我没有注意到它,直到我完成了验证,但我意识到,即使我的错误出现在我的表单框的顶部,我然后去phpmyadmin和我看数据,即使我故意添加错误的表单将被提交。
然后我的第二个问题包括上面提到的,无论我做什么,学生Id或"anum"都没有发布。它继续在我的数据库中的学生表中给我一个"0"的值。
这是整个代码:
<?php
//Starting session
session_start();
// Validation starts here
if (empty($_POST) === false) {
$errors = array();
$anum = $_POST['anum'];
$first = $_POST['first'];
$last = $_POST['last'];
$why = $_POST['why'];
$comments = $_POST['comments'];
if (empty($anum) === true || empty($first) === true || empty($last) === true) {
$errors[] = 'Form is incomplete please revise it!';
} else {
if (ctype_alnum($anum) === false) {
$errors[] = 'A number can only consist of alphanumeric characters!';
}
if ((strlen($anum) < 9) && (strlen($anum)) > 9) {
$errors[] = 'A number is incorrect!';
}
if (ctype_alpha($first) === false) {
$errors[] = 'First mame must only contain alphabetical characters!';
}
if (ctype_alpha($last) === false) {
$errors[] = 'Last name must only contain alphabetical characters!';
}
if (empty($why))
$errors[] = 'Please make sure to select the proper reasoning for your vistit today!';
elseif ($why === 'Other') {
if (empty($comments))
$errors[] = 'Please explain the nature of your visit in the comments box!';
else {
if (strlen($comments) < 15)
$errors[] = 'Your explaination is short, please revise!';
if (strlen($comments) > 45)
$errors[] = 'Your explaintion is to long, please revise!';
}
}
if (empty($errors) === false) {
header('location: signedin.php');
exit();
}
// Validations ends here
$host = "localhost"; // Host name
$username = "root"; // Mysql username
$password = "testdbpass"; // Mysql password
$db_name = "test"; // Database name
// Connect to server via PHP Data Object
$dbh = new PDO("mysql:host=localhost;dbname=test;", $username, $password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
try {
$query = $dbh->prepare("INSERT INTO `students` (anum, FIRST, LAST, why, comments)
VALUES (:anum, :FIRST, :LAST, :why, :comments)");
$query->execute(
array(
'anum' => $_POST['anum'],
'first' => $_POST['first'],
'last' => $_POST['last'],
'why' => $_POST['why'],
'comments' => $_POST['comments']
));
} catch (PDOException $e) {
error_log($e->getMessage());
die($e->getMessage());
}
$dbh = null;
}
}
?>
<html>
<body>
<title>Student Signin Form</title>
<table width="300" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<?php
if (empty($errors) === false) {
echo '<h3>';
foreach ($errors as $error) {
echo '<center><li>', $error, '</li></center>';
}
echo '<h3>';
}
?>
<form action="" method="post">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<tr colspan="3">
<center></center>
<strong>Student Signin Form</strong></tr>
<p>Student ID Number: <input type="text" name="anum" <?php if (isset($_POST['anum']) === true) {
echo 'value="', $_POST['anum'], '"';
} ?> />
<p>First Name: <input type="text" name="first" <?php if (isset($_POST['first']) === true) {
echo 'value="', $_POST['first'], '"';
} ?> />
<p>Last Name: <input type="text" name="last" <?php if (isset($_POST['last']) === true) {
echo 'value="', $_POST['last'], '"';
} ?> />
<p>How may we help you? <select name="why"/>
<option value=""></option>
<option value="Appeal">Appeal</option>
<option value="Other">Other: Please specify the nature of your visit bellow</option>
</select>
</tr>
<br>
<P>If other please describe the issue you are having.</P>
<textarea rows="10" cols="50" name="comments" <?php if (isset($_POST['comments']) === true) {
echo 'value="', $_POST['comments'], '"';
} ?>></textarea>
<input type="submit" name="submit" value="Send"/>
</form>
</table>
</body>
</html>
在深入研究并进一步了解我到底在做什么(错误的方式)之后,我想出了我的解决方案。我几乎必须使Mysql插入语句成为错误验证的一部分,而不是独立的。如果你看一下我之前的代码,PDO语句在代码中没有真正的位置,它只是在那里。原因是
if (empty($errors) === false) {
header('location: signedin.php');
exit();
}
这样做的是,即使有错误,我仍然必须重定向到"signing .php",这不是想要的效果。首先要做的是把它从假变成真。
if (empty($errors) === true) {
header('location: signedin.php');
exit();
}
然后这样做之后,你必须在{}之间输入你的PDO语句。
那么这意味着,如果脚本已经捡起错误,它将不会运行PDO插入。
然而,如果它是TRUE,没有错误,它将运行插入脚本,并对该脚本进行错误检查,然后如果它插入正确,它将重定向用户到下一页。
示例:
if (empty($errors) === true)
{
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="testdbpass"; // Mysql password
$db_name="test"; // Database name
$dbh = new PDO("mysql:host=localhost;dbname=test;", $username, $password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
try
{
$query = $dbh->prepare("INSERT INTO `students` (anum, first, last, why, comments)
VALUES (:anum, :first, :last, :why, :comments)");
$query->execute(
array(
'anum' => $_POST['anum'],
'first' => $_POST['first'],
'last' => $_POST['last'],
'why' => $_POST['why'],
'comments' => $_POST['comments']
));
}
catch (PDOException $e)
{
error_log($e->getMessage());
die($e->getMessage());
}
$dbh = null;
header('location: signedin.php');
exit();
}
希望有人会发现这有用。
看起来你正在编写一些代码而没有实际测试它是否有效。看一下这些行(大约在第50行左右):
if (empty($errors) === false) {
header('location: signedin.php');
exit();
}
您正在用错误消息填充$errors数组。如果有错误,你要做重定向。这是没有意义的,因为这也删除了错误信息。