0

我有一个插入用户电话号码并检查数据是否存在的 php 文件

<?php
$labels=array("first_name"=>"First Name",
                "last_name"=>"Last Name",
                "phone"=>"Phone");
?>
<body>
<?php
foreach($_POST as $field =>$value)
{
    if(empty($value))
    {
        $blank_array[]=$field;
    }
    elseif(preg_match("/name/i",$field))
    {
        if(!preg_match("/^[A-Za-z' -]{1,50}$/",$value))
        {
            $bad_format[]=$field;
        }
    }
    elseif($field=="phone")
    {
        if(!preg_match("/^(\(\d+\)|\d+\-)?\d{10,20}$/",$value))
        {
            $bad_format[]=$field;
        }
    }
}

if(@sizeof($blank_array)>0 or  @sizeof($bad_format)>0)
{
    if(@sizeof($blank_array)>0)
    {
        echo "<p>input";
        foreach($blank_array as $value)
        {
        echo " $labels[$value]";
        }
        echo "</p>";
    }

    if(@sizeof($bad_format)>0)
    {
        echo "<p>invalid format";
        foreach($bad_format as $value)
        {
            echo $labels[$value];
        }
        echo "</p>";
    }

//redisplay form
    echo "<hr/>";
    echo "enter phone number";
    echo "<form action='$_SERVER[PHP_SELF]' method='POST'>";

    foreach($labels as $field =>$label)
    {
        $good_data[$field]=strip_tags(trim($_POST[$field]));
        echo "$label <input type='text' name='$field' size='65' maxlength='65' value='$good_data[$field]'/><br/>";  
    }
    echo "<input type='submit' value='submit phone number'/>";
exit();
}
else //check wether use exist or not
{   
    $user='root';
    $host='localhost';
    $password='root';
    $dbname='pet';
    $cxn=mysqli_connect($host,$user,$password,$dbname) or die("can't connect to server");
    foreach($labels as $field =>$value) //filter data 
        {
            $good_data[$field]=strip_tags(trim($_POST[$field]));
            $good_data[$field]=mysqli_real_escape_string($cxn,$good_data[$field]);
        }
    $check_exist="SELECT "; //loop the fields
    //create an array to store the field
    $fieldArray = array();
    foreach($labels as $field =>$value)
    {
        $fieldArray[] = $field;
    }
    $check_exist .= join(',', $fieldArray);
    $check_exist.=" FROM data WHERE "; //loop the value and create an array to store values
    $whereArray = array();
    foreach($good_data as $field =>$value)
    {       
        if($field=="phone")
        {
        $value=preg_replace("/(\(\d+\)|\d+\-)/","",$value);
        }
         $whereArray[] = $field . "=" . "'$value'";
    }
    $check_exist .= join(' AND ', $whereArray);

    $result=mysqli_query($cxn,$check_exist);
    if(mysqli_num_rows($result))
    {
        echo "user already exist ! $check_exist";
        echo "<hr/>";
        echo "enter phone number";
        echo "<form action='$_SERVER[PHP_SELF]' method='POST'>";
        foreach($labels as $field =>$label)
        {
            $good_data[$field]=strip_tags(trim($_POST[$field]));
            echo "$label <input type='text' name='$field' size='65' maxlength='65' value='$good_data[$field]'/><br/>";  
        }
        echo "<input type='submit' value='submit phone number' />";
        exit();
    }
    else
    {
        foreach($labels as $field =>$value)
        {
            $good_data[$field]=strip_tags(trim($_POST[$field]));
                if($field=="phone")
                {
                    $good_data[$field]=preg_replace("/(\(\d+\)|\d+\-)/","",$good_data[$field]);
                }
            $good_data[$field]=mysqli_real_escape_string($cxn,$good_data[$field]);
        }
        $query="INSERT INTO data ("; //118
        foreach($good_data as $field =>$value) //119
        {
            $query.="$field,"; // dau phay lien ket vs ") cua line 86
        }
        $query.= ") VALUES (";          //123
        $query=preg_replace("/,\)/",")",$query); //124 remove the comma that was inserted after the last field remove the ,) with )
        foreach($good_data as $field =>$value)   //124
        {
            $query.="'$value',";
        }
        $query.=")";
        $query=preg_replace("/,\)/",")",$query);


        $result=mysqli_query($cxn,$query) or die ("can't execute query.".mysqli_error($cxn));
        echo "$query";
        echo "<h4>member inserted $query </h4>";
    }
}

?>
</body>

我在谷歌上搜索过的 preg_match("/name/i",$field) 是什么意思,但找不到与其相关的任何内容

4

2 回答 2

2

/name/i寻找name,但不区分大小写,因为i. 还有其他几个修饰符。

于 2013-10-05T15:58:01.753 回答
2
preg_match("/name/i",$field)

这将preg_match检查变量是否与不区分大小写$field的模式匹配。name

因此,如果$field包含NamenAmEnamE等,if则将评估为真,程序继续执行 if 块。

于 2013-10-05T15:58:02.033 回答