PHP，MySQL验证故障和搜索不起作用? [英] PHP, MySQL validation malfunction and search doesn't work?

问题描述

我创建了一个小的注册粘贴表格.一切工作正常，但是如果我输入任何错误的值，例如名称中的数字，年龄中的字母或什至错误的电子邮件格式，那么数据仍然保存在数据库中，我将无法确定验证问题. 另一个1是搜索选项.每当我在搜索框中输入任何名字或姓氏时，它都应显示数据库中的名称，否则将显示错误消息. 任何1都可以建议我该怎么做..请在下面查看我的编码.

I have created a small registration sticky form. Everything is working fine, but if I input any wrong value,like numbers in name, letters in age or even wrong email format, then still the data is saved in the database, I cannot figure out the validation problem. And another 1 is search option. Whenever I input any FirstName or lastname in the search box, it should display the name that is in the database or it will show an error message. Any 1 can suggest me what should I do.. Please see my coding below.

sticky_form代码...

sticky_form codes...

<html>
<head>


<?php
global $fname,$lname,$gender,$age,$course,$email;

if(isset($_POST['register']))
{

    $fname=$_POST['fname'];
    $lname=$_POST['lname'];
    $gender=$_POST['gender'];
    $age=$_POST['age'];
    $course=$_POST['course'];
    $email=$_POST['email']; 

        if (preg_match("/[a-zA-Z ]+$/", $_POST['fname']))  {
            $fname = trim($_POST['fname']);
        }
         else 
        {
        echo '<p>The First name is empty or has illegal characters! To edit please go the link Display Data Information</p>';
        //$error = true;
        }


        if (preg_match("/[a-zA-Z ]+$/", $_POST['lname']))  {
            $lname = trim($_POST['lname']);
        }
         else 
        {
        echo '<p>The last name is empty or has illegal characters! To edit please go the link Display Data Information</p>';
        $error = true;
        }

        if(isset($_POST['gender']))
        {   
            $gender = $_POST['gender']; 
        }
        else
        {
            echo "<p>No gender found!</p>";
        }

        if (preg_match("/[a-zA-Z ]+$/", $_POST['age']))  {
            $age = trim($_POST['age']);
        }
         else 
        {
        echo '<p>Please enter age. Or your age contains illegal characters</p>';
        //$error = true;
        }

        if(isset($_POST['course']))
        {
             $course = $_POST['course'];
        }
        else
        {
            echo "<p>Please Select Course!</p>";

        }

        // Validate the email:
        if (preg_match("/^[\w.-]+@[\w.-]+\.[A-Za-z]{2,6}$/", $_POST['email'] )){
        $email = trim($_POST['email']);
        }
        else 
        {
        echo '<p>The email is empty or has illegal characters! To edit please go the link Display Data Information</p>';
        //$error = false;
        }
        echo "<br/>";
        echo "<br/>";
        echo "<br/>";



}

    if($fname&&$lname&&$gender&&$age&&$email&&$course)
    {
    require_once('connection.php');
    $query = mysql_query("INSERT INTO members SET FirstName='$fname', LastName='$lname', Gender='$gender', Age='$age',          Email='$email', Course='$course'") or die(mysql_error());

        if($query){
            echo"Your Data Successfully Saved"; 
        }
        else
        {
            echo "Please recheck your Data!";
        }


}


?>
</head>

<body id="body">
<h2><strong>Register Student Account</strong></h2>
<form action="student_form.php" method="post" >
<table border="1" id="container">


  <tr>
    <td>First Name</td>
    <td>:</td>
    <td><input type="text" name="fname"  size="30" maxlength="50"/></td>
  </tr>

 <tr>
    <td>Last Name</td>
    <td>:</td>
    <td><input type="text" name="lname" size="30" maxlength="50"/></td>
  </tr>

  <tr>
    <td>Age</td>
    <td>:</td>
    <td><input type="text" name="age"  size="3" /></td>
  </tr>

    <tr>
    <td >Gender </td>
    <td> : </td>
    <td> Male
    <input type="radio" name="gender" value="Male"/>

    Female
    <input type="radio" name="gender" value="Female"/></td>

  </tr>


  <tr>
    <td valign="top">Course</td>
    <td valign="top"> : </td>
    <td> <input type="radio" name="course" value="Bachelor Of Computing"/>Bachelor Of Computing<br/>
   <input type="radio" name="course" value="Bachelor Of Science"/>Bachelor Of Science<br/> 
   <input type="radio" name="course" value="Bachelor Of Software Engineering"/>Bachelor Of Software Engineering<br/>
    <input type="radio" name="course" value="Bachelor Of Networking"/>Bachelor Of Networking<br/>
    <input type="radio" name="course" value="Bacelor Of IT"/>Bacelor Of IT <br/>
    <input type="radio" name="course" value="Bachelor Of Computer Science"/>Bachelor Of Computer Science<br/></td>

  </tr>

 <tr>
    <td>Email Address</td>
    <td>:</td>
    <td><input type="text" name="email"  size="30" maxlength="50"/></td>
</tr>


</table>
    <input type="submit" name="register" value="REGISTER"/>

</form><br>
<p><a href="student_form.php" >Home</a></p>
<p><a href="display_data.php">Display Data Information</a>
<p><a href="search.php">To search for Members</a>
</body>
</html>

这是search_form代码...

and this is the search_form codes......

<html>
<head>
<?php
//require_once('student_form.php');
if(isset($_POST['s1'])){ 
$id=$_REQUEST['id']; 
$fname=$_POST['fname'];
    //connect  to the database 
include('connection.php');
//-query  the database table 
$sql=mysql_query("SELECT  * FROM members WHERE (FirstName LIKE '". $fname ."%' OR LastName LIKE '". $lname ."%'");
    //-run  the query against the mysql query function 
    $result=mysql_query($sql); 

    if($row=mysql_fetch_array($result)){ 
                $fname=$row['FirstName']; 
                $lname=$row['LastName']; 
                /*$email=$row['Email'];
                $age =$row['Age'];
                $gender=$row['Gender'];
                $course = $row['Course'];*/
    }
    //-display  the result of the array 
    else
    {
    <?php echo $rows['FirstName']; ?>
    <?php echo $rows['LastName']; ?>
    } 
} 
?>
</head>
<body>
<form action="search.php" method="post">
<table>
    <tr>
    <td><strong>search box</strong></td>
    <td><strong>:</strong></td>
    <td><input type="text" name="search" value=""size="30"/><input type="submit" name="s1" value="Search"/></td>

</table>
</form>
</body>
</html>

推荐答案

将像$fname $lname $gender $age $email $course这样的变量放入isset($_POST['register'])的if条件之后的if条件中.现在，即使您的验证有效，数据仍将输入数据库中.因为您已经提出条件

your variables like $fname $lname $gender $age $email $course are put in if condition after if condition for isset($_POST['register']). Now even if your validation will work, data will still be entered in database. because you have put condition

if($fname&&$lname&&$gender&&$age&&$email&&$course)

当所有这些变量中只有一个值时，现在控件将进入该块.必须发生的是，您输入了错误的值，这些值将得到验证，但会显示消息，但是如果第一个如果块完成，则由于$ _POST变量仍然具有SOME值，无论它们是否无效，第二个如果输入了块并会触发查询.

Now control will enter that block when you have even a single value in all of those variable. What must be happening is, that you put wrong values, those are getting validated, message will be shown, but when first if block finishes, as $_POST variables still have SOME value, regardless of them being invalid, second if block will be entered and query will be fired.

您可以做的是，在任何回显错误消息的地方，都将相应的变量清空.像这样的东西:

What you can do is, where ever you are echoing error message, blank out that respective variable. something like this:

if (preg_match("/[a-zA-Z ]+$/", $_POST['fname']))  {
    $fname = trim($_POST['fname']);
}
else 
{
    echo '<p>The First name is empty or has illegal characters! To edit please go the link Display Data Information</p>';
    $fname = "";
}

这篇关于PHP，MySQL验证故障和搜索不起作用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！