dqfkd82886 2014-05-07 20:17
浏览 72
已采纳

PHP表单验证提交空白数据

I am trying to create a page to allow users to edit their details using PHP, which validates the content before being submitted. I want to allow users to update their username, first and second name and email address.

The validation consists of:

<?php
if(preg_match("/^[0-9a-zA-Z_]{3,}$/", $_POST["username"]) == 0)
$error_username = '<li>Usernames may contain only digits, upper and lower case letters and underscores</li>';

if(preg_match("/^[A-Za-z]+$/", $_POST["fname"]) == 0)
$error_fname = '<li>First Name may contain upper and lower case letters</li>';

if(preg_match("/^[A-Za-z]+$/", $_POST["sname"]) == 0)
$error_sname = '<li>Second Name may contain upper and lower case letters</li>';

if(preg_match("/^[a-zA-Z]\w+(\.\w+)*\@\w+(\.[0-9a-zA-Z]+)*\.[a-zA-Z]{2,4}$/", $_POST["email"]) == 0)
$error_email = '<li>Email Addresses must have a valid email address format</li>';

else header("Location: edit.php");  
?>

And to display the errors:

<ul>
<?php  if(isset($error_username)) echo $error_username; ?>
<?php  if(isset($error_fname)) echo $error_fname; ?>
<?php  if(isset($error_sname)) echo $error_sname; ?>
<?php  if(isset($error_email)) echo $error_email; ?>
</ul>

The form that I have is:

<form name="edit_account" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<input class="form_field" name="username" type="text" value="<?php echo $_POST["username"]; ?>" placeholder="Username">
<input class="form_field" name="fname" type="text" value="<?php echo $_POST["fname"]; ?>" placeholder="First Name">
<input class="form_field" name="sname" type="text" value="<?php echo $_POST["sname"]; ?>" placeholder="Second Name">
<input class="form_field" name="email" type="text" value="<?php echo $_POST["email"]; ?>" placeholder="Email Address">
<input type="submit" name="Submit" value="Update Account">
</form>

Providing that all requirements of the validation are met, the user is taken to edit.php and then redirected to a success page:

<?php
$sql = $mysqli; 
$id = htmlentities($_SESSION['user_id']); 

$username = $sql->real_escape_string($_POST['username']);
$fname = $sql->real_escape_string($_POST['fname']); 
$sname = $sql->real_escape_string($_POST['sname']);  
$email = $sql->real_escape_string($_POST['email']);

$query = ("
UPDATE users 
SET 
username='$username', 
fname='$fname', 
sname='$sname',
email='$email' 
WHERE id='$id'") ; 


$sql->query($query) or die($query.'<br />'.$sql->error); 
header ('Location: success.php');  
?>

When I attempt to run this code, the updating fields are submitted into the database as blanks - However, without the validation, the users submitted details are successfully entered.

Can someone please point out what is causing the form to submit as a blank. Thanks.

  • 写回答

2条回答 默认 最新

  • doudengjin8251 2014-05-07 20:35
    关注

    You're posting them to the validation page, but losing them when you redirect to the edit.php page. Store the information in session variables before going to edit.php, like this:

    $_SESSION['username'] = $_POST["username"];
    // other variables also
    

    On the edit.php, instead of pulling from $_POST, pull from $_SESSION.

    Side Notes

    Don't forget session_start() at the top of each page. Also, you should look into prepared statements when using user input.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 求差集那个函数有问题,有无佬可以解决
  • ¥15 MATLAB动图问题
  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名