我注意到,当我故意不输入所需字段来扰乱表单时,它会在第一次工作(即触发错误消息)。但是,当我尝试填写其余缺失的字段并点击提交时,表单再次显示为空白。
或者,如果我错过了一个字段,然后尝试输入缺失的字段(已触发错误),并在提交前故意将另一个字段留空,则表单再次显示为空白。为什么?
(我的PHP真的很糟糕。所以,请慢慢来。)
PHP表单
<?php
session_start(); //allows use of session variables
if ($_SERVER["REQUEST_METHOD"] == "POST" && $_SESSION['token'] == $_POST['token'] && !empty($_SESSION['token'])) {
if (empty($_POST["first-name"])) {
$firstNameErr = "First name is required";
} else {
$first_name = test_input($_POST["first-name"]);
}
if (empty($_POST["last-name"])) {
$lastNameErr = "Last name is required";
} else {
$last_name = test_input($_POST["last-name"]);
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
}
if (empty($_POST["message"])) {
$messageErr = "Message is required";
} else {
$message = test_input($_POST["message"]);
}
if(isset($first_name) && isset($last_name) && isset($email) && isset($message))
{
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
$_SESSION['message'] = $message;
header("Location: contact9SessionsCRSF2.php");
exit;
}
}
else {
$token = md5(uniqid(rand(), TRUE));
$_SESSION['token'] = $token;
$_SESSION['token_time'] = time();
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
HTML表单
<form class="form-horizontal" method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<input type="hidden" name="token" value="<?php echo $token; ?>" />
<div class="form-group">
<label class="col-sm-2 control-label">First Name</label>
<div class="col-sm-10">
<input class="form-control" name="first-name" id="first-name" placeholder="First Name" type="text" value="<?php if(isset($first_name)) { echo $first_name; }?>">
<?php if(isset($firstNameErr)) print ('<span class="error">* ' . $firstNameErr . '</span>'); ?>
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label">Last Name</label>
<div class="col-sm-10">
<input class="form-control" name="last-name" id="last-name" placeholder="Last Name" type="text" value="<?php if(isset($last_name)) { echo $last_name; }?>">
<?php if(isset($lastNameErr)) print ('<span class="error">* ' . $lastNameErr . '</span>'); ?>
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label">Email</label>
<div class="col-sm-10">
<input class="form-control" name="email" id="email" placeholder="Email" type="email" >
<?php if(isset($emailErr)) print ('<span class="error">* ' . $emailErr . '</span>'); ?>
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label">Message</label>
<div class="col-sm-10">
<textarea class="form-control" rows="2" placeholder="Please type in your message" name="message" id="message"></textarea>
<?php if(isset($messageErr)) print ('<span class="error">* ' . $messageErr . '</span>'); ?>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-default">Submit</button>
</div>
</div>
</form>
问题是,当您进入执行所有输入验证的if块时,您没有设置$token。但是,当重新显示窗体时,将在隐藏输入的值中使用$token。因此,下次提交表单时,此输入字段为空,因此一开始的if测试失败,您不进行任何输入处理。
放入
$token = $_SESSION['token'];
在那个街区的某个地方。
此外,在if中,应先检查!empty($_SESSION['token']),然后再将其与$_POST['token']进行比较。否则,如果未设置,您将尝试访问未定义的索引。所以应该是:
if ($_SERVER["REQUEST_METHOD"] == "POST" && !empty($_SESSION['token']) && $_SESSION['token'] == $_POST['token']) {