在五月Addvalue.php文件3字段id,名称,颜色…在id中只允许数字,在名称和颜色中只允许字母。值成功插入到我的数据库中,但问题是当用户在HTML表单字段中写NAME和COLOR时,只允许写字母,如果写任何数字消息出现"只允许字母"....但它需要数字和字母。这是我的两个文件代码:
Addvalue.php代码:
<form method="post" action="addh.php">
<input type="number" name="id" id="id" required /> <span class="error">* </span>
<input type="text" name="name" id="name" required /> <span class="error">* </span>
<input type="text" name="color" id="color" />
<?php
include("config.php");
if (isset($_POST["submit"])) {
$id = $_POST["id"];
$name = $_POST["name"];
$color = $_POST["color"];
if (!preg_match("/^[a-zA-Z -]+$/",$name)) {
echo "Only letters allowed";
}
if(!preg_match("/^[a-zA-Z -]+$/",$color)) {
echo "Only letters allowed";
}
}
?>
addh.php代码:
<?php
include("config.php");
$sql="INSERT INTO honda (id, name, color)
VALUES ('$_POST[id]','$_POST[name]','$_POST[color]')";
$result = mysqli_query($link,$sql) or die(mysqli_error($link));
echo "Values Inserted";
?>
与其使用PHP,不如尝试在输入中使用HTML模式属性,如下所示:
<form action="">
Country code: <input type="text" name="country_code"
pattern="[A-Za-z]{3}" title="Three letter country code">
<input type="submit">
</form>
查看更多信息:W3School
PHP在HTML之前加载,直到下一次加载才可用。
加载:
<?php
include("config.php");
if (isset($_POST["submit"])) {
$id = $_POST["id"];
$name = $_POST["name"];
$color = $_POST["color"];
if (!preg_match("/^[a-zA-Z -]+$/",$name)) {
echo "Only letters allowed";
}
if(!preg_match("/^[a-zA-Z -]+$/",$color)) {
echo "Only letters allowed";
}
}
?>
这
<form method="post" action="addh.php">
<input type="number" name="id" id="id" required /> <span class="error">* </span>
<input type="text" name="name" id="name" required /> <span class="error">* </span>
<input type="text" name="color" id="color" />
当表单被提交时,它会直接转到这个…
<?php
include("config.php");
$sql="INSERT INTO honda (id, name, color)
VALUES ('$_POST[id]','$_POST[name]','$_POST[color]')";
$result = mysqli_query($link,$sql) or die(mysqli_error($link));
echo "Values Inserted";
?>
盲目地插入数据,没有验证。我认为你想要的是……
Addvalue.php
<form method="post" action="addh.php">
<input type="number" name="id" id="id" required /> <span class="error">* </span>
<input type="text" name="name" id="name" required /> <span class="error">* </span>
<input type="text" name="color" id="color" />
<input type="submit" name="submit" value="Submit" />
</form>
则add .php变为:
if (isset($_POST["submit"])) {
$id = (int)$_POST["id"];
$name = mysqli_real_escape_string($link, $_POST["name"]);
$color = mysqli_real_escape_string($link, $_POST["color"]);
if (!preg_match("/^[a-zA-Z -]+$/",$name)) {
$error = 'Only letters allowed';
}
if(!preg_match("/^[a-zA-Z -]+$/", $color)) {
$error = 'Only letters allowed';
}
if(empty($error)) {
include("config.php");
$sql="INSERT INTO honda (id, name, color) VALUES ('$id','$name','$color')";
$result = mysqli_query($link,$sql) or die(mysqli_error($link));
echo "Values Inserted";
} else {
echo $error;
}
}
你应该看看准备好的语句。http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
这是您的起点,未经测试。其他需要注意的是,id应该是自动递增的。