0

得到了我想要的工作,但是我可以对其进行哪些更新以使其更好?

代码: - - - - - - - - - - - - - - - - - - - - 

  $odb = new PDO('mysql:host=localhost;dbname=db371885849', $user, $pass);
  $odb->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);


        if(isset($_POST['firstname'])) {
                $firstname = $_POST['firstname'];
                $lastname = $_POST['lastname'];
                $email = $_POST['email'];

                        $q = "INSERT INTO jobform(firstname, lastname, email) VALUES (:firstname, :lastname, :email);";
                        $query = $odb->prepare($q);
                        $results = $query->execute(array(
                        ":firstname" => $firstname,
                        ":lastname" => $lastname,
                        ":email" => $email
                ));
                }

++++++++++++++++++++++++++更新工作++++++++++++++++++++++++ ++

 $odb = new PDO('mysql:host=localhost;dbname=db371885849', $user, $pass);
  $odb->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        if(isset($_POST['firstname'])) {
                $firstname = $_POST['firstname'];
                $lastname = $_POST['lastname'];
                $email = $_POST['email'];
 if (!empty($firstname))
{

                        $q = "INSERT INTO jobform(firstname, lastname, email) VALUES (:firstname, :lastname, :email);";
                        $query = $odb->prepare($q);
                        $results = $query->execute(array(
                        ":firstname" => $firstname,
                        ":lastname" => $lastname,
                        ":email" => $email
                ));
                } else {
            echo "not today";
        }
                }
4

3 回答 3

2 
    if(!empty($_POST['firstname']) && !empty($_POST['lastname']) && filter_var($_POST['email'],FILTER_VALIDATE_EMAIL)) {
            $firstname = $_POST['firstname'];
            $lastname = $_POST['lastname'];
            $email = $_POST['email'];

                    $q = "INSERT INTO jobform(firstname, lastname, email) VALUES (:firstname, :lastname, :email);";
                    $query = $odb->prepare($q);
                    $results = $query->execute(array(
                    ":firstname" => $firstname,
                    ":lastname" => $lastname,
                    ":email" => $email
            ));
        }else echo 'make an error';
于 2013-05-17T10:53:04.417 回答
1

看来您根本不需要验证。那么,我是如何做到的,基于标签 wiki 中的代码

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $allowed = array('firstname', 'lastname', 'email');
    $sql = "INSERT INTO jobform SET ".pdoSet($fields,$values);
    $stm = $dbh->prepare($sql);
    $stm->execute($values);
    header("Location: ".$_SERVER['PHP_SELF']);
    exit;
}

但是,如果要验证用户输入,则需要更复杂的代码:

<?  
$allowed = array('firstname', 'lastname', 'email');
if ($_SERVER['REQUEST_METHOD']=='POST') {  

  $err = array();
  //performing all validations and raising corresponding errors
  if (empty($_POST['firstname']) $err[] = "Firstname is required";  
  if (empty($_POST['lastname'])  $err[] = "Lastname is required";  
  if (!filter_var($_POST['email'],FILTER_VALIDATE_EMAIL) {
     $err[] = "Wrong email format";
  }

  if (!$err) {  
    $sql = "INSERT INTO jobform SET ".pdoSet($fields,$values);
    $stm = $dbh->prepare($sql);
    $stm->execute($values);
    header("Location: ".$_SERVER['PHP_SELF']);
    exit;
  }  else {
    // all field values should be escaped according to HTML standard
    foreach ($_POST as $key => $val) {
      $form[$key] = htmlspecialchars($val);
    }
} else {
    foreach ($allowed as => $val) {
      $form[$val] = '';
    }
}
include 'form.tpl.php';
于 2013-05-17T11:12:42.633 回答
0

PDO 用于与数据库通信,而不是验证值(除了引用它们以进行安全插入)。在使用 PDO 启动 SQL 查询之前,您必须执行验证:

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (
        // your empty() checks
    ) {
        // your query
    }
}
于 2013-05-17T10:52:45.753 回答