Question

if((isset($_POST['page_id'])) && (isset($_POST['page_title'])) && (isset($_POST['page_file_name']))) {
    $_POST['page_id'];
    $page_id = $_POST['page_id'];
    $page_title = $_POST['page_title'];
    $page_file_name = $_POST['page_file_name'].".txt";

    //to check if id or page already exists in database or not
    $sql_page_check = "SELECT * FROM page";
    $sql_page_check_result = mysqli_query($conn,$sql_page_check);
    if($sql_page_check_result == true){
        if(mysqli_num_rows($sql_page_check_result)>0){
            $pages_present =  mysqli_num_rows($sql_page_check_result);

            while($page = mysqli_fetch_assoc($sql_page_check_result)){
                if(($page['page_id']==$page_id) || ($page['page_title']==$page_title) || ($page['page_file_name']==$page_file_name)){
                    echo "Page Id ($page_id) /$page_title / $page_file_name already exists in database, please check and try again";
                    break1;
                }
                elseif(($page_id=="") || ($page_title=="") || ($page_link=="")){
                    echo ("<b style='color:red;'>Please fill all fields.</b>");
                    break;
                }

                else{
                    if(!file_exists("../pages/".$page_file_name)){
                        fopen("../pages/".$page_file_name,"w");

                        $sql_add_menu = "INSERT INTO page VALUES('$page_id','$page_title','$page_file_name')";

                        $sql_add_menu_result = mysqli_query($conn,$sql_add_menu);

                        if($sql_add_menu_result == true){ 
                            echo"<b style='color:green;'>$page_title Page Added</b>";
                        }
                    }
                }
            }   
        }
    }
}
include "footer.php";

问题是必须显示的每条错误消息都在循环内并多次显示，如果我使用break，die，退出footer.php在底部没有显示，而且还有部分没有＆＃39;工作！

Answer 1

您不需要循环。只需执行一个使用WHERE子句的查询，即可查看数据库中是否已存在任何输入。并使用准备好的查询来防止SQL注入。

在进行查询之前，您还应该检查字段是否为空。

if(($page_id=="") || ($page_title=="") || ($page_link=="")){
    echo ("<b style='color:red;'>Please fill all fields.</b>");
} else {
    $sql_page_check = "SELECT 1 FROM page WHERE page_id = ? OR page_title = ? OR page_file_name = ?";
    $stmt_page_check = mysqli_prepare($conn, $sql_page_check);
    mysqli_stmt_bind_param($stmt_page_check, "iss", $page_id, $page_title, $page_file_name);
    mysqli_stmt_execute($stmt_page_check);
    if (mysql_stmt_num_rows($stmt_page_check) != 0) {
        echo "Page Id ($page_id) /$page_title / $page_file_name already exists in database, please check and try again";
    } else {
        if (!file_exists ("../pages/".$page_file_name) {
            fopen("../pages/".$page_file_name,"w");
        }
        $sql_add_menu = "INSERT INTO page VALUES(?, ?, ?)";
        $stmt_add_menu = mysqli_prepare($conn, $sql_add_menu);
        mysql_stmt_bind_param($stmt_add_menu, "iss", $page_id, $page_title, $page_file_name);
        $sql_add_menu_result = mysqli_stmt_execute($stmt_add_menu);
        if($sql_add_menu_result){ 
            echo "<b style='color:green;'>$page_title Page Added</b>";
        }
    }
}

在php中打破循环的问题

1 个答案: