这是我的第一个 PHP 项目,因此请指导如何有效调试:
我创建了此表单:
<form action="<?php $self ?>" method="post">
<div class="fname">
<label for="name"><span> Name: </span>
<input name="name" value= "<?php
if($error_count != 0) {
echo $name;
}// To avoid filling name again in case of error?>"
type="text" cols="20" />
</label>
</div>
<div class="femail">
<label for="email"><span> Email: </span>
<input name="email" value= "<?php
if($error_count != 0) {
echo $email;
}// To avoid filling email again in case of error?>"
type="text" cols="20" />
</label>
</div>
<br/>
<textarea name="post" rows="5" cols="40"><?php
if($error_count != 0) {
echo $post;
}// To avoid filling textarea again in case of error?>
</textarea>
<input name="send" type="hidden" />
<p>
<input type="submit" value="shout" />
</p>
和以下函数来验证表单(在单独的文件 form_validation.php 中):
<?php
function validate_shout($vmail,$vname,$vpost)
{
$error_count = 0;
// To check email.
if(!preg_match('/^[.\w-]+@([\w-]+\.)+[a-zA-Z]{2,6}$/',$vmail)) {
echo "<p class =\"error\"> Please enter valid email address </p><br/>";
$error_count++;
}
// To check required fields
if($vname == NULL) {
echo "<p class =\"error\"> Oops!! You forgot to enter your name </p><br/>";
$error_count++;
}
if($vpost == NULL) {
echo "<p class =\"error\"> I guess your shout was blank </p><br/>";
$error_count++;
}
return $error_count;
}
?>
并以这种方式使用它
if(isset($_POST['send'])) {
if(!isset($_POST['name']) || !isset($_POST['email']) || !isset($_POST['post'])) {
echo "<p class=\"error\">Unable to connect to the database server at this time.</p>";
}
else {
$name = htmlspecialchars(mysql_real_escape_string($_POST['name']));
$email = htmlspecialchars(mysql_real_escape_string($_POST['email']));
$post = htmlspecialchars(mysql_real_escape_string($_POST['post']));
$error_count = validate_shout($email,$name,$post);
//PHP code to add shout to database
if ($error_count == 0)
{
$query = "INSERT INTO shouts SET name='$name', email='$email', post='$post';";
- 现在的问题是它不验证文本区域。其他
两个工作正常。几天前代码运行良好。但今天
当我打开它时我发现了这个问题。
我注意到的另一件事是在 phpMyadmin 中,如下所列
用于处理链接表的附加功能已被停用。要了解原因,请单击此处。
单击后,它会显示以下内容:
$cfg['Servers'][$i]['pmadb'] ... not OK [ Documentation ]
$cfg['Servers'][$i]['relation'] ... not OK [ Documentation ]
General relation features: Disabled
$cfg['Servers'][$i]['table_info'] ... not OK [ Documentation ]
Display Features: Disabled
$cfg['Servers'][$i]['table_coords'] ... not OK [ Documentation ]
$cfg['Servers'][$i]['pdf_pages'] ... not OK [ Documentation ]
Creation of PDFs: Disabled
$cfg['Servers'][$i]['column_info'] ... not OK [ Documentation ]
Displaying Column Comments: Disabled
Browser transformation: Disabled
$cfg['Servers'][$i]['bookmarktable'] ... not OK [ Documentation ]
Bookmarked SQL query: Disabled
$cfg['Servers'][$i]['history'] ... not OK [ Documentation ]
SQL history: Disabled
$cfg['Servers'][$i]['designer_coords'] ... not OK [ Documentation ]
Designer: Disabled
$cfg['Servers'][$i]['tracking'] ... not OK [ Documentation ]
Tracking: Disabled
我想这两个问题一起出现,而我没有对任何设置或代码进行任何更改。虽然他们看起来彼此分开。
请帮忙..
主要问题是为什么 $post 没有得到验证以及为什么 phpMyadmin 突然显示上述消息
This is my first PHP project so please guide how to debug effectively :
I created this form:
<form action="<?php $self ?>" method="post">
<div class="fname">
<label for="name"><span> Name: </span>
<input name="name" value= "<?php
if($error_count != 0) {
echo $name;
}// To avoid filling name again in case of error?>"
type="text" cols="20" />
</label>
</div>
<div class="femail">
<label for="email"><span> Email: </span>
<input name="email" value= "<?php
if($error_count != 0) {
echo $email;
}// To avoid filling email again in case of error?>"
type="text" cols="20" />
</label>
</div>
<br/>
<textarea name="post" rows="5" cols="40"><?php
if($error_count != 0) {
echo $post;
}// To avoid filling textarea again in case of error?>
</textarea>
<input name="send" type="hidden" />
<p>
<input type="submit" value="shout" />
</p>
and following function to validate form (in a seperate file form_validation.php):
<?php
function validate_shout($vmail,$vname,$vpost)
{
$error_count = 0;
// To check email.
if(!preg_match('/^[.\w-]+@([\w-]+\.)+[a-zA-Z]{2,6}$/',$vmail)) {
echo "<p class =\"error\"> Please enter valid email address </p><br/>";
$error_count++;
}
// To check required fields
if($vname == NULL) {
echo "<p class =\"error\"> Oops!! You forgot to enter your name </p><br/>";
$error_count++;
}
if($vpost == NULL) {
echo "<p class =\"error\"> I guess your shout was blank </p><br/>";
$error_count++;
}
return $error_count;
}
?>
And used it in this way
if(isset($_POST['send'])) {
if(!isset($_POST['name']) || !isset($_POST['email']) || !isset($_POST['post'])) {
echo "<p class=\"error\">Unable to connect to the database server at this time.</p>";
}
else {
$name = htmlspecialchars(mysql_real_escape_string($_POST['name']));
$email = htmlspecialchars(mysql_real_escape_string($_POST['email']));
$post = htmlspecialchars(mysql_real_escape_string($_POST['post']));
$error_count = validate_shout($email,$name,$post);
//PHP code to add shout to database
if ($error_count == 0)
{
$query = "INSERT INTO shouts SET name='$name', email='$email', post='$post';";
- Now the problem is that it is not validating the textarea. other
two are working fine. Code was working fine few days ago. but today
when i opened it i found this problem.
One more thing i noticed was in phpMyadmin, as listed below
The additional features for working with linked tables have been deactivated. To find out why click here.
on click it displayed this:
$cfg['Servers'][$i]['pmadb'] ... not OK [ Documentation ]
$cfg['Servers'][$i]['relation'] ... not OK [ Documentation ]
General relation features: Disabled
$cfg['Servers'][$i]['table_info'] ... not OK [ Documentation ]
Display Features: Disabled
$cfg['Servers'][$i]['table_coords'] ... not OK [ Documentation ]
$cfg['Servers'][$i]['pdf_pages'] ... not OK [ Documentation ]
Creation of PDFs: Disabled
$cfg['Servers'][$i]['column_info'] ... not OK [ Documentation ]
Displaying Column Comments: Disabled
Browser transformation: Disabled
$cfg['Servers'][$i]['bookmarktable'] ... not OK [ Documentation ]
Bookmarked SQL query: Disabled
$cfg['Servers'][$i]['history'] ... not OK [ Documentation ]
SQL history: Disabled
$cfg['Servers'][$i]['designer_coords'] ... not OK [ Documentation ]
Designer: Disabled
$cfg['Servers'][$i]['tracking'] ... not OK [ Documentation ]
Tracking: Disabled
I guess both the problems appeared together without any change in any settings or code by me. Although they look separate from each other.
Please help..
Main problem is why $post is not getting validated and why phpMyadmin is suddenly showing the above mentioned message
发布评论
评论(2)
== NULL比较将失败。通常空字符串也可以“等于”NULL。 (无论如何,你最好写== "")。但是您的文本区域不太可能包含真正的空字符串。仅从您的模板来看,我认为它至少包含一个换行符,甚至还有几个空格。在这种情况下,您不想将其与空字符串进行比较,而是探测它是否包含除空格之外的任何内容。为此:
无论如何,要探测字符串是否包含任何内容,最好使用
strlen()。这里的trim()用于在检查之前过滤掉空格。关于代码的其他一些注意事项:
htmlspecialchars(mysql_real_escape_string(是错误的顺序。转义函数用于数据库。在将其连接到 SQL 之前,必须立即应用它。应用之后的另一种编码 (html) 可能会撤消 SQL 转义,filter_var和内置FILTER_VALIDATE_EMAIL正则表达式。The
== NULLcomparison will fail. Normally an empty string can also "equal" NULL. (You should preferrably write== ""anyway). But your textarea is unlikely to contain an really empty string. Just from your template I would assume it contains at least an newline, or a few more spaces even.In that case you don't want to campare it against the empty string, but probe that it contains anything but spaces. To do so:
Anyway, to probe if a string contains anything, prefer
strlen(). Thetrim()here is for filtering out whitespace prior to checking that.Some other notes about your code:
htmlspecialchars(mysql_real_escape_string(is the wrong order. The escape function is for the database. It must be applied immediately before concating it into SQL. Applying another encoding (html) afterwards might undo the SQL escaping.<form action="<?php $self ?>"won't work without someechofilter_varand the builtinFILTER_VALIDATE_EMAILregexmysql_real_escape_string()永远不会返回null值,即使您传入null作为参数也是如此。它至少会返回一个空字符串。您的验证函数正在检查空值,但因为您通过 M_R_E_S() 传递这些值,所以它们永远不会为空,因此您的验证函数是造成问题的原因。mysql_real_escape_string()will NEVER return anullvalue, even if you pass in anullas an argument. It will at least return an empty string. Your validation function is checking for nulls, but because you're passing those values through M_R_E_S(), they can NEVER be null, hence your validation function is the cause of the trouble.