使用php验证html表单
我有一个表单,在将表单值插入数据库之前需要使用php进行验证 如果字段是空的,它工作得很好,但是当我包含一个代码以确保名字和姓氏字段中只允许字母和空格时,它破坏了验证过程,即当我在字段中键入任何字母组合时,它会显示一条错误消息,说“只需要字母和空格” 其次,当所有字段都为空时,表单将显示相应的错误消息,并且不会将表单提交到数据库。但是,当我在textarea字段中键入消息而其他字段为空时,表单会将数据提交到数据库,并显示其他空字段的错误消息 如果您能帮助解决这些问题,我们将不胜感激 代码如下:使用php验证html表单,php,forms,validation,Php,Forms,Validation,我有一个表单,在将表单值插入数据库之前需要使用php进行验证 如果字段是空的,它工作得很好,但是当我包含一个代码以确保名字和姓氏字段中只允许字母和空格时,它破坏了验证过程,即当我在字段中键入任何字母组合时,它会显示一条错误消息,说“只需要字母和空格” 其次,当所有字段都为空时,表单将显示相应的错误消息,并且不会将表单提交到数据库。但是,当我在textarea字段中键入消息而其他字段为空时,表单会将数据提交到数据库,并显示其他空字段的错误消息 如果您能帮助解决这些问题,我们将不胜感激 代码如下:
<?php
$fnameErr = $lnameErr = $emailErr = $amountErr = $phoneErr = $genderErr = $messageErr = $categoryErr = $countryErr = "";
$fname = $lname = $email = $amount = $phone = $gender = $message = $category = $country = "";
$ipaddress ="";
$defaultMessage = "Please type your message here.";
$formErrors = false;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
//for first name
$name= $_POST["fname"];
if (empty($_POST["fname"])){
$fnameErr = "Please, enter your first name";
$formErrors = true;
}elseif(!preg_match("/^[a-zA-Z]*&/", $name)){
$fnameErr = "Only letters and white spaces are allowed in the first name field";
$formErrors = true;
}else{
$fname = $_POST["fname"];
$formErrors = false;
}
//Last Name match
// for last name
$name2= $_POST["lname"];
if (empty($_POST["lname"])){
$lnameErr = "Please, enter your last name";
$formErrors = true;
}elseif(!preg_match("/^[a-zA-Z]*&/", $name2)){
$lnameErr = "Only letters and white spaces are allowed in the Last name field";
$formErrors = true;
}else{
$lname = $_POST["lname"];
$formErrors = false;
}
// for email format
$emailf =($_POST["email"]);
if (empty($_POST["email"])) {
$emailErr = "Please, enter your email";
$formErrors = true;
}elseif (!filter_var($emailf, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
$formErrors = true;
}else {
$email = $_POST["email"];
$formErrors = false;
}
//for phone
if (empty($_POST["phone"])){
$phoneErr = "Please, enter your phone number";
$formErrors = true;
}else{
$phone = $_POST["phone"];
$formErrors = false;
}
// for amount
if (!isset($_POST["amount"])) {
$amountErr = "You must select an amount";
$formErrors = true;
}
else {
$amount = $_POST["amount"];
$formErrors = false;
}
// for gender
if (!isset($_POST["gender"])) {
$genderErr = "You must select your gender";
$formErrors = true;
}
else {
$gender = $_POST["gender"];
$formErrors = false;
}
// for country
if (empty($_POST["country"]) || $_POST["country"] == "Country") {
$countryErr = "Please, select your country";
$formErrors = true;
}
else {
$country = $_POST["country"];
$formErrors = false;
}
// for category
if (empty($_POST["category"]) || $_POST["category"] == "Category") {
$categoryErr = "Please, select a category";
$formErrors = true;
} else {
$category = $_POST["category"];
$formErrors = false;
}
// for message
if (empty($_POST["message"]) || $_POST["message"] == $defaultMessage){
$messageErr = "Please type your prayer request";
$formErrors = true;
}else{
$message = $_POST["message"];
$formErrors = false;
}
if (empty($formErrors) ) {
//connect to database
require_once("../../includes/connect_to_db.php");
// set time zone to uk
$timezone = date_default_timezone_set("Europe/london");
//setting values
$Timestamp = date('Y-m-d h:i:s');
$fname = $_POST["fname"];
$lname = $_POST["lname"];
$email = $_POST["email"];
$phone = $_POST["phone"];
$gender = isset($_POST["gender"]) ? $_POST["gender"] : '';
$message = $_POST["message"];
$country = $_POST["country"];
$category = $_POST["category"];
//echo $gender . "value";
//var_dump(billingDate);
// var_dump($customer);
//Escape all string
$firstname = mysqli_real_escape_string($connection, $fname);
$lastname = mysqli_real_escape_string($connection, $lname);
$emailNew = mysqli_real_escape_string($connection, $email);
$phoneNew = mysqli_real_escape_string($connection, $phone);
$genderNew = mysqli_real_escape_string($connection, $gender);
$messageNew = mysqli_real_escape_string($connection, $message);
$countryNew = mysqli_real_escape_string($connection, $country);
$categoryNew = mysqli_real_escape_string($connection, $category);
//querying the database
$query = "INSERT into counselling ( ";
$query .= "Timestamp, FirstName, LastName, ";
$query .= "Email, PhoneNumber, Category, Country, Gender, Message";
$query .= ")";
$query .= "VALUES ('{$Timestamp}', '{$firstname}', '{$lastname}', ";
$query .= "'{$emailNew}', '{$phoneNew}', '{$categoryNew}', '{$countryNew}', '{$genderNew}', '{$messageNew}' ";
$query .= ")";
echo $query;
$result = mysqli_query($connection, $query) ;
//check for query error
if($result){
//query success redirect_to ("somepage.php");
//redirect_to("confirmation.php");
echo "Success";
} else {
die("Database query failed");
}
} // end of if
} // End of form submission conditional.
?>
您需要用适当的逻辑重构代码
<?php
$fname = $_POST["fname"];
$lname = $_POST["lname"];
$errors = array();
if(trim($fname) == ''){
$errors['fname'] = "First name is required";
}
if(trim($lname) == ''){
$errors['lname'] = "Last name is required";
}
if(count( $errors) > 0){
//form invalid
}
else{
//form is valid
}
看看你的代码!如果第一次验证失败,您仍将处理第二次和第三次验证,以此类推。如果它们正常,则$formErrors
将被设置为FALSE,并且您不知道第一次验证失败的事实。用大脑参与重构用JavaScript验证不是更好吗?这样,如果用户失败,他/她可以在发送表单之前再次编辑表单。使用php,我猜您将数据发送到一个验证页面,如果数据正确,它将被保存,如果不正确,表单将被清除?如果是这样的话,我真的很讨厌这些解决方案。YMMV@Andreas在javascript中进行验证非常好,但仍然需要在PHP中再次进行验证!我们都可以在浏览器中关闭javascriptremember@RiggsFolly对。我只记得几年前我在波兰时,用波兰语写了一张至少有100个问题的表格,我一个字也听不懂。有个人帮了我,当我们按下提交键时,有一行错了。回到原点:/