基本上我一个审查表上的工作中,用户填写有关特定产品项目,并提交表单时,它调用process.php这验证表格,当一个人会发邮件给我提交没有错误。然后,它将用户返回到表单页面,并显示已提交的错误或者说它已成功提交,这一切都很好,但我现在需要做的是在表单填写正确时我仍然希望电子邮件和返回到表单的页面,但也插入数据到我的数据库。我的表单验证的伟大工程,直到我尝试在弹出一些代码插入到数据库,然后我得到这些错误......验证我的PHP形式提交到数据库
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/XZXZ/support/database.inc:16) in /home/XZXZ/public_html/Reviews/process.php on line 113
Warning: Cannot modify header information - headers already sent by (output started at /home/XZXZ/support/database.inc:16) in /home/XZXZ/public_html/Reviews/process.php on line 117
我只需要知道在哪里可以在弹出这个以避免这些错误仍然有一切正常工作。下面来看看在process.php文件:
<?php
if(isset($_POST)){
//form validation vars
$formok = true;
$errors = array();
//sumbission data
$ipaddress = $_SERVER['REMOTE_ADDR'];
$sub_date = date('d/m/Y');
$sub_time = date('H:i:s');
//form data
$sub_date = $_POST['sub_date'];
$sub_time = $_POST['sub_time'];
$review_title = $_POST['review_title'];
$rating = $_POST['rating'];
$pros = $_POST['pros'];
$cons = $_POST['cons'];
$best_uses = $_POST['best_uses'];
$comments = $_POST['comments'];
$upload = $_POST['upload'];
$recommend = $_POST['recommend'];
$reviewer_name = $_POST['reviewer_name'];
$reviewer_desc = $_POST['reviewer_desc'];
$reviewer_loc = $_POST['reviewer_loc'];
//form validation to go here....
}
//validate review title is not empty
if(empty($review_title)){
$formok = false;
$errors[] = "You have not entered a title for this review";
}
//validate rating is selected
if (isset ($_POST['rating']) && ($_POST['rating'] == '')) {
$formok = FALSE;
$errors[] = "You have not selected a rating for the product";
}
//validate pros is not empty
if(empty($pros)){
$formok = false;
$errors[] = "You have not entered any pros";
}
//validate cons is not empty
if(empty($cons)){
$formok = false;
$errors[] = "You have not entered any cons";
}
//validate name is not empty
if(empty($reviewer_name)){
$formok = false;
$errors[] = "You have not entered your name";
}
//validate desc is not empty
if(empty($reviewer_desc)){
$formok = false;
$errors[] = "You have not entered your description";
}
//validate location is not empty
if(empty($reviewer_loc)){
$formok = false;
$errors[] = "You have not entered your location";
}
//send email if all is ok
if($formok){
$headers = "From: [email protected]" . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$emailbody = "<p>You have received a new product review pending approval from XZXZ.com</p>
<p><strong>Review Title: </strong> {$review_title} </p>
<p><strong>Rating: </strong> {rating} </p>
<p><strong>Pros: </strong> {$pros} </p>
<p><strong>Cons: </strong> {$cons} </p>
<p><strong>Best Uses: </strong> {$best_uses} </p>
<p><strong>Comments: </strong> {$comments} </p>
<p><strong>Upload: </strong> {$upload} </p>
<p><strong>Recommend: </strong> {$recommend} </p>
<p><strong>Name: </strong> {$reviewer_name} </p>
<p><strong>Description: </strong> {$reviewer_desc} </p>
<p><strong>Location: </strong> {$reviewer_loc} </p>
<p>This message was sent from the IP Address: {$ipaddress} on {$date} at {$time}</p>";
mail("[email protected]","New Pending Review",$emailbody,$headers);
//insert to database
require("/home/XZXZ/support/database.inc");
$SQL="INSERT INTO 'XZXZ_rvs'.'reviews_prod' (sub_date, sub_time, review_title, rating, pros, cons, best_uses, comments, upload, recommend, reviewer_name, reviewer_desc, reviewer_loc) VALUES ('$_POST[$sub_date]','$_POST[$sub_time]','$_POST[$review_title]','$_POST[$rating]','$_POST[$pros]','$_POST[$cons]','$_POST[$best_uses]','$_POST[$comments]','$_POST[$upload]','$_POST[$recommend]','$_POST[$reviewer_name]','$_POST[$reviewer_desc]','$_POST[$reviewer_loc]')";
}
//what we need to return back to our form
$returndata = array(
'posted_form_data' => array(
'review_title' => $review_title,
'rating' => $rating,
'pros' => $pros,
'cons' => $cons,
'best_uses' => $best_uses,
'comments' => $comments,
'upload' => $upload,
'recommend' => $recommend,
'reviewer_name' => $reviewer_name,
'reviewer_desc' => $reviewer_desc,
'reviewer_loc' => $reviewer_loc
),
'form_ok' => $formok,
'errors' => $errors
);
//if this is not an ajax request
if(empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest'){
//set session variables
session_start();
$_SESSION['cf_returndata'] = $returndata;
//redirect back to form
header('location: ' . $_SERVER['HTTP_REFERER']);
}
之前,你必须把会话开始请请请考虑将扩展'.php'您database.inc文件,如果有人在浏览器中导航到该文件,它将以计划文本形式输出,显示所有数据库连接参数! – Dale 2012-04-17 20:59:38
就做到了,谢谢你的提示,我继承了这个项目,并通常与数据块只编码一切工作在同一个PHP文件时,而不是使用需要 – forevermetal02 2012-04-18 13:13:06
@Dale,这未必是真实的。设置'.inc'文件很容易被处理为PHP(并且不向访问者显示源代码)。但是,如果您将某个服务器移动到不支持'.htaccess'的服务器(或.htaccess文件未被传输),则将该扩展名保留为默认值('.php')当使用FTP时,由于它被默认隐藏)。 – 0b10011 2012-04-18 15:55:40