Fatal编程技术网
  • javascript/
  • Javascript 检查表单上用户的纬度和经度

Javascript 检查表单上用户的纬度和经度

javascript php

Javascript 检查表单上用户的纬度和经度,javascript,php,Javascript,Php,我是PHP的初学者。 我在表单中遇到问题,我必须验证用户是否向我发送巴黎地址 <?php $msg=""; $db = mysqli_connect("localhost", "root", "", "dbname"); if (isset($_FILES["image"]) AND !empty($_FILES['image']['name'])) { $tailleMax = 3097152; $extensionsVal

我是PHP的初学者。 我在表单中遇到问题,我必须验证用户是否向我发送巴黎地址

<?php
    $msg="";
    $db = mysqli_connect("localhost", "root", "", "dbname");
    if (isset($_FILES["image"]) AND !empty($_FILES['image']['name']))
    {
        $tailleMax = 3097152;
        $extensionsValides = array('jpg', 'jpeg', 'png');
        if($_FILES['image']['size'] <= $tailleMax)
        {
            $extensionUpload = strtolower(substr(strrchr($_FILES['image']['name'], '.'), 1));
            if(in_array($extensionUpload, $extensionsValides))
            {
                $newName =  uniqid(mt_rand(1, 5));
                $imageName = $newName.".".$extensionUpload;
                $chemin = "images/".$imageName;
                $resultat = move_uploaded_file($_FILES['image']['tmp_name'],$chemin);
            }else{
                $msg = "Le format doit être jpg, jpeg ou png";
            }
        }else{
            $msg = "Photo trop grande";
        }
    }
    if (isset($_POST['upload'])) {
        $image = $_FILES["image"]["name"];
        $about = $_POST["about"];
        $name = $_POST["name"];
        $adress = $_POST["adress"];
        $category = $_POST["category"];
        $latitude = $_POST["lat"];
        $longitude = $_POST["lng"];
        if($longitude > 48.7 and $longitude < 49 and $latitude > 2.2 and $latitude < 2.5){
            $sql = "INSERT INTO paristable 
                                (picture, name, about, adress, category, latitude, longitude) 
                        VALUES ('$imageName', '$name', '$about', '$adress', '$category', '$latitude', '$longitude')";
            mysqli_query($db, $sql);
            $msg = "Envoi réussi";
        }else{
            $smg= "Veuillez rentrer une adresse parisienne";
        }
    }else{
        $msg= "L'envoi a échoué";
    }
?>


因为当用户发布地址时,我有一个脚本
将纬度和经度转换为隐藏输入。所以我试着检查一下
他是在巴黎还是不在巴黎。因为如果地址不是
在巴黎,我不想发送数据

现在您有了用户的Latlongs,您现在可以使用google的API获取坐标所在城市的名称,如果该城市是巴黎,您可以发布或显示错误,还可以使用准备好的语句来防止sql注入:


<?php
$msg = "";
$db  = mysqli_connect("localhost", "root", "", "dbname");
if (isset($_FILES["image"]) AND !empty($_FILES['image']['name'])) {
    $tailleMax         = 3097152;
    $extensionsValides = array(
        'jpg',
        'jpeg',
        'png'
    );
    if ($_FILES['image']['size'] <= $tailleMax) {
        $extensionUpload = strtolower(substr(strrchr($_FILES['image']['name'], '.'), 1));
        if (in_array($extensionUpload, $extensionsValides)) {
            $newName   = uniqid(mt_rand(1, 5));
            $imageName = $newName . "." . $extensionUpload;
            $chemin    = "images/" . $imageName;
            $resultat  = move_uploaded_file($_FILES['image']['tmp_name'], $chemin);
        } else {
            $msg = "Le format doit être jpg, jpeg ou png";
        }
    } else {
        $msg = "Photo trop grande";
    }
}
if (isset($_POST['upload'])) {
    $image     = $_FILES["image"]["name"];
    $about     = $_POST["about"];
    $name      = $_POST["name"];
    $adress    = $_POST["adress"];
    $category  = $_POST["category"];
    $latitude  = $_POST["lat"];
    $longitude = $_POST["lng"];

    //get geographical info of the latlongs
    $geocode = file_get_contents('http://maps.googleapis.com/maps/api/geocode/json?latlng=' . $latitude . ',' . $longitude . '&sensor=false');
    $output  = json_decode($geocode);
    for ($j = 0; $j < count($output->results[0]->address_components); $j++) {

        $city = array(
            $output->results[0]->address_components[$j]->types[0]
        );
        //get the city name
        if (in_array("locality", $city)) {
            $cityName = $output->results[0]->address_components[$j]->long_name;
        }
    }

    if ($cityName == "Paris") {
        $sql  = "INSERT INTO paristable (picture, name, about, adress, category, latitude, longitude) VALUES(?,?,?,?,?,?,?)";
        $stmt = mysqli_prepare($db, $sql);
        mysqli_stmt_bind_param($stmt, 'sssssss', $imageName, $name, $about, $adress, $category, $latitude, $longitude);

        if (mysqli_stmt_execute($stmt)) {

            $msg = "Envoi réussi";
        } else {

            $msg = mysqli_stmt_error($stmt);
        }

    } else {

        $msg = "L'envoi a échoué";
    }


} else {
    $msg = "L'envoi a échoué";
}
?>



尝试使用&&而不是,并且在您的脚本面临风险的情况下,请查看您的脚本在使用时发生了什么,这样您就可以要求用户输入他们的Latlong,然后您就可以信任他们输入的内容了?@trommelaap
=
&
为什么不使用他们的IP地址?而不是他们输入他们的地址?然后使用Ip地址找到他们的城市?确切地说,它不适用于巴塞罗那的地址,而适用于巴黎的地址。谢谢你,马西维耶

<script>
function showAlert(){
 var getLocation = function (address) {
    var geocoder = new google.maps.Geocoder();
    geocoder.geocode({
        'address': address
    }, function (results, status) {

        if (status == google.maps.GeocoderStatus.OK) {
            var latitude = results[0].geometry.location.lat();
            var longitude = results[0].geometry.location.lng();
            console.log(latitude, longitude);
    document.getElementById('lat').value = latitude;
            console.log(latitude);
    document.getElementById('lng').value = longitude;
            console.log(longitude);
        }
    });
};
document.getElementById('location').value = getLocation(document.getElementById('adress').value);
console.log(document.getElementById('location').value);
    document.getElementById('lat').value = latitude;
    document.getElementById('lng').value = longitude;
    console.log(document.getElementById('lat').value);
}
</script>



<?php
$msg = "";
$db  = mysqli_connect("localhost", "root", "", "dbname");
if (isset($_FILES["image"]) AND !empty($_FILES['image']['name'])) {
    $tailleMax         = 3097152;
    $extensionsValides = array(
        'jpg',
        'jpeg',
        'png'
    );
    if ($_FILES['image']['size'] <= $tailleMax) {
        $extensionUpload = strtolower(substr(strrchr($_FILES['image']['name'], '.'), 1));
        if (in_array($extensionUpload, $extensionsValides)) {
            $newName   = uniqid(mt_rand(1, 5));
            $imageName = $newName . "." . $extensionUpload;
            $chemin    = "images/" . $imageName;
            $resultat  = move_uploaded_file($_FILES['image']['tmp_name'], $chemin);
        } else {
            $msg = "Le format doit être jpg, jpeg ou png";
        }
    } else {
        $msg = "Photo trop grande";
    }
}
if (isset($_POST['upload'])) {
    $image     = $_FILES["image"]["name"];
    $about     = $_POST["about"];
    $name      = $_POST["name"];
    $adress    = $_POST["adress"];
    $category  = $_POST["category"];
    $latitude  = $_POST["lat"];
    $longitude = $_POST["lng"];

    //get geographical info of the latlongs
    $geocode = file_get_contents('http://maps.googleapis.com/maps/api/geocode/json?latlng=' . $latitude . ',' . $longitude . '&sensor=false');
    $output  = json_decode($geocode);
    for ($j = 0; $j < count($output->results[0]->address_components); $j++) {

        $city = array(
            $output->results[0]->address_components[$j]->types[0]
        );
        //get the city name
        if (in_array("locality", $city)) {
            $cityName = $output->results[0]->address_components[$j]->long_name;
        }
    }

    if ($cityName == "Paris") {
        $sql  = "INSERT INTO paristable (picture, name, about, adress, category, latitude, longitude) VALUES(?,?,?,?,?,?,?)";
        $stmt = mysqli_prepare($db, $sql);
        mysqli_stmt_bind_param($stmt, 'sssssss', $imageName, $name, $about, $adress, $category, $latitude, $longitude);

        if (mysqli_stmt_execute($stmt)) {

            $msg = "Envoi réussi";
        } else {

            $msg = mysqli_stmt_error($stmt);
        }

    } else {

        $msg = "L'envoi a échoué";
    }


} else {
    $msg = "L'envoi a échoué";
}
?>