我有一个表单,可以在提交时更新用户信息。当前设置仅允许在填写了所有字段的情况下提交表单。我需要为每个字段创建if语句,其中表示如果已填充,则更新,如果未填充,则不更新。
我有下面列出的密码字段,它描述了我想对每个字段做什么,但我不确定我是否可以在if中列出多个变量,或者我是否必须编写单独的if语句,并在每次时从数据库中进行选择
if($password != '') {
if($password != $password2) {
$error = '<div class="error_message">Attention! Your passwords did not match.</div>';
}
if(strlen($password) < 5) {
$error = '<div class="error_message">Attention! Your password must be at least 5 characters.</div>';
}
if($error == '') {
$sql = "UPDATE login_users
SET restricted = '$restrict',
company_name = '$company_name',
contact = '$contact',
email = '$email',
user_level = '$level',
password = MD5('$password')
WHERE user_id = '$id'";
$query = mysql_query($sql) or die("Fatal error: ".mysql_error());
echo "<h2>Updated</h2>";
echo "<div class='success_message'>User information (and password) updated for User ID <b>$id ($company_name)</b>.</div>";
echo "<h2>What to do now?</h2><br />";
echo "<a href='xxxxxxxx'>« Back to Admin Panel</a> | Go to the <a href='user_edit.php'>edit users</a> page.</li>";
}
这是我的更多代码
if(trim($id) == '1') {
$error = '<div class="error_message">Attention! You cannot edit the main Administrator, use database.</div>';
} else if(trim($company_name) == '') {
$error = '<div class="error_message">Attention! You must enter a company name.</div>';
} else if(trim($contact) == '') {
$error = '<div class="error_message">Attention! You must enter a contact name.</div>';
} else if(!isEmail($email)) {
$error = '<div class="error_message">Attention! You have entered an invalid e-mail address, try again.</div>';
} else if(trim($level) == '') {
$error = '<div class="error_message">Attention! No user level has been selected.</div>';
}
我需要为创建if语句每个字段表示如果填充,更新,如果没有,就不要。
您可以边走边构建SQL语句。大致如下:
$sqlCols = '';
$error = '';
// Password
if ($password != '') {
if ($password == $password2) {
if (strlen($password) > 4) {
$sqlCols .= "password = MD5('".mysql_real_escape_string($password)."'), ";
} else {
$error .= '<div class="error_message">Attention! Your password must be at least 5 characters.</div>';
}
} else {
$error .= '<div class="error_message">Attention! Your passwords did not match.</div>';
}
}
// Email
if ($email != '') {
if (isValidEmail($email)) {
$sqlCols .= "email ='".mysql_real_escape_string($password)."', ";
} else {
$error .= '<div class="error_message">Attention! Your email is invalid.</div>';
}
}
if ($error == '') {
$sql = "UPDATE login_users
SET ".trim($sqlCols, ', ')."
WHERE user_id = '$id'";
// etc...
}
在不久的将来,为了提高性能和更好地防止SQL注入,可以切换到PDO。
这取决于您想要什么样的用户反馈,但这里有一种简单的方法,可以收集通过验证的字段,并将它们用于查询。
$errors = array();
$fields = array();
if( ($password != $password2) {
$errors[] = "Passwords didn't match";
$fields['password'] = $password;
}
if(empty($email)) {
$errors[] = "Email is empty";
$fields['email'] = $email;
}
if($something > $nothing) { //
$errors[] = "More errors";
$fields['something'] = $something;
}
//and so on...
if(!count($errors)) {
$str = '';
foreach($fields as $field => $val ) {
$str .= $field. "= '" .$val."', ";
}
$str = substr($str,0,1); //removes last , (comma)
$sql = "UPDATE login_users
SET $str
WHERE user_id = '$id'";
//do query..
}