我有一个插入用户电话号码并检查数据是否存在的 php 文件
<?php
$labels=array("first_name"=>"First Name",
"last_name"=>"Last Name",
"phone"=>"Phone");
?>
<body>
<?php
foreach($_POST as $field =>$value)
{
if(empty($value))
{
$blank_array[]=$field;
}
elseif(preg_match("/name/i",$field))
{
if(!preg_match("/^[A-Za-z' -]{1,50}$/",$value))
{
$bad_format[]=$field;
}
}
elseif($field=="phone")
{
if(!preg_match("/^(\(\d+\)|\d+\-)?\d{10,20}$/",$value))
{
$bad_format[]=$field;
}
}
}
if(@sizeof($blank_array)>0 or @sizeof($bad_format)>0)
{
if(@sizeof($blank_array)>0)
{
echo "<p>input";
foreach($blank_array as $value)
{
echo " $labels[$value]";
}
echo "</p>";
}
if(@sizeof($bad_format)>0)
{
echo "<p>invalid format";
foreach($bad_format as $value)
{
echo $labels[$value];
}
echo "</p>";
}
//redisplay form
echo "<hr/>";
echo "enter phone number";
echo "<form action='$_SERVER[PHP_SELF]' method='POST'>";
foreach($labels as $field =>$label)
{
$good_data[$field]=strip_tags(trim($_POST[$field]));
echo "$label <input type='text' name='$field' size='65' maxlength='65' value='$good_data[$field]'/><br/>";
}
echo "<input type='submit' value='submit phone number'/>";
exit();
}
else //check wether use exist or not
{
$user='root';
$host='localhost';
$password='root';
$dbname='pet';
$cxn=mysqli_connect($host,$user,$password,$dbname) or die("can't connect to server");
foreach($labels as $field =>$value) //filter data
{
$good_data[$field]=strip_tags(trim($_POST[$field]));
$good_data[$field]=mysqli_real_escape_string($cxn,$good_data[$field]);
}
$check_exist="SELECT "; //loop the fields
//create an array to store the field
$fieldArray = array();
foreach($labels as $field =>$value)
{
$fieldArray[] = $field;
}
$check_exist .= join(',', $fieldArray);
$check_exist.=" FROM data WHERE "; //loop the value and create an array to store values
$whereArray = array();
foreach($good_data as $field =>$value)
{
if($field=="phone")
{
$value=preg_replace("/(\(\d+\)|\d+\-)/","",$value);
}
$whereArray[] = $field . "=" . "'$value'";
}
$check_exist .= join(' AND ', $whereArray);
$result=mysqli_query($cxn,$check_exist);
if(mysqli_num_rows($result))
{
echo "user already exist ! $check_exist";
echo "<hr/>";
echo "enter phone number";
echo "<form action='$_SERVER[PHP_SELF]' method='POST'>";
foreach($labels as $field =>$label)
{
$good_data[$field]=strip_tags(trim($_POST[$field]));
echo "$label <input type='text' name='$field' size='65' maxlength='65' value='$good_data[$field]'/><br/>";
}
echo "<input type='submit' value='submit phone number' />";
exit();
}
else
{
foreach($labels as $field =>$value)
{
$good_data[$field]=strip_tags(trim($_POST[$field]));
if($field=="phone")
{
$good_data[$field]=preg_replace("/(\(\d+\)|\d+\-)/","",$good_data[$field]);
}
$good_data[$field]=mysqli_real_escape_string($cxn,$good_data[$field]);
}
$query="INSERT INTO data ("; //118
foreach($good_data as $field =>$value) //119
{
$query.="$field,"; // dau phay lien ket vs ") cua line 86
}
$query.= ") VALUES ("; //123
$query=preg_replace("/,\)/",")",$query); //124 remove the comma that was inserted after the last field remove the ,) with )
foreach($good_data as $field =>$value) //124
{
$query.="'$value',";
}
$query.=")";
$query=preg_replace("/,\)/",")",$query);
$result=mysqli_query($cxn,$query) or die ("can't execute query.".mysqli_error($cxn));
echo "$query";
echo "<h4>member inserted $query </h4>";
}
}
?>
</body>
我在谷歌上搜索过的 preg_match("/name/i",$field) 是什么意思,但找不到与其相关的任何内容