PHP、MySQL 验证故障和搜索不起作用?

2022-01-05 00:00:00 php mysql html phpmyadmin

我创建了一个小的注册粘性表格.一切正常,但是如果我输入了任何错误的值,例如姓名中的数字、年龄中的字母甚至错误的电子邮件格式,那么数据仍然保存在数据库中,我无法弄清楚验证问题.另一个 1 是搜索选项.每当我在搜索框中输入任何名字或姓氏时,它都应显示数据库中的名称,否则将显示错误消息.任何 1 都可以建议我该怎么做.. 请参阅下面的代码.

I have created a small registration sticky form. Everything is working fine, but if I input any wrong value,like numbers in name, letters in age or even wrong email format, then still the data is saved in the database, I cannot figure out the validation problem. And another 1 is search option. Whenever I input any FirstName or lastname in the search box, it should display the name that is in the database or it will show an error message. Any 1 can suggest me what should I do.. Please see my coding below.

sticky_form 代码...

sticky_form codes...

<html>
<head>


<?php
global $fname,$lname,$gender,$age,$course,$email;

if(isset($_POST['register']))
{

    $fname=$_POST['fname'];
    $lname=$_POST['lname'];
    $gender=$_POST['gender'];
    $age=$_POST['age'];
    $course=$_POST['course'];
    $email=$_POST['email']; 

        if (preg_match("/[a-zA-Z ]+$/", $_POST['fname']))  {
            $fname = trim($_POST['fname']);
        }
         else 
        {
        echo '<p>The First name is empty or has illegal characters! To edit please go the link Display Data Information</p>';
        //$error = true;
        }


        if (preg_match("/[a-zA-Z ]+$/", $_POST['lname']))  {
            $lname = trim($_POST['lname']);
        }
         else 
        {
        echo '<p>The last name is empty or has illegal characters! To edit please go the link Display Data Information</p>';
        $error = true;
        }

        if(isset($_POST['gender']))
        {   
            $gender = $_POST['gender']; 
        }
        else
        {
            echo "<p>No gender found!</p>";
        }

        if (preg_match("/[a-zA-Z ]+$/", $_POST['age']))  {
            $age = trim($_POST['age']);
        }
         else 
        {
        echo '<p>Please enter age. Or your age contains illegal characters</p>';
        //$error = true;
        }

        if(isset($_POST['course']))
        {
             $course = $_POST['course'];
        }
        else
        {
            echo "<p>Please Select Course!</p>";

        }

        // Validate the email:
        if (preg_match("/^[w.-]+@[w.-]+.[A-Za-z]{2,6}$/", $_POST['email'] )){
        $email = trim($_POST['email']);
        }
        else 
        {
        echo '<p>The email is empty or has illegal characters! To edit please go the link Display Data Information</p>';
        //$error = false;
        }
        echo "<br/>";
        echo "<br/>";
        echo "<br/>";



}

    if($fname&&$lname&&$gender&&$age&&$email&&$course)
    {
    require_once('connection.php');
    $query = mysql_query("INSERT INTO members SET FirstName='$fname', LastName='$lname', Gender='$gender', Age='$age',          Email='$email', Course='$course'") or die(mysql_error());

        if($query){
            echo"Your Data Successfully Saved"; 
        }
        else
        {
            echo "Please recheck your Data!";
        }


}


?>
</head>

<body id="body">
<h2><strong>Register Student Account</strong></h2>
<form action="student_form.php" method="post" >
<table border="1" id="container">


  <tr>
    <td>First Name</td>
    <td>:</td>
    <td><input type="text" name="fname"  size="30" maxlength="50"/></td>
  </tr>

 <tr>
    <td>Last Name</td>
    <td>:</td>
    <td><input type="text" name="lname" size="30" maxlength="50"/></td>
  </tr>

  <tr>
    <td>Age</td>
    <td>:</td>
    <td><input type="text" name="age"  size="3" /></td>
  </tr>

    <tr>
    <td >Gender </td>
    <td> : </td>
    <td> Male
    <input type="radio" name="gender" value="Male"/>

    Female
    <input type="radio" name="gender" value="Female"/></td>

  </tr>


  <tr>
    <td valign="top">Course</td>
    <td valign="top"> : </td>
    <td> <input type="radio" name="course" value="Bachelor Of Computing"/>Bachelor Of Computing<br/>
   <input type="radio" name="course" value="Bachelor Of Science"/>Bachelor Of Science<br/> 
   <input type="radio" name="course" value="Bachelor Of Software Engineering"/>Bachelor Of Software Engineering<br/>
    <input type="radio" name="course" value="Bachelor Of Networking"/>Bachelor Of Networking<br/>
    <input type="radio" name="course" value="Bacelor Of IT"/>Bacelor Of IT <br/>
    <input type="radio" name="course" value="Bachelor Of Computer Science"/>Bachelor Of Computer Science<br/></td>

  </tr>

 <tr>
    <td>Email Address</td>
    <td>:</td>
    <td><input type="text" name="email"  size="30" maxlength="50"/></td>
</tr>


</table>
    <input type="submit" name="register" value="REGISTER"/>

</form><br>
<p><a href="student_form.php" >Home</a></p>
<p><a href="display_data.php">Display Data Information</a>
<p><a href="search.php">To search for Members</a>
</body>
</html>

这是search_form代码......

and this is the search_form codes......

<html>
<head>
<?php
//require_once('student_form.php');
if(isset($_POST['s1'])){ 
$id=$_REQUEST['id']; 
$fname=$_POST['fname'];
    //connect  to the database 
include('connection.php');
//-query  the database table 
$sql=mysql_query("SELECT  * FROM members WHERE (FirstName LIKE '". $fname ."%' OR LastName LIKE '". $lname ."%'");
    //-run  the query against the mysql query function 
    $result=mysql_query($sql); 

    if($row=mysql_fetch_array($result)){ 
                $fname=$row['FirstName']; 
                $lname=$row['LastName']; 
                /*$email=$row['Email'];
                $age =$row['Age'];
                $gender=$row['Gender'];
                $course = $row['Course'];*/
    }
    //-display  the result of the array 
    else
    {
    <?php echo $rows['FirstName']; ?>
    <?php echo $rows['LastName']; ?>
    } 
} 
?>
</head>
<body>
<form action="search.php" method="post">
<table>
    <tr>
    <td><strong>search box</strong></td>
    <td><strong>:</strong></td>
    <td><input type="text" name="search" value=""size="30"/><input type="submit" name="s1" value="Search"/></td>

</table>
</form>
</body>
</html>

推荐答案

你的变量如 $fname $lname $gender $age $email $course 放在 if 条件之后, >isset($_POST['register']).现在,即使您的验证有效,数据仍将输入到数据库中.因为你有条件

your variables like $fname $lname $gender $age $email $course are put in if condition after if condition for isset($_POST['register']). Now even if your validation will work, data will still be entered in database. because you have put condition

if($fname&&$lname&&$gender&&$age&&$email&&$course)

现在,当所有这些变量中只有一个值时,控制将进入该块.必须发生的事情是,您输入了错误的值,这些值正在得到验证,将显示消息,但是当第一个 if 块完成时,因为 $_POST 变量仍然具有一些值,无论它们是否无效,第二个 if 块将被输入和查询将被触发.

Now control will enter that block when you have even a single value in all of those variable. What must be happening is, that you put wrong values, those are getting validated, message will be shown, but when first if block finishes, as $_POST variables still have SOME value, regardless of them being invalid, second if block will be entered and query will be fired.

您可以做的是,无论您在哪里回显错误消息,都将相应的变量清空.像这样:

What you can do is, where ever you are echoing error message, blank out that respective variable. something like this:

if (preg_match("/[a-zA-Z ]+$/", $_POST['fname']))  {
    $fname = trim($_POST['fname']);
}
else 
{
    echo '<p>The First name is empty or has illegal characters! To edit please go the link Display Data Information</p>';
    $fname = "";
}

相关文章