0

我对 php 相当陌生,我有一个表格,填写后会发送 ?sent ,在 if 语句中检查它。我的问题是提交表单后 .ucfirst( $firstName )。' ' .ucfirst( $lastName ) 在回显时永远不会出现

echo '<h2>Thank you, ' .ucfirst( $firstName ). ' ' .ucfirst( $lastName ). ' for your submission, we will be contacting you shortly if needed.</h2>';

这是完整的代码:

<?php
$firstName   = $_POST[ 'firstName' ];
$lastName       = $_POST[ 'lastName' ];
$email          = $_POST[ 'email' ];
$comments  = $_POST[ 'comments' ];
$errors         = array();

if (isset($_GET['sent']) === true) {

    echo '<h2>Thank you, ' .ucfirst( $firstName ). ' ' .ucfirst( $lastName ). ' for your submission, we will be contacting you shortly if needed.</h2>'; 

} else {                                                                     ////////////////////////////////////// else ////////////////////////////////////////////////////

?>

<form action="" method="post">
    <input type="text" name="firstName"  placeholder="first name" <?php if(isset($_POST['firstName']) === true ){ echo 'value="' .strip_tags($_POST['firstName']). '"' ;} ?>/><br />
    <input type="text" name="lastName"  placeholder="last name" <?php if(isset($_POST['lastName']) === true ){ echo 'value="' .strip_tags($_POST['lastName']). '"' ;} ?>/><br />
    <input type="text" name="email" id="email" placeholder="email address" <?php if(isset($_POST['email']) === true ){ echo 'value="' .strip_tags($_POST['email']). '"' ;} ?>/><br />
    <textarea name="comments" id="comments" cols="30" rows="10" placeholder="comments...."><?php if(isset($_POST['comments']) === true ){  echo strip_tags($_POST['comments'])  ;} ?></textarea><br />
    <input type="submit" name="submit" id="submit" /><br />
    <?php foreach($errors as $error) {
        echo $error;
    } 

    if (isset($_POST['submit'])) {

    if ( empty($_POST['lastName']) && empty($_POST['firstName']) && empty($_POST['email']) && empty($_POST['comments']) ) {
        $errors[] = '&bull; All fields are required for form to be submitted!<br />';
    } else {
        if (ctype_alpha($_POST['firstName']) === false ) {
            $errors[] = '&bull; First name must contain only letters!<br />';
        }
        if (ctype_alpha($_POST['lastName']) === false ) {
            $errors[] = '&bull; Last name must contain only letters!<br />';
        }

        if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
            $errors[] = '&bull; You must enter a valid email address!<br />';
        }
        if (empty($_POST['comments']) === true ) {
            $errors[] = '&bull; Tell us why you would like to contact us!<br />';
        }
    }
    if (empty($errors)) {
        header('Location: testForm.php?sent');
        end();
    }


}                                                                               ///////////////////////////////////// end submit ////////////////////////////////////////////////////
}                                                                               ///////////////////////////////////// end else //////////////////////////////////////////////////// 
?>
</form>
4

3 回答 3

1

只有在 $_GET['sent'] === true; 时,您才会回显该语句。

但是,您正在发送 POST 请求。尝试这个:

if (isset($_POST['firstName']) {
//echo code here
}
于 2013-09-09T15:53:39.910 回答
0

对于您想要做的事情,不需要使用另一个再次执行相同操作的 GET 请求来重定向页面。

只需在页面顶部验证您的数据,如下所示:

<?php
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$email = $_POST['email'];
$comments = $_POST['comments'];
$errors = array();


if (isset($_POST['submit'])) {
if (empty($_POST['lastName']) && empty($_POST['firstName']) && empty($_POST['email']) && empty($_POST['comments'])) {
    $errors[] = '&bull; All fields are required for form to be submitted!<br />';
} else {
    if (ctype_alpha($_POST['firstName']) === false) {
        $errors[] = '&bull; First name must contain only letters!<br />';
    }
    if (ctype_alpha($_POST['lastName']) === false) {
        $errors[] = '&bull; Last name must contain only letters!<br />';
    }

    if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
        $errors[] = '&bull; You must enter a valid email address!<br />';
    }
    if (empty($_POST['comments']) === true) {
        $errors[] = '&bull; Tell us why you would like to contact us!<br />';
    }
}
if (count($errors)==0) { // if no errors
    echo '<h2>Thank you, ' . ucfirst($firstName) . ' ' . ucfirst($lastName) . ' for your submission, we will be contacting you shortly if needed.</h2>';
} else { // ese show form with errors

?>

<form action="" method="post">
    <input type="text" name="firstName" placeholder="first name" <?php if (isset($_POST['firstName']) === true) {
        echo 'value="' . strip_tags($_POST['firstName']) . '"';
    } ?>/><br/>
    <input type="text" name="lastName" placeholder="last name" <?php if (isset($_POST['lastName']) === true) {
        echo 'value="' . strip_tags($_POST['lastName']) . '"';
    } ?>/><br/>
    <input type="text" name="email" id="email" placeholder="email address" <?php if (isset($_POST['email']) === true) {
        echo 'value="' . strip_tags($_POST['email']) . '"';
    } ?>/><br/>
    <textarea name="comments" id="comments" cols="30" rows="10"
              placeholder="comments...."><?php if (isset($_POST['comments']) === true) {
            echo strip_tags($_POST['comments']);
        } ?></textarea><br/>
    <input type="submit" name="submit" id="submit"/><br/>
    <?php foreach ($errors as $error) {
        echo $error;
    }
    }
    }
    ?>
</form>
于 2013-09-09T16:22:48.733 回答
-1

您使用 重定向用户header(),但在此步骤中,您当然会丢失以前发布的数据(第 3-5 行),这就是名字和姓氏必须为空的原因。

作为解决方案,请尝试在脚本开头填写错误变量。这样,您可以$errors直接在第 7 行检查是否为空,而不是使用重定向内容。

如果要使用redirect-aber-post-pattern,则必须将输出所需的两个参数包含到 header-redirect 中。这样,您的解决方案可能是:

// use this replace against header injection if you got php-version < 4.4.2 or < 5.1.2
// - or update your php-version
$hlastname = str_replace("\n", $_POST['lastName'], ""); 
$hfirstname = str_replace("\n", $_POST['firstName'], "");
header('Location: testForm.php?sent=true&firstName='.$hfirstname.'&lastName='.$hlastname);

// and put this into your fist lines:

$firstname = htmlentities($_REQUEST['firstName']);
$lastname = htmlentities($_REQUEST['lastName']);

此外,您的脚本不安全。您必须避开 xss 攻击的参数!在继续编写 PHP 应用程序之前,请阅读有关 XSS 漏洞的更多信息(Google 将帮助您!;与我对 htmlentities() 的使用进行比较)。

于 2013-09-09T15:51:49.747 回答