Javascript 检查表单上用户的纬度和经度
我是PHP的初学者。 我在表单中遇到问题,我必须验证用户是否向我发送巴黎地址Javascript 检查表单上用户的纬度和经度,javascript,php,Javascript,Php,我是PHP的初学者。 我在表单中遇到问题,我必须验证用户是否向我发送巴黎地址 <?php $msg=""; $db = mysqli_connect("localhost", "root", "", "dbname"); if (isset($_FILES["image"]) AND !empty($_FILES['image']['name'])) { $tailleMax = 3097152; $extensionsVal
<?php
$msg="";
$db = mysqli_connect("localhost", "root", "", "dbname");
if (isset($_FILES["image"]) AND !empty($_FILES['image']['name']))
{
$tailleMax = 3097152;
$extensionsValides = array('jpg', 'jpeg', 'png');
if($_FILES['image']['size'] <= $tailleMax)
{
$extensionUpload = strtolower(substr(strrchr($_FILES['image']['name'], '.'), 1));
if(in_array($extensionUpload, $extensionsValides))
{
$newName = uniqid(mt_rand(1, 5));
$imageName = $newName.".".$extensionUpload;
$chemin = "images/".$imageName;
$resultat = move_uploaded_file($_FILES['image']['tmp_name'],$chemin);
}else{
$msg = "Le format doit être jpg, jpeg ou png";
}
}else{
$msg = "Photo trop grande";
}
}
if (isset($_POST['upload'])) {
$image = $_FILES["image"]["name"];
$about = $_POST["about"];
$name = $_POST["name"];
$adress = $_POST["adress"];
$category = $_POST["category"];
$latitude = $_POST["lat"];
$longitude = $_POST["lng"];
if($longitude > 48.7 and $longitude < 49 and $latitude > 2.2 and $latitude < 2.5){
$sql = "INSERT INTO paristable
(picture, name, about, adress, category, latitude, longitude)
VALUES ('$imageName', '$name', '$about', '$adress', '$category', '$latitude', '$longitude')";
mysqli_query($db, $sql);
$msg = "Envoi réussi";
}else{
$smg= "Veuillez rentrer une adresse parisienne";
}
}else{
$msg= "L'envoi a échoué";
}
?>
因为当用户发布地址时,我有一个脚本
将纬度和经度转换为隐藏输入。所以我试着检查一下
他是在巴黎还是不在巴黎。因为如果地址不是
在巴黎,我不想发送数据
现在您有了用户的Latlongs,您现在可以使用google的API获取坐标所在城市的名称,如果该城市是巴黎,您可以发布或显示错误,还可以使用准备好的语句来防止sql注入:
<?php
$msg = "";
$db = mysqli_connect("localhost", "root", "", "dbname");
if (isset($_FILES["image"]) AND !empty($_FILES['image']['name'])) {
$tailleMax = 3097152;
$extensionsValides = array(
'jpg',
'jpeg',
'png'
);
if ($_FILES['image']['size'] <= $tailleMax) {
$extensionUpload = strtolower(substr(strrchr($_FILES['image']['name'], '.'), 1));
if (in_array($extensionUpload, $extensionsValides)) {
$newName = uniqid(mt_rand(1, 5));
$imageName = $newName . "." . $extensionUpload;
$chemin = "images/" . $imageName;
$resultat = move_uploaded_file($_FILES['image']['tmp_name'], $chemin);
} else {
$msg = "Le format doit être jpg, jpeg ou png";
}
} else {
$msg = "Photo trop grande";
}
}
if (isset($_POST['upload'])) {
$image = $_FILES["image"]["name"];
$about = $_POST["about"];
$name = $_POST["name"];
$adress = $_POST["adress"];
$category = $_POST["category"];
$latitude = $_POST["lat"];
$longitude = $_POST["lng"];
//get geographical info of the latlongs
$geocode = file_get_contents('http://maps.googleapis.com/maps/api/geocode/json?latlng=' . $latitude . ',' . $longitude . '&sensor=false');
$output = json_decode($geocode);
for ($j = 0; $j < count($output->results[0]->address_components); $j++) {
$city = array(
$output->results[0]->address_components[$j]->types[0]
);
//get the city name
if (in_array("locality", $city)) {
$cityName = $output->results[0]->address_components[$j]->long_name;
}
}
if ($cityName == "Paris") {
$sql = "INSERT INTO paristable (picture, name, about, adress, category, latitude, longitude) VALUES(?,?,?,?,?,?,?)";
$stmt = mysqli_prepare($db, $sql);
mysqli_stmt_bind_param($stmt, 'sssssss', $imageName, $name, $about, $adress, $category, $latitude, $longitude);
if (mysqli_stmt_execute($stmt)) {
$msg = "Envoi réussi";
} else {
$msg = mysqli_stmt_error($stmt);
}
} else {
$msg = "L'envoi a échoué";
}
} else {
$msg = "L'envoi a échoué";
}
?>
尝试使用&&而不是,并且在您的脚本面临风险的情况下,请查看您的脚本在使用时发生了什么,这样您就可以要求用户输入他们的Latlong,然后您就可以信任他们输入的内容了?@trommelaap和
=&
为什么不使用他们的IP地址?而不是他们输入他们的地址?然后使用Ip地址找到他们的城市?确切地说,它不适用于巴塞罗那的地址,而适用于巴黎的地址。谢谢你,马西维耶
<script>
function showAlert(){
var getLocation = function (address) {
var geocoder = new google.maps.Geocoder();
geocoder.geocode({
'address': address
}, function (results, status) {
if (status == google.maps.GeocoderStatus.OK) {
var latitude = results[0].geometry.location.lat();
var longitude = results[0].geometry.location.lng();
console.log(latitude, longitude);
document.getElementById('lat').value = latitude;
console.log(latitude);
document.getElementById('lng').value = longitude;
console.log(longitude);
}
});
};
document.getElementById('location').value = getLocation(document.getElementById('adress').value);
console.log(document.getElementById('location').value);
document.getElementById('lat').value = latitude;
document.getElementById('lng').value = longitude;
console.log(document.getElementById('lat').value);
}
</script>
<?php
$msg = "";
$db = mysqli_connect("localhost", "root", "", "dbname");
if (isset($_FILES["image"]) AND !empty($_FILES['image']['name'])) {
$tailleMax = 3097152;
$extensionsValides = array(
'jpg',
'jpeg',
'png'
);
if ($_FILES['image']['size'] <= $tailleMax) {
$extensionUpload = strtolower(substr(strrchr($_FILES['image']['name'], '.'), 1));
if (in_array($extensionUpload, $extensionsValides)) {
$newName = uniqid(mt_rand(1, 5));
$imageName = $newName . "." . $extensionUpload;
$chemin = "images/" . $imageName;
$resultat = move_uploaded_file($_FILES['image']['tmp_name'], $chemin);
} else {
$msg = "Le format doit être jpg, jpeg ou png";
}
} else {
$msg = "Photo trop grande";
}
}
if (isset($_POST['upload'])) {
$image = $_FILES["image"]["name"];
$about = $_POST["about"];
$name = $_POST["name"];
$adress = $_POST["adress"];
$category = $_POST["category"];
$latitude = $_POST["lat"];
$longitude = $_POST["lng"];
//get geographical info of the latlongs
$geocode = file_get_contents('http://maps.googleapis.com/maps/api/geocode/json?latlng=' . $latitude . ',' . $longitude . '&sensor=false');
$output = json_decode($geocode);
for ($j = 0; $j < count($output->results[0]->address_components); $j++) {
$city = array(
$output->results[0]->address_components[$j]->types[0]
);
//get the city name
if (in_array("locality", $city)) {
$cityName = $output->results[0]->address_components[$j]->long_name;
}
}
if ($cityName == "Paris") {
$sql = "INSERT INTO paristable (picture, name, about, adress, category, latitude, longitude) VALUES(?,?,?,?,?,?,?)";
$stmt = mysqli_prepare($db, $sql);
mysqli_stmt_bind_param($stmt, 'sssssss', $imageName, $name, $about, $adress, $category, $latitude, $longitude);
if (mysqli_stmt_execute($stmt)) {
$msg = "Envoi réussi";
} else {
$msg = mysqli_stmt_error($stmt);
}
} else {
$msg = "L'envoi a échoué";
}
} else {
$msg = "L'envoi a échoué";
}
?>