duanhuiqing9528
duanhuiqing9528
2017-03-04 10:47
浏览 22
已采纳

表单验证不起作用

I want to display the error if user entered a duplicate name. But, it's not working. It keeps the name inserted even it's same. So, here is my code :

$namaErr = "";
$error==false;
if (isset($_POST['btnSubmit'])) {
if(isset ($_POST['nama'])){
$nama = $_POST['nama'];
$query ='SELECT nama FROM daftar_pengguna WHERE nama="' . $nama . '" LIMIT 
1';
$result = mysqli_query($query);
$totalNumRowResult = mysqli_num_rows($result);
if($totalNumRowResult > 0){
$error=true;
$namaErr="Nama ini telah digunakan!!";
} 
}

If no error, it will inserted in database :

else{
$query="INSERT INTO daftar_pengguna(nama) VALUES 
('$nama')";
$res = mysqli_query($query);
header('Location:index.php?registered=true');  
}    
}

I've searched all question like mine but, no luck.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

3条回答 默认 最新

  • duanguoping2016
    duanguoping2016 2017-03-04 11:03
    已采纳

    I suggest two things:

    1. Merge the if conditions to one block , this will remove the braces confusion had as I noted in above comment and also noted by Sujith.

    2. Also I suggest you sanitize the $_POST variable before sending to Database query...

    See code below with the suggested modifications:

    <?php
    
    $namaErr = "";
    $error = false;
    
    # Merge condition checks in One block using && (AND)
    if (isset($_POST['btnSubmit']) && isset($_POST['nama'])) {
    
    $nama = $_POST['nama'];
    
    # Sanitize the input before running into Database query
    $nama = filter_var($nama, FILTER_SANITIZE_STRING);
    
    
    $query ='SELECT nama FROM daftar_pengguna WHERE nama="' . $nama . '" LIMIT 
    1';
    $result = mysql_query($query);
    $totalNumRowResult = mysql_num_rows($result);
    
    if($totalNumRowResult > 0){
      $error=true;
      $namaErr="Nama ini telah digunakan!!";
    } 
    else{
      $query="INSERT INTO daftar_pengguna(nama) VALUES ('$nama')";
      $res = mysql_query($query);
      header('Location:index.php?registered=true');  
    }
    }    
    
    点赞 评论
  • dongpo8702
    dongpo8702 2017-03-04 10:57

    There was a problem with ther braces. This should work

    $namaErr = "";
    $error==false;
    if (isset($_POST['btnSubmit'])) {
       if(isset ($_POST['nama'])){
          $nama = $_POST['nama'];
               $query ='SELECT nama FROM daftar_pengguna WHERE nama="' .$nama . '" LIMIT 1';
     $result = mysql_query($query);
     $totalNumRowResult = mysql_num_rows($result);
     if($totalNumRowResult > 0){
     $error=true;
     $namaErr="Nama ini telah digunakan!!";
      } 
     else{
        $query="INSERT INTO daftar_pengguna(nama) VALUES 
        ('$nama')";
        $res = mysql_query($query);
        header('Location:index.php?registered=true');  
        }    
        }
      }
    
    点赞 评论
  • dtlc84438
    dtlc84438 2017-03-04 11:46

    try with this query :

    $query ='SELECT nama FROM daftar_pengguna WHERE nama="' . $nama . '" ';
    
    点赞 评论

相关推荐