0

在完成验证之前我没有注意到它,但我意识到即使我的错误出现在我的表单框顶部,我也会转到 phpmyadmin 并查看数据,即使我故意添加错误,表单也会被提交.

然后我的第二个问题,包括上述问题,无论我做什么,学生 ID 或“anum”都没有发布。它继续在我的数据库的学生表中给我一个“0”值。

这是整个代码:

<?php
//Starting session
session_start();

// Validation starts here
if (empty($_POST) === false) {
    $errors   = array();
    $anum     = $_POST['anum'];
    $first    = $_POST['first'];
    $last     = $_POST['last'];
    $why      = $_POST['why'];
    $comments = $_POST['comments'];

    if (empty($anum) === true || empty($first) === true || empty($last) === true) {
        $errors[] = 'Form is incomplete please revise it!';
    } else {

        if (ctype_alnum($anum) === false) {
            $errors[] = 'A number can only consist of alphanumeric characters!';
        }
        if ((strlen($anum) < 9) && (strlen($anum)) > 9) {
            $errors[] = 'A number is incorrect!';
        }
        if (ctype_alpha($first) === false) {
            $errors[] = 'First mame must only contain alphabetical characters!';
        }
        if (ctype_alpha($last) === false) {
            $errors[] = 'Last name must only contain alphabetical characters!';
        }
        if (empty($why))
            $errors[] = 'Please make sure to select the proper reasoning for your vistit today!';

        elseif ($why === 'Other') {

            if (empty($comments))
                $errors[] = 'Please explain the nature of your visit in the comments box!';

            else {

                if (strlen($comments) < 15)
                    $errors[] = 'Your explaination is short, please revise!';

                if (strlen($comments) > 45)
                    $errors[] = 'Your explaintion is to long, please revise!';

            }

        }

        if (empty($errors) === false) {
            header('location: signedin.php');
            exit();
        }

        // Validations ends here

        $host     = "localhost"; // Host name
        $username = "root"; // Mysql username
        $password = "testdbpass"; // Mysql password
        $db_name  = "test"; // Database name

        // Connect to server via PHP Data Object
        $dbh = new PDO("mysql:host=localhost;dbname=test;", $username, $password);
        $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        try {
            $query = $dbh->prepare("INSERT INTO `students` (anum, FIRST, LAST, why, comments)
                                   VALUES (:anum, :FIRST, :LAST, :why, :comments)");

            $query->execute(

                array(
                    'anum'     => $_POST['anum'],
                    'first'    => $_POST['first'],
                    'last'     => $_POST['last'],
                    'why'      => $_POST['why'],
                    'comments' => $_POST['comments']
                ));
        } catch (PDOException $e) {
            error_log($e->getMessage());
            die($e->getMessage());
        }
        $dbh = null;

    }

}
?>

<html>
<body>
<title>Student Signin Form</title>
<table width="300" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
    <tr>
        <?php
        if (empty($errors) === false) {
            echo '<h3>';
            foreach ($errors as $error) {
                echo '<center><li>', $error, '</li></center>';
            }

            echo '<h3>';
        }
        ?>
    <form action="" method="post">
        <td>
            <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
                <tr>

                <tr colspan="3">
                    <center></center>
                    <strong>Student Signin Form</strong></tr>
                <p>Student ID Number: <input type="text" name="anum" <?php if (isset($_POST['anum']) === true) {
                        echo 'value="', $_POST['anum'], '"';
                    } ?> />

                <p>First Name: <input type="text" name="first" <?php if (isset($_POST['first']) === true) {
                        echo 'value="', $_POST['first'], '"';
                    } ?> />

                <p>Last Name: <input type="text" name="last" <?php if (isset($_POST['last']) === true) {
                        echo 'value="', $_POST['last'], '"';
                    } ?> />

                <p>How may we help you? <select name="why"/>
                    <option value=""></option>
                    <option value="Appeal">Appeal</option>
                    <option value="Other">Other: Please specify the nature of your visit bellow</option>
                    </select>
                    </tr>


                    <br>

                <P>If other please describe the issue you are having.</P>
                <textarea rows="10" cols="50" name="comments" <?php if (isset($_POST['comments']) === true) {
                    echo 'value="', $_POST['comments'], '"';
                } ?>></textarea>


                <input type="submit" name="submit" value="Send"/>

    </form>

</table>
</body>
</html>
4

2 回答 2

1

在更多地挖掘和更多地了解我实际上在做什么(错误的方式)之后,我想出了我的解决方案。几乎我必须这样做,以便 Mysql 插入语句成为错误验证的一部分,而不是独立的。如果您查看我之前的代码,PDO 语句在代码中并没有真正的位置,它就在那里。造成这种情况的原因是

if (empty($errors) === false) {
        header('location: signedin.php');
        exit();
    }

这样做是即使有错误我仍然必须重定向到不是所需影响的“signedin.php”。必须做的是首先将其从假变为真。

if (empty($errors) === true) {
        header('location: signedin.php');
        exit();
    }

然后在这样做之后,您必须在 {} 之间输入您的 PDO 语句。

那么这意味着如果脚本发现错误,它将不会运行 PDO 插入。

但是,如果没有错误为真,它将运行插入脚本并对该脚本进行错误检查,然后如果插入正确,它将将用户重定向到下一页。

例子 :

if (empty($errors) === true) 
{
            $host="localhost"; // Host name
            $username="root"; // Mysql username
            $password="testdbpass"; // Mysql password
            $db_name="test"; // Database name


            $dbh = new PDO("mysql:host=localhost;dbname=test;", $username, $password);
            $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

                    try 
        {
                            $query = $dbh->prepare("INSERT INTO `students` (anum, first, last, why, comments) 
                                   VALUES (:anum, :first, :last, :why, :comments)");

                            $query->execute(
                                                array(
                                                        'anum'      => $_POST['anum'],
                                                        'first'     => $_POST['first'],
                                                        'last'      => $_POST['last'],
                                                        'why'       => $_POST['why'],
                                                        'comments'  => $_POST['comments']
                                                        )); 
        }
                catch (PDOException $e) 
        {
                error_log($e->getMessage());
                die($e->getMessage());
        }
   $dbh = null;    

        header('location: signedin.php');
        exit(); 
}

希望有人会发现这个有用。

于 2012-12-27T23:21:13.880 回答
0

好吧,看起来您正在编写一些代码而没有实际测试它是否有效。以这些行为例(大约第 50 行):

        if (empty($errors) === false) {
            header('location: signedin.php');
            exit();
        }

您正在$errors用错误消息填充数组。然后,如果出现错误,您将进行重定向。没有意义,因为这也会删除错误消息。

于 2012-12-27T18:06:39.630 回答