我有一个带有php表单验证的php注册脚本。验证似乎工作正常,但它独立于 mysql 插入查询,因此无论表单输入是否正确,数据仍将沉入数据库。
<!DOCTYPE html>
<html lang="en">
<head>
<meta content="en-us" http-equiv="Content-Language">
<link rel="stylesheet" href="style.css" type="text/css" media="all">
<title>
Register Page
</title>
</head>
<body>
<div id="wrapper">
<!--header-->
<?php include("include/header.php"); ?>
<!-- end header-->
<!-- nav-->
<?php include("include/nav.php"); ?>
<!-- end nav-->
<!-- left bar-->
<?php include("include/left_bar.php"); ?>
<!-- end left bar-->
<!-- content-->
<div id="content" align="left">
<form method="post" action="check_register.php">
First Name: <br><input type="text" name="fname" ><br>
<?php if (isset($_POST["submit"])&&(empty($fname)))
{ echo"<center><em><div id='form'>Please Your Frist Name Is Required<br></div></em></center>";}?>
Last Name: <br><input type="text" name="lname" ><br>
<?php if (isset($_POST["submit"])&&(empty($lname)))
{ echo"<center><em><div id='form'>Please Your Last Name Is Required<br></div></em></center>";}?>
User Name: <br><input type="text" name="username" ><br>
<?php if (isset($_POST["submit"])&&(empty($username)))
{ echo"<center><em><div id='form'>Please Your User Name Is Required<br></div></em></center>";}?>
Email:<br> <input type="email" name="email" ><br>
<?php if (isset($_POST["submit"])&&(empty($email)))
{ echo"<center><em><div id='form'>Please Your Email Is Required<br></div></em></center>";}?>
Password: <br><input type="Password" name="password" ><br>
<?php if (isset($_POST["submit"])&&(empty($password)))
{ echo"<center><em><div id='form'>Please a Password Is Required<br></div></em></center>";}?>
Phone: <br><input type="tel" name="phone" ><br>
<?php if (isset($_POST["submit"])&&(empty($phone)))
{ echo"<center><em><div id='form'>Please Your Number Is Required<br></div></em></center>";}?>
Gender: <br><input type="text" name="gender" ><br>
<?php if (isset($_POST["submit"])&&(empty($gender)))
{ echo"<center><em><div id='form'>Please Your Gender Is Required<br></div></em></center>";}?>
<input type="submit" name="submit" value="Register">
</form>
</div>
<!-- end content-->
<!-- right bar-->
<?php include("include/right_bar.php"); ?>
<!-- end right bar-->
<!-- footer-->
<?php include("include/footer.php"); ?>
</div>
<!-- end footer-->
</body>
</html>
这是我的寄存器.php其中包含PHP表单验证。
这是包含 mysql 查询的check_register
有人请用主眼为我发现问题
<?php
$host="localhost";
$dbuser="root";
$dbpass="";
$db_name="login";
$db_table="login";
mysql_connect("$host","$dbuser","$dbpass")
or die("Could Not Establish Connection");
mysql_select_db("$db_name")or die(mysql_error());
$fname=$_POST["fname"];
$lname=$_POST["lname"];
$username=$_POST["username"];
$email=$_POST["email"];
$password=$_POST["password"];
$phone=$_POST["phone"];
$gender=$_POST["gender"];
//validation of input in the form fieldS
include("register.php");
$submit=mysql_query("INSERT INTO users(fname,lname,username,email,password,phone,gender)VALUES('$fname','$lname','$username','$email','$password','$phone','$gender')") or die("REGISTRATION NOT COMPLETED Thanks");
if($submit==TRUE){
Echo"<div style='background:yellow;'><script>alert('YOU HAVE SUCESSFULLY REGISTERED PLEASE LOGIN WITH YOUR USERNAME AND PASSWORD');</script></div>";
}
?>
这是因为您的action="check_register.php".so,当您submit表单时,它直接转到check_register.php。 无需在表单中查找任何内容。因此,您必须在 check_register.php 中验证您的表单。就这样。
in add to @Nabin Kunwar:
首先知道客户端和服务器端语言之间的区别.php是一种服务器端语言,这意味着它将仅在服务器中执行。
1.so 你不能在HTML文件中编写php验证。
现在了解表单中的wat 'action',does.it 包含插入表单中的数据的地址,即查询字符串(名称=值对)将用于 processing.it 主要包含PHP文件或其他一些服务器端语言的地址 file.so 如果该值是否存在于数据库BSE中,将在服务器中而不是客户端中进行评估。
2.so 如果你想动态生成任何错误消息,而不是使用ajax,它将在用户填写表单时充当客户端和服务器之间的通信媒介,或者你也可以通过php来完成,但错误消息只会在用户按下提交按钮时显示,或者如果你不想在表单中放置提交按钮,你也可以使用javascript。
首先...卫生设施在哪里?!?您应该对用户可以操作的所有变量使用mysql_real_escape_string()。
其次,javascript端代码不会阻止用户提交表单。您还必须在服务器端验证用户的输入(通过使用类似 if (empty($_POST['foo'])) { reject and go back } 的代码)。即使您禁用了提交按钮,直到一切有效,禁用javascript也会禁用这些检查。
<?php
$host="localhost";
$dbuser="root";
$dbpass="";
$db_name="login";
$db_table="login";
mysql_connect("$host","$dbuser","$dbpass")
or die("Could Not Establish Connection");
mysql_select_db("$db_name")or die(mysql_error());
$fname=$_POST["fname"];
$lname=$_POST["lname"];
$username=$_POST["username"];
$email=$_POST["email"];
$password=$_POST["password"];
$phone=$_POST["phone"];
$gender=$_POST["gender"];
//validation of input in the form fieldS
include("register.php");
if (isset($fname) && isset($lname) && isset($username) && isset($email) && isset($password)&& isset($phone) && $isset($gender) ){
$submit=mysql_query("INSERT INTO users(fname,lname,username,email,password,phone,gender)VALUES('$fname','$lname','$username','$email','$password','$phone','$gender')") or die("REGISTRATION NOT COMPLETED Thanks");
}
if($submit==TRUE){
Echo"<div style='background:yellow;'><script>alert('YOU HAVE SUCESSFULLY REGISTERED PLEASE LOGIN WITH YOUR USERNAME AND PASSWORD');</script></div>";
}
?>
这就是答案。