使用相同的php页面验证用户输入

时间:2017-04-13 05:27:20

标签: php sql

我还是PHP新手,现在我正在尝试将数据发送到SQL数据库。让我们说形式为cust_form.php。从那里提交的所有数据我都将其发送到cust_details.php。我现在的问题是 -

1)如何在数据发送到数据库之前对其进行验证。

2)如何在cust_form.php中显示错误,并且不会将错误数据发送/保存到数据库。

Example of inserting input

Error occured in email field although correct email been given

我已经谷歌解决了这类问题,但所有这些问题只是将数据发送到PHP_SELF,而我将其发送到其他文件。这有点令人沮丧。

cust_form.php(基本上是文字):

<form action = "cust_detail.php" method = "post">
    <table border="1">
        <tr>
            <td colspan = "2">
                <font size = "5">
                    Customer Details :
                </font>

                <br>

                <b>
                    #All fields are compulsory.
                </b>
        </tr>

        <tr>
            <td>
                New Customer Email :

            <td>
                <input name = "email"
                       size = "30"
                       type = "text">
        </tr>

        <tr>
            <td>
                Mobile Phone :

            <td>
                <input name = "tel"
                       type = "text">
        </tr>

        <tr>
            <td>
                First Name :
            <td>
                <input name = "fname"
                       type = "text">
        </tr>

        <tr>
            <td>
                Last Name :

            <td>
                <input name = "lname"
                       type = "text">
        </tr>

        <tr>
            <td>
                Identification / Passport Number :

            <td>
                <input name = "ic"
                       type = "text">
        </tr>

        <tr>
            <td>
                Address :

            <td>
                <textarea name = "address"
                          cols = "25"
                          rows = "2">
                </textarea>
        </tr>

        <tr>
            <td>
                City :

            <td>
                <input name = "city"
                       type = "text">
        </tr>

        <tr>
            <td>
                State :

            <td>
                <input name = "state"
                       type = "text">
        </tr>

        <tr>
            <td>Country:

            <td>
                <select name = "country">
                    <option name  = "default"
                            value = "default">
                        ----Please choose your
                    </option>
                </select>
        </tr>

        <tr>
            <td>
                Postal Code :

            <td>
                <input name = "code"
                       type = "text">
                    enter code here
        </tr>

        <tr>
            <td colspan = "2">
                <b>
                    <font size = "3">
                        <u>
                            INFO :
                        </u>
                    </font>

                    <br>

                    * Identification/passport number needed for verification during redemption on booth.

                    <br>

                    * For phone number, fill including International code (e.g. +601234567890)
                </b>
        </tr>

        <tr>
            <td align   = "right"
                colspan = "2">
                <button name = "submit"
                        type = "submit">
                    Submit
                </button>
        </tr>
    </table>
</form>

对于cust_details.php ...

<?php
    include( 'global.php' );

    session_start();

    $fname   = '';
    $lname   = '';
    $email   = '';
    $address = '';
    $code    = '';
    $state   = '';
    $country = '';
    $tel     = '';
    $ic      = '';

    $fname_error = '';
    $lname_error = '';
    $tel_error   = '';
    $email_error = '';

     if( isset( $_POST[ 'submit' ] ) )
    {
        //validate first name
        if ( empty( $_POST[ 'fname' ] ) )
        {
            $fname_error = "First name is required";
            $_SESSION[ 'errormsg' ] = $fname_error;
        }
        else
        {
            if ( !preg_match( "/^[a-zA-Z]*$/",
                              $fname ) )
            {
                $fname_error = "Only letters and white space allowed.";
                $_SESSION[ 'errormsg' ] = $fname_error;
            }

            $fname = input_test( $_POST[ 'fname' ] );
        }

        //validate last name
        if ( empty( $_POST[ 'lname' ] ) )
        {
            $lname_error = "Last name is required";
            $_SESSION[ 'errormsg' ] = $lname_error;
        }
        else
        {
            if ( !preg_match( "/^[a-zA-Z]*$/",
                              $lname ) )
            {
                $lname_error = "Only letters and white space allowed.";
                $_SESSION[ 'errormsg' ] = $lname_error;
            }

            $lname = input_test( $_POST[ 'lname' ] );
        }

        //validate email
        if ( empty( $_POST[ 'email' ] ) )
        {
            $email_error = "Email is required";
            $_SESSION[ 'errormsg' ] = $email_error;
        }
        else
        {
            if ( !filter_var( $email,
                              FILTER_VALIDATE_EMAIL ) )
            {
                $email_error = "Invalid email";
                $_SESSION[ 'errormsg' ] = $email_error;
            }
            else
                $email = input_test( $_POST[ 'email' ] );
        }

        //validate phone no
        if ( empty( $_POST[ 'tel' ] ) )
        {
            $tel_error = "Phone number is required";
            $_SESSION[ 'errormsg' ] = $tel_error;
        }
        else
        {
            if ( preg_match( "/^[0-9-]+$/",
                             $tel ) )
            {
                $tel_error = "Invalid phone number";
                $_SESSION[ 'errormsg' ] = $tel_error;
            }

            $tel = input_test( $_POST[ 'tel' ] );
        }

        $address = input_test( $_POST[ 'address' ] );
        $country = input_test( $_POST[ 'country' ] );
        $code = input_test( $_POST[ 'code' ] );
        $state = input_test( $_POST[ 'state' ] );
        $ic = input_test( $_POST[ 'ic' ] );    

        if ( isset( $_SESSION[ 'errormsg' ] ) )
        {
            echo '############################################################\n\n';
            echo '<br><br><br>\n\n';
            echo $error = ( $_SESSION[ 'errormsg' ] ) .
                              '\n\n';

            unset ( $_SESSION[ 'errormsg' ] );

            echo '<br><br>\n\n';
            echo '############################################################\n";
        }
    }

    function input_test( $datatest )
    {
        $datatest = trim( $datatest );
        $datatest = stripslashes( $datatest );
        $datatest = htmlspecialchars( $datatest );

        return $datatest;
    }

    //send data
    $send_db = "INSERT INTO customer_details ( first_name,
                                               last_name,
                                               email,
                                               address,
                                               post_code,
                                               state,
                                               country,
                                               no_phone,
                                               ic )
                VALUES ( '$fname',
                         '$lname',
                         '$email',
                         '$address',
                         '$code',
                         '$state',
                         '$country',
                         '$tel',
                         '$ic' )";

    if ( $con -> query( $send_db ) === TRUE )
        echo "<br><br>Records inserted successfully\n";
    else
        echo "Error : " .
                 $con -> error;

    $con -> close();
?>

3 个答案:

答案 0 :(得分:1)

1)如何在数据发送到数据库之前对其进行验证?

PHP是一种服务器端脚本语言,因此如果要在客户端验证数据,则必须使用javascript。 jQuery可以让你的生活更轻松。

2)如何显示错误。在cust_details.php或cust_form.php?

我可以看到你在cust_details.php文件中实现了它。它不起作用吗?

答案 1 :(得分:1)

html5可以检查并验证并告诉用户输入有什么问题,而不需要很多PHP函数,首先如果该字段不能为空,那么只需在输入中使用所需的属性。

输入类型的电子邮件会检查它是否为电子邮件

<input type="email" name="email" required>

输入类型tel检查它是否是有效的电话号码

<input type="tel" name="tel" required>

对于仅检查abc的名称,您可以使用模式属性

<input type="text" name="fname" pattern="[a-zA-Z]+" required>

如果您在php中执行所有检查,那么页面必须在用户知道输入错误之前重新加载,但如果您在html中执行此操作,页面将不会重新加载,这会使您的网站更快

答案 2 :(得分:0)

由于您使用$_SESSION['errormsg']变量来记录错误消息,您只需检查它是否为空并继续插入数据,否则,显示错误消息。

虽然您使用的是$_SESSION['errormsg'],但我建议您使用像$_errors = array();这样的普通数组。将其设置为空数组,然后继续向其附加错误值,例如通过调用函数addError()并向其传递错误字符串。

public function addError($error)
    {
        $this->_errors[] = $error;
    }

如果它为空,则继续使用数据库,否则,您只需遍历整个数组错误并将其列出给用户。例如,

if (empty($_errors)) {
     // array is empty, insert to database
}else{
     //array has error messages, display them
   }

如果有问题或者您发现问题,请告诉我。