验证表单然后使用php提交到数据库

时间:2014-08-20 23:48:31

标签: php

我一直不愿意回到Stackoverflow来问这个问题。它肯定被多次询问过,但每个答案都无法解决问题。我尝试过Header()修复:https://stackoverflow.com/a/18820079/3831297无效,现在我一直试图只是从同一页面进行验证和提交。

当我使用Header重定向时,不会发生任何事情,也不会重定向到下一页,同时也没有出于任何错误。这让我得到了下面的方法..一堆代码,我花了60多个小时试图从这里找到的答案以及其他网站上班。

我一直试图用这个版本做验证:

 if(empty()) {
   display error 
 }else{
   variable = true

 if(variable = true){ 
  post to database
 }

我为重复的问题以及我完全缺乏知识而道歉。我正在学习这些动手项目。

<?php
    if (mysqli_connect_errno()) {
    echo "Connection to the database failed! Submitting a story will not work! Try again in a few minutes!" . mysqli_connect_error();
    }else{
        echo "<br>";
        echo "<h4>" . "Database connected successfully... It is safe to submit a story!" . "</h4>";
}
$TitleErr = $StoryErr = $AuthorErr = $DateErr = "";
$Title = $Story = $Author = $Date = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (empty($_POST["Title"])) {
        $TitleErr = "Title is required!";
    }else{
        $valid1 == true;
        }
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (empty($_POST["Story"])) {
        $StoryErr = "Story is required!";
    }else{
        $valid2 == true;
        }
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (empty($_POST["Author"])) {
        $AuthorErr = "Author is required!";

    }else{
        $valid3 == true;
        }
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if(empty($_POST["Date"])) {
        $DateErr = "Date is required!";

    }else{
        $valid4 == true;
        }
}
if ($valid1 = $valid2 = $valid3 = $valid4 = true) {
    $Title = mysqli_real_escape_string($con, $_POST['Title']);
    $Date = mysqli_real_escape_string($con, $_POST['Date']);
    $Author = mysqli_real_escape_string($con, $_POST['Author']);
    $Story = mysqli_real_escape_string($con, $_POST['Story']);

    $sql="INSERT INTO Moderate (Title, Story, Author, Date)
    VALUES ('$Title', '$Story', '$Author', '$Date')";
    if (!mysqli_query($con,$sql)) {
        die('Error: ' . mysqli_error($con));
        }else{
            echo "<br>";
            echo "Story submitted for moderation!";
            }
}


mysqli_close($con);

//Insert into database
//$sql="INSERT INTO Moderate (Title, Story, Author, Date)
//VALUES ('$Title', '$Story', '$Author', '$Date')";
?>
        <h2>Submit News</h2>
        <?php// echo htmlspecialchars($_SERVER["PHP_SELF"]);?>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
<span class="error">* <?php echo $TitleErr;?></span>
Title: <input type="text" name="Title">
<span class="error">* <?php echo $AuthorErr;?></span>
Author: <input type="text" name="Author">
<span class="error">* <?php echo $DateErr;?></span>
Date: <input type="date" name="Date">
<input type="submit"><br>

<span class="error">* <?php echo $StoryErr;?></span>
Story: <br><textarea type="textarea" rows="40" cols="100" name="Story" method="post"></textarea>
</form>
</div>
<?php

//// escape variables for security
//$Title = mysqli_real_escape_string($con, $_POST['Title']);
//$Story = mysqli_real_escape_string($con, $_POST['Story']);
//$Author = mysqli_real_escape_string($con, $_POST['Author']);
//$Date = mysqli_real_escape_string($con, $_POST['Date']);

//Insert into database


?>

2 个答案:

答案 0 :(得分:0)

我要冒险回答。我看到的主要内容是您使用==作为作业,=作为比较。这是倒退。

$valid4 == true;应为$valid4 = true;

if ($valid1 = $valid2 = $valid3 = $valid4 = true)应该是if ($valid1 == $valid2 == $valid3 == $valid4 == true)或者不是,因为它实际上必须是:

if ($valid1==true && $valid2==true && $valid3==true && $valid4==true)

使用赋值可以叠加运算符,但是使用布尔比较,将比较与(&amp;&amp;)结合使用。

只是一些建议,不要让页面提交给自己。创建一个单独的页面来处理显示表单的表单。这样,如果你想升级到使用Ajax,它就容易多了。此外,在执行此类数据库更新后,您始终需要重定向到另一个页面以防止双重提交(除非使用ajax)。执行db更新的页面不应该打印任何内容,只是执行db update和redirect,除非出现验证错误。

答案 1 :(得分:0)

将您的PHP更改为:

if (isset($_POST['Title'],$_POST['Date'], $_POST['Author'], $_POST['Story'] )){

    $con = mysqli_connect("localhost", "my_user", "my_password", "db");

    /* check connection */
    if (mysqli_connect_errno()) {
        printf("Connect failed: %s\n", mysqli_connect_error());
        exit();
    }

    $title = $_POST['Title'];
    $date = $_POST['Date'];
    $author = $_POST['Author'];
    $story = $_POST['Story'];

    $query = "INSERT INTO Moderate (Title, Story, Author, Date) 
              VALUES (?, ?, ?, ?)"    

    /* create a prepared statement */
    if ($stmt = mysqli_prepare($con, $query)) {
        /* bind parameters for markers */
        mysqli_stmt_bind_param($stmt, "ssss", $city);    
        /* execute query */
        mysqli_stmt_execute($stmt);  
        /* close statement */
        mysqli_stmt_close($stmt);
    }   
    /* close connection */
    mysqli_close($con);
}