我在表單和提交按鈕上的輸入型別很少,如下所示:
<form id="register_form" method="post" role="form" action="">
<input autofocus="" id="firstname" name"firstname" placeholder="First Name" type="text" required />
<textarea id="Address" name="Adress" placeholder="No Address" type="text" rows="3" cols="30"></textarea>
<select id="country" name="country" required>
<option selected>Choose</option>
<option value="10">Germany</option>
<option value="11">Poland</option>
<option value="12">United Kingdom</option>
</select>
<button type="submit">Submit My New Entry</button>
</form>
我還有一個用于將我的資料提交到 SQLite 資料庫的 PHP 代碼:
<?php
try {
//open the database
$db = new PDO('sqlite:db/users.db');
$firstname = $_POST["firstname"];
$Address = $_POST["Address"];
$country = $_POST["country"];
//Insert record
$db->exec("INSERT INTO details
(firstname, Address, country)
VALUES ('$firstname', '$Address', '$country')");
$db = NULL;
} catch(PDOException $e) {
print 'Exception : ' .$e->getMessage();
}
?>
我的問題是,每次我重繪 頁面時,腳本都會導致在我的資料庫中注冊一個帶有空欄位的新條目,即使某些輸入欄位被標記為必需或資料庫表設定為在 NULL 值上回滾(兩者都被忽略) . 我怎樣才能避免這種情況?
PS。僅當我按下提交按鈕時 required 才有效。
uj5u.com熱心網友回復:
您的 PHP 腳本包含 PHP 和 HTML(表單),因此如果您加載此腳本,PHP 腳本將立即觸發,這將插入一條空白記錄
(1) 因此,您應該稍微修改頁面,以便只有通過 POST 提交表單(當有人提交表單時),然后通過添加說來執行 PHP 部分:
if (isset($_POST["firstname"])){
// the PHP codes
}
(2) 你的 HTML 表單有錯別字,name="Adress" 應該是 name="Address"
(3) 請在您的 PHP 插入查詢中使用引數化預處理陳述句,以避免 SQL 注入攻擊
所以代碼是:
<?php
if (isset($_POST["firstname"])){
try {
//open the database
$pdo = new PDO('sqlite:db/users.db');
$firstname = $_POST["firstname"];
$Address = $_POST["Address"];
$country = $_POST["country"];
$data = [
'firstname' => $firstname,
'Address' => $Adddress,
'country' => $country,
];
$sql="INSERT INTO details (firstname, Address, country) VALUES (:firstname, :Address, :country)";
$stmt= $pdo->prepare($sql);
$stmt->execute($data);
$pdo = NULL;
} catch(PDOException $e) {
print 'Exception : ' .$e->getMessage();
}}
?>
<form id="register_form" method="post" role="form" action="#">
<table border=0><tr><td>
First Name:
<td>
<input autofocus="" id="firstname" name="firstname" placeholder="First Name" type="text" required />
<tr><td>
Address:
<td><textarea id="Address" name="Address" placeholder="No Address" type="text" rows="3" cols="30"></textarea>
<tr><td>
Country: <td>
<select id="country" name="country" required>
<option selected>Choose</option>
<option value="10">Germany</option>
<option value="11">Poland</option>
<option value="12">United Kingdom</option>
</select>
<tr><td><button type="submit">Submit My New Entry</button>
</form>
uj5u.com熱心網友回復:
您只需要阻止代碼運行。
此代碼檢查 POST 資料并檢查是否有內容。然后運行資料庫處理。
PHP
<?php
function processData()
{
try
{
list($firstname, $address, $country) = $_POST;
$db = new PDO('sqlite:db/users.db');
$db->exec("INSERT INTO details (firstname, address, country) VALUES ('$firstname', '$address', '$country')");
}
catch (PDOException $e)
{
printf("Exception : %s", $e->getMessage());
}
}
if (
(isset($_POST["firstname"]) && !empty($_POST["firstname"]))
&& (isset($_POST["address"]) && !empty($_POST["address"]))
&& (isset($_POST["country"]) && !empty($_POST["country"]))
)
{
processData();
}
?>
HTML:
<form
action=""
id="register_form"
method="post"
role="form"
>
<input
autofocus
id="firstname"
name"firstname"
placeholder="First Name"
type="text"
required
/>
<textarea
id="address"
name="address"
placeholder="No address"
type="text"
rows="3"
cols="30"
></textarea>
<select
id="country"
name="country"
required
>
<option disabled selected>Choose</option>
<option value="10">Germany</option>
<option value="11">Poland</option>
<option value="12">United Kingdom</option>
</select>
<button type="submit">Submit My New Entry</button>
</form>
轉載請註明出處,本文鏈接:https://www.uj5u.com/qiye/512462.html
標籤:phpmysql