Question

当我只输入一个输入并提交时，它进入数据库。当我提交空表单时，它会在数据库中创建空间。

我想1）当用户将表格留空并提交时，拒绝插入2）当用户输入1或2个输入并提交时，拒绝提交。

include 'database/dbconfig.php';
$insert =new connection($DB_con);
$full_name = "";
$email = "";
$mobile= "";
$noc ="";
$message = "";
$full_nameerror = "";
$email_error = "";
$mobile_error ="";
$noc_error ="";
$message_error="";

if(isset($_POST['submit']))
  {
  // checking null values in message
    if (empty($_POST["full_name"])){
        $full_nameerror = "Please enter your name";
      } 
   else {
       $full_name = test_input($_POST["full_name"]);
       // check name only contains letters and whitespace
       if (!preg_match("/^[a-zA-Z ]*$/",$full_name)){
            $full_nameerror = "Only letters and white space allowed"; 
         }
     }
 // checking null values in message  
   if (empty($_POST["email"])) {
       $email_error = "Please enter your email";
      } 
   else {
      $email = test_input($_POST["email"]);
      }
 // checking null values in message    
   if (empty($_POST["mobile"])) {
      $mobile_error = "Please enter your mobile number";
     }
   else { 
      $mobile = test_input($_POST["mobile"]);  
     } 
      if (empty($_POST["noc"])) {
      $noc_error = "Nature of contact is required";
     } 
   else { 
      $noc_error = test_input($_POST["noc"]);  
     } 
// checking null values in message
   if (empty($_POST["message"])) {
      $message_error = "Please enter your message";
     } 
   else { 
      $message = test_input($_POST["message"]);  
     } 
    if ($full_name|| $email || $mobile || $email || $noc || $message != "")
if ($insert->create($full_name,$email,$mobile,$noc,$message)) 
{
        echo "Record inserted";
}
else
{
    echo "error in executing query";
}




}
  else
 {
     echo "Empty input submit2"; // empty $_POST["submit2"]
 }


function test_input($data) {
   $data = trim($data);
   $data = stripslashes($data);
   $data = htmlspecialchars($data);
   return $data;
}
?>

            <form class="form-horizontal" method="post" id="contact-form">
            <fieldset>

            <!-- Form Name -->
            <legend class="text-center" ><h2>Contact form</h2></legend>

             <div id="error">
                <!-- error will be shown here ! -->
                </div>

            <!-- Text input-->
            <div class="form-group">
              <label class="col-md-4 control-label" for="full_name">Full Name</label>  
              <div class="col-md-5">
              <input id="full_name" name="full_name" placeholder="Enter your full name" class="form-control input-md" type="text">
              <span class="help-block" style="color:red;"><?php echo $full_nameerror;?></span>  
              </div>
            </div>

            <!-- Text input-->
            <div class="form-group">
              <label class="col-md-4 control-label" for="email">Email</label>  
              <div class="col-md-5">
              <input id="email" name="email" placeholder="Enter your email" class="form-control input-md"  type="text">
              <span class="help-block" style="color:red;"><?php echo $email_error;?></span>  
              </div>
            </div>

            <!-- Text input-->
            <div class="form-group">
              <label class="col-md-4 control-label" for="mobile">Mobile(Optional)</label>  
              <div class="col-md-5">
              <input id="mobile" name="mobile" placeholder="Enter your mobile number" class="form-control input-md"  type="text">
              <span class="help-block" style="color:red;"><?php echo $mobile_error;?></span>  
              </div>
            </div>

            <!-- Select Basic -->
            <div class="form-group">
              <label class="col-md-4 control-label" for="noc">Nature of Contact:</label>
              <div class="col-md-5">
                <select id="noc" name="noc" class="form-control">
                  <option value="">Select a Nature of Contact</option>
                  <option value="Request_for_a_service">Request for a service</option>
                  <option value="Report_an_issue">Report an issue</option>
                  <option value="Enquire_about_us">Enquire about us</option>
                  <option value="Work_with_us">Work with us</option>
                  <option value="Commend_us">Commend us</option>
                  <option value="Other_issue">Other issue</option>
                </select>
              </div>
            </div>

            <!-- Textarea -->
            <div class="form-group">
              <label class="col-md-4 control-label" for="message">Message</label>
              <div class="col-md-4">                     
                <textarea class="form-control" id="message" name="message"></textarea>
              </div>  <span class="help-block" style="color:red;"><?php echo $message_error;?></span>  
            </div>

            <!-- Button -->
            <div class="form-group">
              <label class="col-md-4 control-label" for="submit"></label>
              <div class="col-md-4">
                <button id="submit" name="submit" class="btn btn-success">Contact us</button>

这是我的班级

<?php
class connection
{
 private $db;
 public $DB_con;

 function __construct($DB_con)
 {
  $this->db = $DB_con;
 }

 public function create($full_name,$email,$mobile,$noc,$message)
 {

  try
  {
   $stmt = $this->db->prepare("INSERT INTO form(full_name,email,mobile,noc,message) VALUES(:fname, :email,:mobile,:noc,:message)");
   $stmt->bindparam(":fname",$full_name);
   $stmt->bindparam(":email",$email);
   $stmt->bindparam(":mobile",$mobile);
   $stmt->bindparam(":noc",$noc);
    $stmt->bindparam(":message",$message);
   $stmt->execute();
   return $stmt;
  }

  catch(PDOException $e)
  {
   echo $e->getMessage(); 
   return false;
  }
  }
  }

?>

Answer 1

我假设所有字段都是必需的，所以if ($full_name|| $email || $mobile || $email || $noc || $message != "")没有任何意义，因为您说这些字段中是否存在其中一个，然后将其添加到表中。
除了修剪外，在将数据提交到数据库时，请将数据保留为原始格式。除非你有magic_quotes（你不应该有），否则你不应该删除任何斜杠。正如您正确使用预准备语句一样，没有必要这样做。同样，在插入数据库之前，不应该转义任何HTML;只有在输出时才会这样做。
在使用empty()之前应该修剪，因为empty('') === true而empty(' ') === false。
您使用了太多变量。

以下是修订版：

include 'database/dbconfig.php';

$conn = new connection($DB_con);

$full_name = "";
$email = "";
$mobile= "";
$noc ="";
$message = "";

// associative array to hold all your error messages; 
// the keys are the names of the inputs and the values are the associated messages
$errors = array();

// trim POSTed values
$_POST = array_map('trim', $_POST);

// check if form was submitted
if (isset($_POST['submit'])) {
    // validate fields
    if (empty($_POST["full_name"])) {
        $errors['full_name'] = "Please enter your name";
    } elseif (!preg_match("/^[a-zA-Z ]*$/", $_POST["full_name"])) {
        $errors['full_name'] = "Only letters and white space allowed"; 
    } else {
        $full_name = $_POST["full_name"];
    }
    if (empty($_POST["email"])) {
        $errors['email'] = "Please enter your email";
    }  else {
        $email = $_POST["email"];
    }  
    if (empty($_POST["mobile"])) {
        $errors['mobile'] = "Please enter your mobile number";
    } else {
        $mobile = $_POST["mobile"];
    }
    if (empty($_POST["noc"])) {
        $errors['noc'] = "Nature of contact is required";
    } else {
        $noc = $_POST["noc"];
    }
    if (empty($_POST["message"])) {
        $errors['message'] = "Please enter your message";
    } else {
        $message = $_POST["message"];
    }
    // check if there are any errors
    if ($errors) {
        echo "error in form";
    // otherwise try adding a record
    } elseif ($conn->create($full_name, $email, $mobile, $noc, $message)) {
        echo "record inserted";
    } else {
        echo "error in inserting data";
    }
}

要显示任何错误，您可以执行类似

<?php if (isset($errors['full_name'])) : ?>
    <span class="help-block" style="color:red;"><?= $errors['full_name'] ?></span>
<?php endif ?>

验证拒绝空或最小条目

1 个答案: