如何阻止mysqli_query添加缺少信息的记录?

时间:2019-05-30 21:03:47

标签: php mysql

我有一个表格,订户输入他们的电子邮件地址,然后将其发布到mysql数据库。问题是,即使您不订阅也访问该页面,即使没有必需的电子邮件地址,记录也会添加到数据库中。更糟糕的是,它似乎每三秒钟添加一次记录。我该如何阻止呢?我的代码有问题吗?

<?php

$servername = "localhost";
$username = "root";
$password = "";
// create connection
$conn = mysqli_connect($servername, $username, $password);
// check connection
if (!$conn) {
    die("connection error: " . mysqli_connect_error());
}
echo "connected";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (empty($_POST['email'])) {
        $emailErr = "Email required";
    } else {
        $email = post_input($_POST['email']);
        $email = filter_var($email, FILTER_SANITIZE_EMAIL);
        if (!isset($emailErr)) {
            if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
                $emailErr = "Invalid email address";
            }
        }
    }
}
// function to clean email
function post_input($data) {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}
// select correct database
mysqli_select_db($conn, "mailinglist");
// query to insert email
$sql = "INSERT INTO subscribers (email) VALUES ('" . $_POST['email'] ."')";
if (mysqli_query($conn, $sql)) {
    echo "Thank you for subscribing";
} else {
    echo "Error creating record: " . "<br>" . mysqli_error($conn);
}
header('location: index.php');
mysqli_close($conn);

1 个答案:

答案 0 :(得分:-1)

只需使用if语句检查是否存在可以保存的电子邮件,然后将保存到数据库的if语句如下:

<?php

$servername = "localhost";
$username = "root";
$password = "";
// create connection
$conn = mysqli_connect($servername, $username, $password);
// check connection
if (!$conn) {
    die("connection error: " . mysqli_connect_error());
}
echo "connected";

$emailErr = ''; //it is a good practice to initialize variable before its use.

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (empty($_POST['email'])) {
        $emailErr = "Email required";
    } else {
        $email = post_input($_POST['email']);
        $email = filter_var($email, FILTER_SANITIZE_EMAIL);
        if (!isset($emailErr)) {
            if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
                $emailErr = "Invalid email address";
            }
        }
    }
}
// function to clean email
function post_input($data) {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}
// select correct database
mysqli_select_db($conn, "mailinglist");

//if you have an email in $email and there is no
//error in $emailErr
if(!empty($email) && empty($emailErr)) {

    //insert it to the db.

    //THIS IS INSECURE WAY - Check links in comments!

    // query to insert email
    $sql = "INSERT INTO subscribers (email) VALUES ('" . $_POST['email'] ."')";
    if (mysqli_query($conn, $sql)) {
        echo "Thank you for subscribing";
    } else {
        echo "Error creating record: " . "<br>" . mysqli_error($conn);
    }

}

mysqli_close($conn);
header('location: index.php');
exit();
相关问题
最新问题