当我提交一个空表单时,会显示成功消息,但不确定原因。它不应该传递第一个if语句,如果有任何内容为空,为什么它会显示这个?
我以前让if语句使用变量,但后来因为未定义的索引错误而更改了它们。带有任何缺失字段的表单应显示代码中显示的错误消息
php:
<?php
require_once 'db/connect.php';
$error='';
$success='';
if (isset($_POST['submit'])) {
if ( (isset($_POST['Forename'])) && (isset($_POST['Surname'])) && (isset($_POST['Gender'])) && (isset($_POST['YearGroup'])) ) {
/*print_r($_POST);*/
$forename = $_POST['Forename'];
$surname = $_POST['Surname'];
$gender = $_POST['Gender'];
$yeargroup = $_POST['YearGroup'];
//To protect MySQL injection
$forename= stripslashes($forename);
$surname = stripslashes($surname);
$forename = mysqli_real_escape_string($con, $forename);
$surname = mysqli_real_escape_string($con, $surname);
if ($teacher_form = $con->query("SELECT Form FROM teacher WHERE Username = '" . $_SESSION['Username'] . "'")) {
$row1 = $teacher_form->fetch_assoc();
$form = $row1['Form'];
$con->query("INSERT INTO student (Forename, Surname, Gender, Year_group, Form) VALUES ('"" . $forename ."'", '"" . $surname . "'", '"" . $gender . "'", " . $yeargroup . ", '"" . $form . "'") ");
$success = 'Student has been successfully added to the database';
}
}
else {
$error='All fields must be completed';
}
}
?>
HTML表单:
<?php
session_start();
require_once 'db/checkuserloggedin.php';
include 'db/header.php';
include 'addstudent.php';
?>
<!DOCTYPE html>
<html>
<head>
<title>Add students</title>
</head>
<body>
<div id="logoutbutton">
<button class="btn" onclick="location.href='logout.php'">Logout</button>'
</div>
<link rel="stylesheet" type="text/css" href="styles.css">
<?php echo "<form method ='"POST'">"; ?>
<h3> Add student </h3>
<table>
<tr>
<td>Forename</td>
<td><input type="text" name="Forename"></td>
</tr>
<tr>
<td>Surname</td>
<td><input type="text" name="Surname"></td>
</tr>
<tr>
<td>Gender</td>
<td><select name ="Gender">
<option value="" style="display:none;"></option>
<option> M </option>
<option> F </option>
</select> <br>
</td>
</tr>
<tr>
<td>Year group</td>
<td><select name ="YearGroup">
<option value="" style="display:none;"></option>
<option> 7 </option>
<option> 8 </option>
<option> 9 </option>
<option> 10 </option>
</select> <br>
</tr>
</table>
<input type="submit" name="submit" value ="Add">
<input type="reset" value ="Reset"> <br>
<span class="error"><?php echo $error;?></span>
<span class="error"><?php echo $success;?></span>
<?php echo "</form>"; ?>
</body>
</html>
isset只有在变量未定义或为null时才返回false。
您的输入字段始终存在于表单中,因此用户将发布空值,即使他们没有填充每个字段Empty和null在PHP中是不同的。
检查$_POST
数组的每个键是否按照预期定义是一种很好的做法。它可以保护您免受XSS漏洞的攻击。
但是您还需要检查定义的键是否包含非空值。我建议您对每个输入使用以下检查:
if (isset($_POST['Forename']) && $_POST['Forename'] !== '') {
...
}
还有一个空函数在一个调用中同时进行这两项检查:
if (!empty($_POST['Forename'])) {
...
}
请注意,如果用户在其中一个字段中输入0(零),则后者不起作用,因为这被视为空值。
如果您的某个字段可能包含有效的0值(例如子女数量、经验年限…),则回退isset($var)
和$var !== ''
的组合
这篇文章可能会给你一个更清晰的解释。
使用空函数并替换&;带有||的操作员
if (isset($_POST['submit'])) {
if ( (empty($_POST['Forename'])) || (empty($_POST['Surname'])) || (empty($_POST['Gender'])) || (empty($_POST['YearGroup'])) ) {