我希望用户填写表单中提供的每个字段,并且不需要空输入,为了防止这种情况,我插入了很多&&检查表单字段是否有用户给出的输入,但表单仍然接受空字段。请帮助。
if (isset($_POST['submit']))
{
if (isset($_POST['pin']) &&
isset($_POST['amount']) &&
isset($_POST['purpose']) &&
isset($_POST['email'])&&
isset($_POST['pwd'])&&
isset($_POST['fname']) &&
isset($_POST['mname']) &&
isset($_POST['lname']) &&
isset($_POST['address']) &&
isset($_POST['city']) &&
isset($_POST['state']) &&
isset($_POST['estatus']) &&
isset($_POST['yincome']) &&
isset($_POST['dob']))
{
$pin = get_post($conn, 'pin');
$amount = get_post($conn, 'amount');
$purpose = get_post($conn, 'purpose');
$email = get_post($conn, 'email');
$pwd = get_post($conn, 'pwd');
$fname = get_post($conn, 'fname');
$mname = get_post($conn, 'mname');
$lname = get_post($conn, 'lname');
$address = get_post($conn, 'address');
$city = get_post($conn, 'city');
$state = get_post($conn, 'state');
$estatus = get_post($conn, 'estatus');
$yincome = get_post($conn, 'yincome');
$dob = get_post($conn, 'dob');
$query = "INSERT INTO borrowers VALUES" .
"('$pin', '$amount', '$purpose', '$email', '$pwd', '$fname', '$mname', '$lname', '$address', '$city', '$state', '$estatus', '$yincome', '$dob')";
$result = $conn->query($query);
if (!$result) echo "INSERT failed: $query<br>" . $conn->error . "<br><br>";
}
}
答案 0 :(得分:3)
您应该将isset替换为empty,因为isset会检查变量是否存在,而不是已填充。请参阅以下内容:
在:
isset($_POST['pin'])
后:
!empty($_POST['pin'])
还有一件事:在sql查询中使用prepared语句。这将避免sql注入。看到这个链接: