当用户将数据输入输入设备时,此 php 文件通过 post 方法使用服务器端验证。我遇到的唯一问题是将数据插入客户表中,因为它不起作用。我知道这一点是因为我创建了测试 php 文件,该文件显示所有客户表内容,并且用户输入的数据不存在。我哪里出错了?
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-
strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Prac 2 Task 12</title>
</head>
<body>
<?php
$conn = mysql_connect("localhost", "twa291", "......");
mysql_select_db("factory291", $conn)
or die ('Database not found ' . mysql_error() );
$sql = "SELECT * FROM customer";
$rs = mysql_query($sql, $conn)
or die ('Problem with query' . mysql_error());
$ename = $elname = $ecus = $epcode = "";
$fnamecus = $lnamecus = $idcus = $pcde = "";
$error_report = false;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["customerid"])) {
$ecus = "Customer ID is required";
$error_report = true;
} else {
$idcus = input_t($_POST["customerid"]);
// check if numeric
if (preg_match("/[^0-9]/",$idcus)) {
$ecus = "Only numbers allowed";
$error_report = true;
}
if(strlen($idcus) != 6 && ($idcus) != null)
{
$ecus = "Customer ID must be 6 digits";
$error_report = true;
}
}
if (empty($_POST["customerfname"])) {
$ename = "First name is required";
$error_report = true;
} else {
$fnamecus= input_t($_POST["customerfname"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z-]*$/",$fnamecus)) {
$ename = "Only alphabetic letters and hyphen";
$error_report = true;
}
if(strlen($fnamecus) > 20 && ($fnamecus) != null)
{
$ename = "First name can't be more that 20 characters long";
$error_report = true;
}
}
if (empty($_POST["customerlname"])) {
$elname = "Last name is required";
$error_report = true;
} else {
$lnamecus = input_t($_POST["customerlname"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z-]*$/",$lnamecus)) {
$elname = "Only alphabetic letters and hyphen";
$error_report = true;
}
if(strlen($lnamecus) > 20 && ($lnamecus) != null)
{
$elname = "Last name can't be more that 20 characters long";
$error_report = true;
}
}
if (!is_null($_POST["postcode"])) {
$pcde = input_t($_POST["postcode"]);
// check if name only contains letters and whitespace
if (preg_match("/[^0-9]/",$pcde)) {
$epcode = "Only numbers allowed";
$error_report = true;
}
if(strlen($pcde) != 4 && ($pcde) != null)
{
$epcode = "Post code must be 4 digits";
$error_report = true;
}
}
}
if($error_report != true) {
$query="INSERT INTO customer (customerID, firstName, lastName, Address, suburb, state, postcode)
VALUES ('customerid', 'customerfname', ‘customerlname', 'customeraddress', 'suburb',
'state', 'postcode')";
$queryResult = mysql_query($query, $conn)
or die ('Problem with query' . mysql_error());
echo "correct";
}
function input_t($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h1>Customer Information Collection <br /></h1>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" id="custinfo" >
<table>
<tr>
<td><label for="customerid">Customer ID (integer value): </label></td>
<td><input type="text" id="customerid" name="customerid" size=11 value="<?php
echo $idcus;?>"/><span class="error">* <?php echo $ecus;?></span></td>
</tr>
<tr>
<td><label for="customerfname">Customer Frist Name: </label></td>
<td><input type="text" id="customerfname" name="customerfname" size=50 value="<?php
echo $fnamecus;?>"/><span class="error">* <?php echo $ename;?></span></td>
</tr>
<tr>
<td><label for="customerlname">Customer Last Name: </label></td>
<td><input type="text" id="customerlname" name="customerlname" size=50 value="<?php
echo $lnamecus;?>"/><span class="error">* <?php echo $elname;?></span></td>
</tr>
<tr>
<td><label for="customeraddress">Customer Address: </label></td>
<td><input type="text" id="customeraddress" name="customeraddress" size=65/></td>
<td><label for="suburb"> Suburb: </label></td>
<td><input type="text" id="suburb" name="suburb"/></td>
</tr>
<tr>
<td>
State:<select name="state" id="state">
<option value="select">--</option>
<option value="ACT">ACT</option>
<option value="NSW">NSW</option>
<option value="NT">NT</option>
<option value="QLD">QLD</option>
<option value="SA">SA</option>
<option value="TAS">TAS</option>
<option value="VIC">VIC</option>
<option value="WA">WA</option>
</select>
</td>
<td><label for="postcode"> Post Code: </label><input type="text" id="postcode"
name="postcode" size=4 value="<?php
echo $pcde;?>"/><span class="error"><?php echo $epcode;?></span></td>
</tr>
</table>
<p><input type="submit" value="Save Data"/> <input type="reset" value="Clear Form" />
</tr>
</form>
</body>
</html>
最佳答案
您需要在 $query
上调用 mysql_query
——现在您只需定义 $query 对象,然后在页面的其余部分忽略它。
在 echo "Correct"; 之前添加如下内容;
$queryResult = mysql_query($query, $conn)
or die ('Problem with query' . mysql_error());
n.b.我会回应 @Ozmah 关于研究 PDO 或 mysqli 函数的评论 - 学习已弃用的普通 mysql 函数将具有可疑的值(value)。
关于php - 服务器端验证和插入表,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23688653/