如何使用此代码进行PHP表单验证?谢谢
<?php
$hostname = ""; // usually is localhost, but if not sure, check with your hosting company, if you are with webune leave as localhost
$db_user = ""; // change to your database password
$db_password = ""; // change to your database password
$database = ""; // provide your database name
$db_table = ""; // leave this as is
# STOP HERE
####################################################################
# THIS CODE IS USED TO CONNECT TO THE MYSQL DATABASE
$db = mysql_connect($hostname, $db_user, $db_password);
mysql_select_db($database,$db);
?>
<html>
<head>
<title>Add your url to our database</title>
</head>
<body>
<?php
if (isset($_REQUEST['Submit'])) {
# THIS CODE TELL MYSQL TO INSERT THE DATA FROM THE FORM INTO YOUR MYSQL TABLE
$sql = "INSERT INTO $db_table(title,description,url,keywords) values ('".mysql_real_escape_string(stripslashes($_REQUEST['title']))."','".mysql_real_escape_string(stripslashes($_REQUEST['description']))."','".mysql_real_escape_string(stripslashes($_REQUEST['url']))."','".mysql_real_escape_string(stripslashes($_REQUEST['keywords']))."')";
if($result = mysql_query($sql ,$db)) {
echo '<h1>Thank you</h1>Your information has been entered into our database<br><br>';
} else {
echo "ERROR: ".mysql_error();
}
} else {
?>
<h1><center><center></h1>
<hr>
<center>
<form method="post" action="">
          title:<br>
         <input type="text" name="title">
<br>
          description: <br>
         <input type="text" name="description">
<br>
          Url: <br>
<font color="#0000FF">http://</font><input type="text" name="url">
<br>         <input type="submit" name="Submit" value="Submit">
</form></br>
<?php
}
?> <center>
</body>
</html>
答案 0 :(得分:0)
查看filter_var()和filter_input()函数以过滤输入。我还鼓励您使用PDO预处理语句来防止SQL注入。对于表单验证,您需要将输入值与您愿意接受的值进行比较。此外,根据输入是否有效(将其添加到sql)与无效(显示错误),您还需要至少一个条件语句来确定要执行的操作。