&nbsp;<input type="reset" value="Clear Form" />
      </tr>
      </form>


    </body>
    </html>

1 个答案:

答案 0 :(得分:0)

您需要在mysql_query上调用$query - 现在您只需定义$ query对象,然后在页面的其余部分忽略它。

echo "correct";

之前的行上添加以下内容 
$queryResult = mysql_query($query, $conn) 
 or die ('Problem with query' . mysql_error());

n.b。我将回应@ Ozmah关于调查PDO或mysqli函数的评论 - 学习不推荐使用的普通mysql函数将具有可疑价值。

相关问题
最新问题