没有char的Php验证表单

时间:2016-07-17 07:14:22

标签: javascript php

我遇到了问题。我需要用户无需发送内容即可发送表单 我有这样的表格:

<div id="content" class="inner-wrapper reg">
	<div id="mside">
    <div class="section goback">
	<div class="btn-back"><a class="back" onClick="history.go(-1)"><?= $lang['profile']['back'] ?></a></div>
    </div>
		<div class="section register">
			<form id="mail-cons" method="post" action="" enctype="multipart/form-data" >
				
				<div class="step2">
				<ul class="step-ul">
					<h2>Asesoría vía correo electrónico</h2>

<?//Primul pas pt user, descrierea problemei
if(loggedtype()=='user' AND $data['user_description']==''){?>
					<div class="step-message sys-info"><img class='small icon' src='<?=$url_base?>css/images/icons/information.png' alt=''/> <?=$lang['mc']['user_step1']?></div>

					<div class="row  mail-cnsl">
						</div>
					<div class="row">
				      <textarea id="descriere2 " name="descriere" class="tinymce" rows="20" cols="50" style="width: 554px; height: 517px;"><?php echo $_REQUEST["descriere"];?></textarea>
					</div>
		<div class="row submit mail-cnsl">
						<input type="submit" name="submitdesc"  value="Enviar solicitud!"  />
					</div>

			<? } ?>

此功能用于验证:

<script type="text/javascript">
function validate_required(field,alerttxt)
{
with (field)
  {
  if (value==null||value=="")
    {
    alert(alerttxt);return false;
    }
  else
    {
    return true;
    }
  }
}

function validate_form(thisform)
{
with (thisform)
  {
  if(window.clicked) return true;
  if (validate_required(user_description_extra,"Por favor, introduzca el motivo del rechazo!")==false)
   {user_description_extra.focus();return false;}
    }
}
</script>

<script type="text/javascript">
function validate_length(f,a,l){
    z=f.value;
    x=z.length;
    if (x<l){alert (a); f.focus(); return false;}
    return true;
}
</script>

此功能用于提交:

if(isset($_POST['submitdesc'])){
   $upd = mysql_query("UPDATE discussion SET active='0' WHERE id='".$_GET['iddisc']."'") or die(mysql_error());

   $sel = mysql_query("SELECT * FROM discussion WHERE id='".$_GET['iddisc']."'") or die(mysql_error());
   $data = mysql_fetch_array($sel);

   $upd_mc = mysql_query("UPDATE mail_counseling SET new_user=0, new_cons=1, user_description='".mysql_real_escape_string($_POST['descriere'])."' WHERE id_disc='".$_GET['iddisc']."'") or die(mysql_error());

   //Notificari
   if($_SESSION['loggedin']['type']=='user'){
      $insid = $user['id_user'];
      $type1 = 'user';
      $type2 = 'client';
   }else{
      $insid = $cons['id_counselor'];
      $type1 = 'consilier';
      $type2 = 'counselor';
   }



   $insnotifs = mysql_query("INSERT INTO mc_notifs (type,id_user,message) VALUES ('".$_SESSION['loggedin']['type']."','".$insid."','".mysql_real_escape_string($message)."')") or die(mysql_error());
   //End Notificari

   //Send notification mail
   $query_tpl_mail = "SELECT * FROM mails WHERE id_mails='6'";
   $tpl_mail = mysql_query($query_tpl_mail, $conn) or die(mysql_error());
   $row_tpl_mail = mysql_fetch_assoc($tpl_mail);

   $subject = $row_tpl_mail['title_mail'.$lng_s_tb];
   $message = $row_tpl_mail['description'.$lng_s_tb];
   avertizare_mail($cons["email"],$subject,$lang['mc']['notif1']);
   avertizare_mail($user["email"],$subject,$lang['mc']['notif11']);
   header("Location: ".$url_base."$tip_user-account/mail-counseling/ok/");
   exit;

}

但是不要工作。我可以帮助我吗?

1 个答案:

答案 0 :(得分:0)

不要依赖客户端验证。关闭javascript可能会使您的表单容易受到攻击。你必须更安全,更轻松地在php中完成这项工作。

if(isset($_POST['submitdesc'])){

    $desc = htmlspecialchars(trim($_POST['descriere']))); 

    if(isset($desc)){
           $upd = mysql_query("UPDATE discussion SET active='0' WHERE id='".$_GET['iddisc']."'") or die(mysql_error());

   $sel = mysql_query("SELECT * FROM discussion WHERE id='".$_GET['iddisc']."'") or die(mysql_error());
   $data = mysql_fetch_array($sel);

   $upd_mc = mysql_query("UPDATE mail_counseling SET new_user=0, new_cons=1, user_description='".mysql_real_escape_string($_POST['descriere'])."' WHERE id_disc='".$_GET['iddisc']."'") or die(mysql_error());

   //Notificari
   if($_SESSION['loggedin']['type']=='user'){
      $insid = $user['id_user'];
      $type1 = 'user';
      $type2 = 'client';
   }else{
      $insid = $cons['id_counselor'];
      $type1 = 'consilier';
      $type2 = 'counselor';
   }



   $insnotifs = mysql_query("INSERT INTO mc_notifs (type,id_user,message) VALUES ('".$_SESSION['loggedin']['type']."','".$insid."','".mysql_real_escape_string($message)."')") or die(mysql_error());
   //End Notificari

   //Send notification mail
   $query_tpl_mail = "SELECT * FROM mails WHERE id_mails='6'";
   $tpl_mail = mysql_query($query_tpl_mail, $conn) or die(mysql_error());
   $row_tpl_mail = mysql_fetch_assoc($tpl_mail);

   $subject = $row_tpl_mail['title_mail'.$lng_s_tb];
   $message = $row_tpl_mail['description'.$lng_s_tb];
   avertizare_mail($cons["email"],$subject,$lang['mc']['notif1']);
   avertizare_mail($user["email"],$subject,$lang['mc']['notif11']);
   header("Location: ".$url_base."$tip_user-account/mail-counseling/ok/");
   exit;
    }else{
       ?><script>alert('Empty text field is not allowed.')</script><?php
    }
}
相关问题
最新问题