验证后插入数据到数据库 [英] Insert data to database after validation
问题描述
我在一个 php 表单中工作,我用正则表达式验证字段.验证工作正常,但我想在验证完成后将数据插入数据库且没有错误我不知道如何编写?
我面临一个问题,每次单击提交时,数据都会将空记录插入数据库.另外,我希望在插入完成后重定向到感谢页面.
非常感谢您的帮助和建议.
这是我的代码
头部><身体><div align="center"><p> </p>
<form name="form1" action="<?php echo $PHP_SELF; ?>"方法=POST"><p><input type="hidden" name="ac" value="login"></p><表格宽度=485"边框=0"><tr><td width="48">全名</td><td width="150"><input name="name" type="text" id="name" value="<?php echo $_POST["name"]; ?>"></td><td width="273"><?php if(isset($errname)) echo $errname;?></td></tr><tr><td>年龄</td><td><input name="age" type="text" id="age" value="<?php echo $_POST["age"]; ?>"></td><td><?php if(isset($errage)) echo $errage;?></td></tr><tr><td>性别</td><td><input name="gender" type="radio" value="Male" 选中>男性<input name="gender" type="radio" value="Female">女性</td><td> </td></tr><tr><td>移动</td><td><input name="mobile" type="text" id="mobile" value="<?php echo $_POST["mobile"]; ?>"></td><td><?php if(isset($errmobile)) echo $errmobile;?></td></tr><tr><td> </td><td><input type="submit" name="Submit" value="Submit"><input name="reset" type="reset" id="reset" value="Reset"></td><td> </td></tr></表单>
您可以简单地使用 $errors
数组并在插入之前检查其是否为空:
$errors = array();如果 ($_POST["ac"]=="登录") {if (!preg_match("/^[A-Z][a-zA-Z -]+$/", $_POST['name']))$errors['name'] = '请输入您的全名</p>';if (!preg_match("/^\d{2}$/", $_POST['age']))$errors['age'] = '<p class="errText">年龄必须是 2 位数字</p>';//等等...如果(!$错误){$查询 = "插入申请人(姓名、年龄、性别、手机)价值观('".mysql_real_escape_string($v_name)."','".mysql_real_escape_string($v_age)."','".mysql_real_escape_string($v_gender)."','".mysql_real_escape_string($v_mobile)."')";mysql_query($query);}//等等...}//稍后在您的 HTML 中:<tr><td>移动</td><td><input name="mobile" type="text" id="mobile" value="<?php echo $_POST["mobile"]; ?>"></td><td><?php if(isset($errors['mobile'])) echo $errors['mobile'] ?></td></tr>
确保在将数据发送到数据库之前对其进行转义(因此,mysql_real_escape_string
调用)!一个重要的建议是实际上放弃 mysql_
函数,因为它们已经过时了.您应该改用 PDO.它更容易、更高效,并且毫不费力地消除了大部分 SQL 注入威胁:
尝试{$dbh = new PDO("mysql:host=localhost;dbname=mydb", '用户名', '密码');} catch(PDOException $e) {die('无法连接到数据库!');}$stm = $dbh->prepare('INSERT INTO 申请人(姓名、年龄、性别、手机)VALUES (?, ?, ?, ?)');$stm->execute(array($v_name, $v_age, $v_gender, $v_mobile));
Im working in a php form where Im validating the feilds with regular expression. Validation working fine but I want to insert data into database after the validation finish with no error I dont know how to rite this ?
Im facing a prolem and data is inserting empty records into database each time I click submit. Also , I want after the insert is done to redirect to a Thank you page .
I really appreciate your help and suggestion .
here is my code
<?php
$errname = "";
$errage = "";
$errmobile = "";
if($_POST["ac"]=="login"){
// Full Name must be letters, dash and spaces only
if(preg_match("/^[A-Z][a-zA-Z -]+$/", $_POST["name"]) === 0)
$errname = '<p class="errText">Please enter your full name </p>';
// age must be 2 digits
if(preg_match("/^\d{2}$/", $_POST["age"]) === 0)
$errage = '<p class="errText">Age must be 2 digits</p>';
// Mobile mask 050-0000000
if(preg_match("/^\d{3}-\d{7}$/", $_POST["mobile"]) === 0)
$errmobile = '<p class="errText">Mobile must be in this format: 050-0000000</p>';
// contact to database
$connect = mysql_connect("localhost", "root", "") or die ("Error , check your server connection.");
mysql_select_db("career_system");
//Get data in local variable
$v_name=$_POST['name'];
$v_age=$_POST['age'];
$v_gender=$_POST['gender'];
$v_mobile =$_POST['mobile'];
$query="insert into applicant(name, age, gender, mobile ) values ('$v_name', '$v_age', '$v_gender','$v_mobile ')";
mysql_query($query) or die(mysql_error());
}
echo "Your information has been received";
}
?>
</head>
<body>
<div align="center">
<p> </p>
</div>
<form name="form1" action="<?php echo $PHP_SELF; ?>" method="POST">
<p>
<input type="hidden" name="ac" value="login">
</p>
<table width="485" border="0">
<tr>
<td width="48">Full Name</td>
<td width="150"><input name="name" type="text" id="name" value="<?php echo $_POST["name"]; ?>"></td>
<td width="273"><?php if(isset($errname)) echo $errname; ?></td>
</tr>
<tr>
<td>Age</td>
<td><input name="age" type="text" id="age" value="<?php echo $_POST["age"]; ?>"></td>
<td><?php if(isset($errage)) echo $errage; ?></td>
</tr>
<tr>
<td>Gender</td>
<td><input name="gender" type="radio" value="Male" checked>
Male
<input name="gender" type="radio" value="Female">
Female</td>
<td> </td>
</tr>
<tr>
<td>Mobile</td>
<td><input name="mobile" type="text" id="mobile" value="<?php echo $_POST["mobile"]; ?>"></td>
<td><?php if(isset($errmobile)) echo $errmobile; ?></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Submit">
<input name="reset" type="reset" id="reset" value="Reset"></td>
<td> </td>
</tr>
</table>
</form>
You can simply use an $errors
array and check for its emptiness before inserting:
$errors = array();
if ($_POST["ac"]=="login") {
if (!preg_match("/^[A-Z][a-zA-Z -]+$/", $_POST['name']))
$errors['name'] = '<p class="errText">Please enter your full name </p>';
if (!preg_match("/^\d{2}$/", $_POST['age']))
$errors['age'] = '<p class="errText">Age must be 2 digits</p>';
// etc...
if (!$errors) {
$query = "
insert into applicant
(name, age, gender, mobile )
values
(
'".mysql_real_escape_string($v_name)."',
'".mysql_real_escape_string($v_age)."',
'".mysql_real_escape_string($v_gender)."',
'".mysql_real_escape_string($v_mobile)."'
)
";
mysql_query($query);
}
// etc...
}
// Later in your HTML:
<tr>
<td>Mobile</td>
<td><input name="mobile" type="text" id="mobile" value="<?php echo $_POST["mobile"]; ?>"></td>
<td><?php if(isset($errors['mobile'])) echo $errors['mobile'] ?></td>
</tr>
Make sure to escape data before sending it to the database (hence, the mysql_real_escape_string
calls)! An important piece of advice would be to actually abandon the mysql_
functions as they are antiquated. You should use PDO instead. It's much easier, more efficient and eliminates much of the SQL injection threat with little effort:
try {
$dbh = new PDO("mysql:host=localhost;dbname=mydb", 'username', 'password');
} catch(PDOException $e) {
die('Could not connect to database!');
}
$stm = $dbh->prepare('INSERT INTO applicant (name, age, gender, mobile ) VALUES (?, ?, ?, ?)');
$stm->execute(array($v_name, $v_age, $v_gender, $v_mobile));
这篇关于验证后插入数据到数据库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!