doudu9148 2012-07-14 13:03
浏览 27

在PHP中验证数据

I have a form like below and I want to get some input from the user. My goal is to validate the data before submitting into database. My question is how do I do this ?

<form action="../actions/insertcomment.php" method="post">
    <p class ="ctitle">Leave a Comment:</p>
    <p><label for="postid"><b>PostID:</b></label>
       <input type="text" id="postid" name="postid" maxlength="5" /> <br/>

        <label for="name"><b>Name:</b></label>
        <input type="text" id="name" name="name" maxlength="25" /> <br/>

        <label for="email"><b>Email:</b></label>
        <input type="text" id="email" name="email" maxlength="50" /> <br/>

        <label for="website"><b>Website:</b></label>
        <input type="text" id="website" name="website" maxlength="25" /> <br/>

        <label for="content"><b>Comment:</b></label>
        <textarea id="content" name="content" cols="10" rows="4" maxlength="100"></textarea> <br/>

        <input type="submit" value="Submit Comment" name="submit_comment" /> <br/>
    </p>
</form>

and my insercomment.php is as follows:

<html>
<link rel = "stylesheet" type = "text/css"
          href = "../common/style.css" />
<?php
include("../common/dbconnect.php");
$con=new dbconnect();
$con->connect();
error_reporting(E_ALL);

 //$postid= $_GET['id'];

if($_POST) {

    $postid= $_POST['postid'];
    $users_name = $_POST['name'];
    $users_email = $_POST['email'];
    $users_website = $_POST['website'];
    $users_comment = $_POST['content'];

    $postid = htmlspecialchars($postid);
    $users_name = htmlspecialchars($users_name);
    $users_email = htmlspecialchars($users_email);
    $users_website = htmlspecialchars($users_website);
    $users_comment = htmlspecialchars($users_comment);



$sSql = "INSERT INTO comments
 ( post_id,name, email, website,content)
 VALUES ( $postid, '$users_name',
        '$users_email', '$users_website', '$users_comment' )";

    //echo $sSql;
    mysql_query($sSql);
    //$update=mysql_affected_rows();
    //echo "<h2>$update Record Inserted</h2><br />";
    echo '<h2> Your Comment is submitted</h2><br />';
}

?>

Here I am not using " method="post"> Any code or example for this kind is appreciated.

  • 写回答

6条回答 默认 最新

  • dongxuxian6930 2012-07-14 13:10
    关注

    The best way would be to check if the data is valid, befor the sql statement.

    Pseudocude:

    $data1 = $_POST['xyz']; //text
$data2 = $_POST['abc']; //number
...

errors = array
if(data1 is not text) errors[] = data1 must be text
if(data2 is not number) errors[] = data2 must be number
...

if(count(errors) > 0) return errors
else

do the sql insert
return "thank you message"
    评论

报告相同问题?

悬赏问题

  • ¥15 在获取boss直聘的聊天的时候只能获取到前40条聊天数据
  • ¥20 关于URL获取的参数,无法执行二选一查询
  • ¥15 液位控制,当液位超过高限时常开触点59闭合,直到液位低于低限时,断开
  • ¥15 marlin编译错误,如何解决?
  • ¥15 有偿四位数,节约算法和扫描算法
  • ¥15 VUE项目怎么运行,系统打不开
  • ¥50 pointpillars等目标检测算法怎么融合注意力机制
  • ¥20 Vs code Mac系统 PHP Debug调试环境配置
  • ¥60 大一项目课,微信小程序
  • ¥15 求视频摘要youtube和ovp数据集