我有一个表单,我正在尝试添加一些基本的安全性和验证:
我尝试创建$error变量,以便在字段留空时显示错误消息。
目前,如果我将名称字段和单选按钮留空,我只会看到与空单选按钮有关的错误消息,而不是空名称字段。
我试图让这个表单尽可能简单,但只是想添加一些基本的安全性和验证。
有人可以帮忙吗?
她是我的HTML表单:
<?php
if(@$_REQUEST['submit'] == '1') {
include('assets/forms/rsvp.php');
}
?>
<form action="?" method="post">
<?php if(@$errors) :?>
<p class="errors"><?php echo $errors; ?></p>
<?php endif; ?>
<input type="hidden" name="submit" value="1" />
<div class="form-row">
<div class="field-l">
<p>Name</p>
</div>
<div class="field-r">
<p>Attending?</p>
</div>
</div>
<div class="form-row guest">
<div class="field-l">
<input type="text" name="name[0]" id="name" value="" tabindex="1" />
</div>
<div class="field-r">
<input type="radio" name="coming[0]" id="coming-yes" class="coming-yes" value="Yes"><label for="coming-yes">Yes</label><input type="radio" name="coming[0]" id="coming-no" class="coming-no" value="No"><label for="coming-no">No</label>
</div>
</div>
<a class="addguest" href="#">Add further guest</a>
<div class="form-row">
<button type="submit" id="rsvp-submit" tabindex="2">Submit RSVP</button>
</div>
</form>
这是我的表单流程代码:
<?php
//echo "<pre>" . print_r($_POST, true) . "</pre>"; die();
if (isset($_POST['name'])) {
$name = strip_tags(trim($_POST['name']));
}
if (isset($_POST['coming'])) {
$coming = strip_tags(trim($_POST['coming']));
}
$errors = "";
if(!@$_POST['name']) { $errors .= "Please enter your name.<br/>\n"; }
if(!@$_POST['coming']) { $errors .= "Please enter yes or no for attending.<br/>\n"; }
if(@$_POST['emailaddress'] != '') { $spam = '1'; }
if (!$errors && @$spam != '1')
{
$to = "example@xyz.com";
$subject = "Wedding RSVP";
$headers = "From: noreply@adrianandemma.com";
$body = "The following RSVP has been sent via the website.\n\n";
for($i=0; $i < count($_POST['name']); $i++) {
$body .= "
Name ".($i+1)." : " . $_POST['name'][$i] . "\n
Coming ".($i+1)." : " . $_POST['coming'][$i] ."\n\n";
}
$body .= "\n\nDate Received: " . date("j F Y, g:i a") . "\n";
mail($to,$subject,$body,$headers);
}
?>
答案 0 :(得分:1)
使用empty()足以检查。
if(empty($_POST['field'])){
//Your code//
}
为了更安全,请使用strlen()
if(strlen($_POST['field']) == 0){
//Your code//
}
合并if(strlen($field) < 0 || empty($field)){//code}
答案 1 :(得分:1)
您的问题是您正在发送这些POST变量as an array,但将它们视为字符串。您需要单独loop through each one:
<?php
$errors = "";
foreach ($_POST["name"] as $index=>$name) {
if (empty($name)) {
$errors .= "Name missing from entry $index.<br/>\n";
}
}
foreach ($_POST["coming"] as $index=>$coming) {
if (empty($coming)) {
$errors .= "Please enter attendance for entry $index.<br/>\n";
}
}
if ($errors === "") {
$to = "example@xyz.com";
$subject = "Wedding RSVP";
$headers = "From: noreply@adrianandemma.com";
$body = "The following RSVP has been sent via the website.\n\n";
foreach($_POST["name"] as $i=>$name) {
$coming = $_POST["coming"][$i];
$num = $i + 1;
$body .= "Name $num : $name\nComing $num : $coming\n\n";
}
$body .= "\n\nDate Received: " . date("j F Y, g:i a") . "\n";
mail($to,$subject,$body,$headers);
}
答案 2 :(得分:-1)
if(strlen($ _ POST ['name'])== 0){
$ errors =“请输入您的姓名”;
}
// strlen()== 0表示名称字段为空