验证表格使用PHP代码

Question

您好我正在尝试构建一个表单并将数据插入我的数据库它正在运行完美现在我想使用php进行验证以防止跨度输入我是初学者在php所以p;轻松我需要帮助这个

                                                                                                                                                                                                                                                                                                                                                                                                                                                                          和PHP代码

      <?php
     $nameErr = $emailErr = $genderErr = $websiteErr = "";
      $con = mysqli_connect('localhost','root','');

        if(!$con)
         {echo'not connect';}

       if(!mysqli_select_db($con,'form'))
        {echo'not selected';}
         $name=$_POST['name'];
         $phone=$_POST['phone'];
         $nationality=$_POST['nationality'];
         $country=$_POST['country'];
         $sql = "INSERT INTO newform(Name,Number,Nationality,Country)                   VALUES('$name','$phone','$nationality','$country')";
          if(!mysqli_query($con,$sql))
         {echo'not insert';}
        else
        {
            echo'insertes';
         }
        header("refresh:2;url=form.php");
          ?>

Answer 1

<!DOCTYPE HTML>  
<html>
<head>
</head>
<body> 
<?php
$error = false;
$nameErr = $phoneErr = $nationalErr = $countErr = "";
$con = mysqli_connect('localhost','root','');
if(!$con)
{
    echo 'not connect';
}
if(!mysqli_select_db($con,'form'))
{
    echo' DB not selected';
}
if(isset($_POST['submit'])){    
    $name=$_POST['name'];
    $phone=$_POST['phone'];
    $nationality=$_POST['nationality'];
    $country=$_POST['country'];
    if($name ==""){
        $error = true;
        $nameErr = "Name field is empty";
    }
    if($phone ==""){
        $error = true;
        $phoneErr = "phone field is empty";
    }
    if($nationality ==""){
        $error = true;
        $nationalErr = "nationality field is empty";
    }
    if($country ==""){
        $error = true;
        $countErr = "country field is empty";
    }
    if($error == false){
        $sql = "INSERT INTO newform(Name,Number,Nationality,Country) VALUES($name,$phone,$nationality,$country')";
        if(!mysqli_query($con,$sql))
        {
            echo 'Values not insert';
        }else
        {
            header("refresh:2;url=form.php");
        }
    }
}
?>
<form method="post">
First name:<br>
<input type="text" name="name">
<p  style="color:red"><?php echo $nameErr ?></p>
<br>
phone:<br>
<input type="text" name="phone">
<p  style="color:red"><?php echo $phoneErr ?></p>
<br><br>
Nationality:<br>
<input type="text" name="nationality">
<p  style="color:red"><?php echo $nationalErr ?></p>
<br><br>
Country:<br>
<input type="text" name="country">
<p style="color:red"><?php echo $countErr ?></p>
<br><br>
<input type="submit" value="Submit" name="submit">
</form> 
</body>