当我提交空表单时,会显示成功消息,但不确定原因。如果有任何内容留空,它不应该通过第一个if语句,为什么显示这个?
我之前使用if语句使用变量但由于未定义的索引错误而更改了它们。包含任何缺少字段的表单应显示代码
中显示的错误消息PHP:
<?php
require_once 'db/connect.php';
$error='';
$success='';
if (isset($_POST['submit'])) {
if ( (isset($_POST['Forename'])) && (isset($_POST['Surname'])) && (isset($_POST['Gender'])) && (isset($_POST['YearGroup'])) ) {
/*print_r($_POST);*/
$forename = $_POST['Forename'];
$surname = $_POST['Surname'];
$gender = $_POST['Gender'];
$yeargroup = $_POST['YearGroup'];
//To protect MySQL injection
$forename= stripslashes($forename);
$surname = stripslashes($surname);
$forename = mysqli_real_escape_string($con, $forename);
$surname = mysqli_real_escape_string($con, $surname);
if ($teacher_form = $con->query("SELECT Form FROM teacher WHERE Username = '" . $_SESSION['Username'] . "'")) {
$row1 = $teacher_form->fetch_assoc();
$form = $row1['Form'];
$con->query("INSERT INTO student (Forename, Surname, Gender, Year_group, Form) VALUES (\"" . $forename ."\", \"" . $surname . "\", \"" . $gender . "\", " . $yeargroup . ", \"" . $form . "\") ");
$success = 'Student has been successfully added to the database';
}
}
else {
$error='All fields must be completed';
}
}
?>
HTML表单:
<?php
session_start();
require_once 'db/checkuserloggedin.php';
include 'db/header.php';
include 'addstudent.php';
?>
<!DOCTYPE html>
<html>
<head>
<title>Add students</title>
</head>
<body>
<div id="logoutbutton">
<button class="btn" onclick="location.href='logout.php'">Logout</button>'
</div>
<link rel="stylesheet" type="text/css" href="styles.css">
<?php echo "<form method =\"POST\">"; ?>
<h3> Add student </h3>
<table>
<tr>
<td>Forename</td>
<td><input type="text" name="Forename"></td>
</tr>
<tr>
<td>Surname</td>
<td><input type="text" name="Surname"></td>
</tr>
<tr>
<td>Gender</td>
<td><select name ="Gender">
<option value="" style="display:none;"></option>
<option> M </option>
<option> F </option>
</select> <br>
</td>
</tr>
<tr>
<td>Year group</td>
<td><select name ="YearGroup">
<option value="" style="display:none;"></option>
<option> 7 </option>
<option> 8 </option>
<option> 9 </option>
<option> 10 </option>
</select> <br>
</tr>
</table>
<input type="submit" name="submit" value ="Add">
<input type="reset" value ="Reset"> <br>
<span class="error"><?php echo $error;?></span>
<span class="error"><?php echo $success;?></span>
<?php echo "</form>"; ?>
</body>
</html>
答案 0 :(得分:0)
使用空功能并更换&amp;&amp;运算符||
if (isset($_POST['submit'])) {
if ( (empty($_POST['Forename'])) || (empty($_POST['Surname'])) || (empty($_POST['Gender'])) || (empty($_POST['YearGroup'])) ) {
答案 1 :(得分:0)
isset才返回false。
您的输入字段始终存在于表单中,因此用户将发布空值,即使它们没有填充每个字段。 PHP中的空和 null 是不同的。
最好检查$_POST数组的每个键是否按照您的预期定义。它可以保护您免受XSS漏洞的攻击。</ p>
但您还想检查定义的键是否包含非空值。我建议您对每个输入使用以下检查:
if (isset($_POST['Forename']) && $_POST['Forename'] !== '') {
...
}
还有一个empty函数可以在一次调用中执行这两项检查:
if (!empty($_POST['Forename'])) {
...
}
请注意,如果您的用户在其中一个字段中输入 0 (零),则后者不起作用,因为这被视为空值。
如果您的某个字段可能包含有效的 0 值(例如,子女数量,经验年数......),则可以使用isset($var)和{{1 }}
This post可能会给你一个更明确的解释。