请查找index.html和submit.php文件的代码。在loopo的帮助下,两者都很完美。我正在苦苦挣扎地放置验证码(在index.html文件或submit.php文件中)。我在html文件中使用html5输入类型,我不知道确认在submit.php文件中的确切位置。我有多种形式,我按照建议制作了validations.php。我也不明白错误信息会在哪里显示?
你能否在submit.php文件中建议一个位置,我应该通过编辑我的submit.php文件来添加这些验证?
电子邮件的正则表达式('/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/')
正则表达式(^(?:(?:\+|0{0,2})91(\s*[\-]\s*)?|[0]?)?[789]\d{9}$)
index.html文件
<form method="post" action="submit.php">
<div class="box">
<div class="cl"><input type="text" name="name" placeholder="Name" /></div>
<div class="cl"><input type="text" name="city" placeholder="City" /></div>
<div class="cl"><input type="text" name="mobile" placeholder="Mobile" /></div>
<div class="cl"><input type="email" name="email" placeholder="Email" /></div>
<div class="cl"><input type="text" name="sub" placeholder="Want 3 m Free Subscription (Yes/No)?"></textarea></div>
<div class="cl"><input type="text" name="slogan" placeholder="Suggest a slogan for 6 m subscription"></textarea></div>
</div>
<div class="srow">
<div class="cl1">
<ul class="action">
<li><input type="submit" value="Submit" /></li>
</ul>
</div>
</div>
</form>
submit.php文件
<?php
include 'config.php'; // store your configuration in a seperate file so
// you only need to update it once when your environment changes
$errors = false;
$output = '';
$nl = '<br>'.PHP_EOL;
$redirect_url = 'index.html';
if (!$con = new mysqli(DBHOST,DBUSER,DBPASS,DBNAME)){
$errors = true;
$output .= "ERROR Can't connect to DB".$nl;
};
if (!$errors){
//should validate/clean $_POST before using in query
$name = $con->escape_string($_POST['name']);
$city = $con->escape_string($_POST['city']);
$email = $con->escape_string($_POST['email']);
$mobile = $con->escape_string($_POST['mobile']);
$sub = $con->escape_string($_POST['sub']);
$slogan = $con->escape_string($_POST['slogan']);
$sql="INSERT INTO members
(sName, sCity, sMobile, sEmail, sSub, sSlogan)
VALUES ('$name', '$city', '$mobile', '$email',
'$sub','$slogan')";
if (!$con->query($sql)){ //forgot a parenthesis here earlier
$output .= 'ERROR: DB said: ('.$con->errno.') '.$con->error.$nl;
$output .= 'Query was:'.$sql.$nl;
$errors = true;
}else{
$output .= "1 record added".$nl;
}
}
if (!$errors){
//if there are no errors redirect to index.html;
header('refresh: 2; URL='.$redirect_url);
$output .= '...Redirecting...'.$nl;
}else{
//show the errors and allow display a link to go back/try again
$output .= '<a href="'.$redirect_url.'">Try again</a>'.$nl;
}
echo $output;
?>
loopo建议的验证,但不知道放置它的确切位置。我制作了一个validations.php文件并包含在submit.php中,但可能是我的语法错误,因为它无效。
function validate_name($input){
// fairly naive rule:
// upper and lower case latin characters and space
// at least three character long
// you may want to look at allowing other characters such as é ö etc.
$input = trim($input); //get rid of spaces at either end
if (preg_match('/^[a-zA-Z ]{3,}$/',$input) == 1){
return $input;
}else{
return false;
}
}
if (!empty($_POST['name']){
if (!$name = $con->escape_string(validate_name($_POST['name'])){
$error = true;
$output .= 'ERROR: Invalid Name: '.$_POST['name'].$nl;
}
}else{
$error = true;
$output .= 'ERROR: No name specified'.$nl;
}
答案 0 :(得分:2)
可以通过直接向php文件发送请求来绕过html验证,因此在服务器端验证信息是一个不错的选择。
我建议你最好使用php的内置函数filter_var,以获得干净的代码和准确/安全的结果,试试这个:
function validateEmail($email){
if(filter_var($email,FILTER_VALIDATE_EMAIL)){
return true;
}
}
function validatePhonenb($nb){
if(filter_var($nb,FILTER_VALIDATE_REGEXP,array("options"=>array("regexp"=>"/^(?:(?:\+|0{0,2})91(\s*[\-]\s*)?|[0]?)?[789]\d{9}$/"))){
return true;
}
}
由于没有验证电话号码,我使用你的正则表达式,顺便说一句,你可以使用var_filter sanitize电话号码,然后再继续验证它
我有多种形式,我按照建议制作了validations.php。我是 也不了解错误信息的显示位置
错误消息将显示在页面底部,因为它们在代码末尾被回显
echo $output;
?>
如果它们没有被移位,则改变回显包含错误的输出的位置并在其后执行die(),以便脚本在显示错误后停止执行