PHP忽略if语句

时间:2015-10-09 10:47:01

标签: php html forms preg-match

我在这里遇到一个非常奇怪的问题,我提交表格后,我的if else语句会被忽略,输入或输入的所有值都会进入数据库。

首先,我预先填写注册期间提交的信息的所有字段,然后用户可以编辑和更改他们的信息 - 这很好但我决定添加它,因为我不知道它是否可能有这个神秘错误。

这是我检索细节的代码,保存检索值的变量在表单中的各自字段中回显。

<?php
include("connect.php");
$results = $conn->query("SELECT username, first_name,last_name,   email,phone,address FROM users WHERE email='$user_logged'");


while ($row = $results->fetch_assoc()) {
    $u_name  = $row['username'];
    $f_name  = $row['first_name'];
    $l_name  = $row['last_name'];
    $email   = $row['email'];
    $phone   = $row['phone'];
    $address = $row['address'];
}

$results->free();

$conn->close();
?>

它没有检查空字段。函数test_inputpreg_match不起作用。表单刚刚提交,数据库也会更新。

我花了两天的时间来查找错误的位置,但我无法检测到它。

<?php
$user_logged = $_SESSION['logged_in'];
if (isset($_POST['btnUpdate'])) {
    include("connect.php");
    $phoneErr   = $f_nameErr = $l_nameErr = "";
    $user_email = $first_name = $last_name = $phone_upadate = $address_updated = "";


    if (empty($_POST["fname"])) {
        $f_nameErr = "First Name is required";
    } else {
        $first_name = test_input($_POST["fname"]);
        if (!preg_match("/^[a-zA-Z ]*$/", $first_name)) {
            $f_nameErr = "Only letters and white space allowed";
        }
    }

    if (empty($_POST["lname"])) {
        $l_nameErr = "Last Name is required";
    } else {
        $last_name = test_input($_POST["lname"]);
        if (!preg_match("/^[a-zA-Z ]*$/", $last_name)) {
            $l_nameErr = "Only letters and white space allowed";
        }
    }

    if (empty($_POST["phone"])) {
        $phoneErr = "Phone No is required";
    } else {
        $phone_upadate = test_input($_POST['phone']);
        if (!preg_match("/^[0-9]{0,18}$/", $phone_upadate)) {
            $phoneErr = "Only numbers and white space allowed";
        }

    }
    $user_email      = $_POST['email'];
    $address_updated = $_POST['txtaddress'];

    $results = $conn->query("UPDATE users SET   
        first_name='$first_name',last_name='$last_name', 
        email='$user_email',phone='$phone_upadate',
        address='$address_updated' 
        WHERE email='$user_logged'");

    if ($results) {

        header("Location: edit-info.php");
    } else {
        print 'Error : (' . $conn->errno . ') ' . $conn->error;
    }

}

function test_input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}
?>

这是我的HTML代码

<form action="edit-info.php" method="POST">
   <?php $username_error="can't be changed"; ?>
   <p>Username</p>
   <p><input type="text" name="username" id="txtuser"  value="<?php echo  $u_name; ?>" readonly></input><span id="error"><?php echo $username_error?></span></p>
   <p>First Name</p>
   <p><input type="text" name="fname" id="txtuser"  value="<?php echo $f_name; ?>"></input><span id="error"><?php echo $f_nameErr;?></span></p>
   <p>Last Name</p>
   <p><input type="text" name="lname" id="txtuser"  value="<?php echo $l_name; ?>" ></input><span id="error"><?php echo $l_nameErr;?></span></p>
   <p>Email</p>
   <p> <input type="text" name="email" id="txtuser" value="<?php echo $email; ?>"  readonly></input><span id="error"><?php echo $f_nameErr;?></span></p>
   <p>Phone</p>
   <p><input type="text" name="phone" id="txtuser" value="<?php echo $phone; ?> " ></input></p>
   <span id="error"><?php echo $phoneErr;?></span>
   <p>Address</p>
   <p><textarea id="txtaddress" name="txtaddress" cols="40" rows="10" ><?php echo  $address; ?></textarea></p>
   <p><input type="submit" name="btnUpdate" value="UPDATE" /></p>
</form>

2 个答案:

答案 0 :(得分:0)

您可以尝试替换

"/^[a-zA-Z ]*$/"

"/^[a-zA-Z ]+$/"

请注意,我们正在使用multiplication sign替换summation sign

答案 1 :(得分:0)

在进行UPDATE之前,你需要检查$ phoneErr,$ f_nameErr,$ l_nameErr的值

if(empty($phoneErr) && empty($f_nameErr) && empty($l_nameErr)){
   $results = $conn->query("UPDATE users SET      first_name='$first_name',last_name='$last_name', email='$user_email',phone='$phone_upadate',address='$address_updated' WHERE email='$user_logged'");
}

因为当您在empty或preg_match中有任何验证错误时,您正在更新这些值。并且不检查这些$ phoneErr,$ f_nameErr,$ l_nameErr变量,您正在进行更新