我是PHP的新手,我尝试了一些表单验证。我有以下代码:
我提交表单并在数据通过验证时将数据提交给SQL语句。如果表单有效,则会重定向到外部成功页面。
我无法做的是将原始的帖子变量放到成功页面上。我怎么能这样做?我的代码如下:
PHP:
<body>
<?php
$firstnameErr = $emailErr = $lastnameErr = $gradeErr = $roleErr = "";
$firstname = $email = $lastname = $grade = $role = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["firstname"])) {
$firstnameErr = "First name is required";
} else {
$firstname = user_input($_POST["firstname"]);
}
if (empty($_POST["lastname"])) {
$lastnameErr = "Last mame is required";
} else {
$lastname = user_input($_POST["lastname"]);
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = user_input($_POST["email"]);
}
if (empty($_POST["grade"])) {
$gradeErr = "Grade is required";
} else {
$grade = user_input($_POST["grade"]);
}
if (empty($_POST["role"])) {
$roleErr = "Role is required";
} else {
$role = user_input($_POST["role"]);
}
if($firstnameErr == '' && $emailErr == '' && $lastnameErr == '' && $gradeErr == '' && $roleErr == ''){
$stmt = $conn->prepare("INSERT INTO `Tom`.`staff_details` (`first_name`, `surname`, `role`, `grade`,`email`) VALUES ('$firstname', '$lastname','$role', '$grade','$email');");
$stmt->execute();
header('Location: staff_added.php');
exit();
};
}
function user_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
HTML:
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
<fieldset>
<p><span class="error">* required field</span></p>
<label>First name:</label><input type="text" name="firstname" />
<span class="error">* <?php echo $firstnameErr;?></span><br>
<label>Last name:</label><input type="text" name="lastname" />
<span class="error">* <?php echo $lastnameErr;?></span><br>
<label>Role:</label><input type="text" name="role" />
<span class="error">* <?php echo $roleErr;?></span><br>
<label>Grade:</label><input type="text" name="grade" />
<span class="error">* <?php echo $gradeErr;?></span><br>
<label>Email:</label><input type="text" name="email" />
<span class="error">* <?php echo $emailErr;?></span><br><br>
<input class="standard_submit" type="submit" value="Save" id="submit_search_button">
</fieldset>
</form>
我希望这些变量移到staff_added.php页面,以便我可以将它们打印回给用户。我已经完成了一些阅读,但到目前为止,它没有多大意义。
任何帮助将不胜感激。
谢谢
答案 0 :(得分:1)
使用prepared statements你应该看一下这样的方法,而不是直接在sql中嵌入变量。
<?php
function user_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$firstname = $email = $lastname = $grade = $role = false;
if( $_SERVER["REQUEST_METHOD"] == "POST" ) {
$errors=array();
if( empty($_POST["firstname"])) $errors[] = "First name is required";
else $firstname = user_input( $_POST["firstname"] );
if( empty($_POST["lastname"])) $errors[] = "Last mame is required";
else $lastname = user_input($_POST["lastname"]);
if( empty($_POST["email"])) $errors[] = "Email is required";
else $email = user_input($_POST["email"]);
if( empty($_POST["grade"]) ) $errors[] = "Grade is required";
else $grade = user_input($_POST["grade"]);
if( empty($_POST["role"])) $errors[] = "Role is required";
else $role = user_input( $_POST["role"] );
if( empty( $errors ) ){
$stmt = $conn->prepare("INSERT INTO `Tom`.`staff_details` (`first_name`, `surname`, `role`, `grade`,`email`) VALUES (?,?,?,?,?);");
if( $stmt ){
$stmt->bind_param('sssss',$firstname,$lastname,$role,$grade,$email);
$stmt->execute();
exit( header( 'Location: staff_added.php' ) );
} else { echo 'statement failed'; }
} else {
foreach( $errors as $error )echo $error . '<br />';
}
}
?>
答案 1 :(得分:1)
您可以将变量存储在 SESSION 对象中,然后随处可用:
<?php
session_start();
//other code...
$_SESSION["role"] = $role;
//other code...
?>