我应该如何使用 PHP 验证表单输入数据?
你好,我还在学习 PHP,所以如果我的代码看起来很愚蠢,请不要太严厉。无论如何,我正在尝试制作一个联系页面并向其添加验证。我正在使用 if 语句,但我认为它不正确,下面的代码应该是什么样子?
<?php
if($name_blank == false){
echo"you left name blank";
}
else if($email_blank == false){
echo"Email blank";
}
else if($email_fake == false){
echo"Fake email";
}
else if($number_blank == false){
echo"Number blank";
}
else if($number_low == false){
echo"Number incorrect";
}
else if($number_fake == false){
echo"Fake number";
}
else if($comment_blank == false){
echo"Commant blank";
}else{
hasError = false;
}
?>
谢谢。
Hi im still learning PHP so dont be too harsh if my code seems stupid. Anyways, I'm trying to make a contact page and add validation to it. I'm using an if statement but I don't think it is right, any way how should the below code look?
<?php
if($name_blank == false){
echo"you left name blank";
}
else if($email_blank == false){
echo"Email blank";
}
else if($email_fake == false){
echo"Fake email";
}
else if($number_blank == false){
echo"Number blank";
}
else if($number_low == false){
echo"Number incorrect";
}
else if($number_fake == false){
echo"Fake number";
}
else if($comment_blank == false){
echo"Commant blank";
}else{
hasError = false;
}
?>
thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
有大量的库/框架可以为您处理表单(以及 PHP 中其他烦人的部分)涉及的大部分工作。我喜欢 Symfony,但如果您想要的只是联系表单,您可能想找到一些不太复杂的东西。
对于这样的事情,IF/ELSEIF/ELSE 和 SWITCH/CASE 都不是很好的结构。在这两种情况下,代码都会在第一个值为 true 的条件处停止。如果有人在您的表单中输入了多个无效输入,您将仅针对找到的第一个问题输出错误消息。
我会使用类似的内容:
当然,正确使用表单还有很多事情要做,但是要获得您正在寻找的基本功能,这就可以了。
There are plenty of libraries/frameworks that will take care of most of the work involved in forms (and other annoying bits in PHP) for you. I like Symfony but you might want to find something a bit less complicated if all you want is a contact form.
Both IF/ELSEIF/ELSE and SWITCH/CASE aren't great structures for something like this. In both cases, the code will stop at the first condition that evaluates to true. If someone has more than one invalid input in your form, you will only output an error message for the first issue you find.
I would use something like:
Of course, there is a lot more to properly using forms, but to get the basic functionality your looking for, this will do the job.
如果看起来没问题的话,考虑使用 else。
在 PHP 中,您可以编写 elseif 或“else if”(用两个单词),其行为与“elseif”(用一个单词)的行为相同。语法含义略有不同,但底线是两者都会导致完全相同的行为。
Considering usage of else if it seems all right.
In PHP, you can write both elseif or 'else if' (in two words) and the behavior would be identical to the one of 'elseif' (in a single word). The syntactic meaning is slightly different but the bottom line is that both would result in exactly the same behavior.
一些简短的内容:
name_blankif (){} if (){}等)您可能想将它们添加到错误消息字符串中,这也将允许您找出是否hasErrorsome short stuff:
($a == false), you can always write(!$a)name_blankindicates that the name is blank, one would think that an error message is in order if it true, not false, so maybe your variable naming is a bit strangeif (){} if (){}etc.) you might want to add them to an error message string, that will also allow you to find out ifhasErroror not请查看这些函数:
empty() - 帮助检查用户是否将数据提交到字段
strip_tags() - 防止 XSS*
isset() - 检查变量是否已设置
当您开始学习数据库时:
mysqli_real_escape_string() - 防止 SQL 注入*
您在那里所做的还不够,也不正确。
如果名称不为空,那么您将跳过所有其他字段,因为 else if 的原因,但这些跳过的字段也可能为空!
所以我建议你先了解执行流程,在这种情况下只有
if就可以了,再加上我上面提到的函数!* 当然你还可以做更多的事情,但现在就足够了
Please look into these functions:
empty() - helps to check whether the user submitted data into a field
strip_tags() - prevents XSS*
isset() - check whether a variable is set or not
And when you'll start learning databases:
mysqli_real_escape_string() - prevents SQL injection*
What you did there is not enough, nor correct.
If the name is NOT blank then you skip every other field, because of else if's, but those skipped fields could be empty, too!
So I recommend you understand the execution flow first, in this case having only
ifs it would be ok, plus the functions I mentioned above!* of course there is more you can do, but for now it's enough
在客户端进行所有用户友好的验证,并在服务器端忽略带有无效表单数据的请求以确保安全。
无论如何,通过客户端验证的人不值得任何用户友好性。
就程序员的时间而言,验证成本太高。不要花费太多时间来验证输入。
在这种情况下,使用 if 而不是 else if,了解 if 和 else 的作用。
我个人的偏好是
Do all the user friendly validation on client side and ignore requests coming with an invalid form data on the server side for security.
Somebody who passes through your client side validation doesn't deserve any user friendliness anyway.
Validation is too expensive in terms of programmer time. Don't spend too much time on validating input.
in this case, use ifs and not else ifs, learn what if and else does.
My personal preference is