PHP：在提交到数据库之前验证更新表单中的数据

Question

我对php和表单验证仍然很陌生。我目前正在尝试创建一个在将数据提交到数据库之前进行验证的更新表单。到目前为止，我已成功设法在提交表单时更新数据库中的数据。

但现在我试图验证数据，并确保4个字段被填充，而不是留空，如果某些表单字段留空，那么我需要表单重新加载已填充的内容在表格上。

我已经开始将表单验证添加到下面的脚本中，但是这是我成功用于将新数据添加到数据库的脚本。我无法绕过我需要更改的头部，以使其适用于UPDATE查询。在此先感谢

我需要在窗体中更新的唯一字段是描述，img_path，位置和付款。

<?php 

    $mysqli = new mysqli("localhost", "root", "", "etrading"); 

    session_start(); //start session 

    //Check that a product ID is specified for the page 
    if (isset($_GET['ItemID'])) { 
     $productID = $_GET['ItemID']; 

    }else{ 
    header("Location: index.php"); 
    } 

if (isset($_POST['Name'])) { 
    $Name = $_POST['Name']; 
    $Description = $_POST['Description']; 
    $img_path = $_POST['img_path']; 
    $Quantity = $_POST['Quantity']; 
    $Category = $_POST['Category']; 
    $Location = $_POST['Location']; 
    $Saletype = $_POST['Saletype']; 
    $Price = $_POST['Price']; 
    $Duration = $_POST['Duration']; 
    $Payment = $_POST['Payment']; 


$updateQuery = "UPDATE item SET Description = '$Description', img_path = '$img_path', Location = '$Location', Payment = '$Payment' WHERE ItemID= $productID"; 

    $mysqli->query($updateQuery); 
    echo ("Product successfully updated"); 
    } 


$query = "SELECT * FROM item WHERE ItemID = $productID"; 
    $result = $mysqli->query($query); 

if($result->num_rows > 0) { 
    $data = $result->fetch_array(MYSQLI_BOTH); 


//prepare input data in an array 
$updatedata = array($Description, $img_path, $Location, $Payment); 

//prepare error list 
$errors = array(); 

//Validation tests and store list 
    if ($Description == "" || $img_path == "" || $Location == "" || $Payment == "") { 
    array_push($errors, "All form fields must be filled out before submitting."); 
    } 
    //if errors redirect back to form page and save attempted data. 
    if (count($errors) > 0) { 
     $_SESSION['updatedata'] = $updatedata; 
     $_SESSION['errors'] = $errors; 

    header("Location: ../edit.php"); 
     }else{ 
     unset($_SESSION['updatedata']); 
     unset($_SESSION['errors']); 
    } 

    if(isset($_SESSION['errors'])) { 
    $errors = $_SESSION['errors']; 

    for ($errorCount = 0; $errorCount < count($errors); $errorCount++) { 
    echo ("<p class='error'>Error: " . $errors[$errorCount] . "</p>"); 
    } 
    } 

?> 


    <div id="form"> 
    <h2> Edit Product </h2> 
    <form action="edit.php?ItemID=<?php echo $productID; ?>" method="POST" > 
     <fieldset> 
      <h4>Sell Your Item</h4> 
      <p><label class="title" for="Name">Name:</label> 
      <input type="text" placeholder="<?php echo $data['Name']; ?>" name="Name" id="Name" title="Please enter item name" 
      readonly ><br /> 

      <label class="title" for="Description">Description:</label> 
      <textarea name="Description" rows="5" cols="33" placeholder="<?php echo $data['Description']; ?>" id="Description" title="Please describe your item" ></textarea><br /> 


      <img src="../img/<?php echo $data['img_path']; ?>" /> 
      <br> 


      Select image to upload: 
      <input type="file" name="img_path" placeholder="<?php echo $data['img_path']; ?>" id="img_path" accept="image/jpg"><br> 

       <label class="title" for="Quantity">Quantity:</label> 
      <input type="text" placeholder="<?php echo $data['Quantity']; ?>" name="Quantity" id="Quantity" title="Number of items" readonly><br /> 

      <label class="title" for="Category">Category:</label> 
      <input type="text" placeholder="<?php echo $data['Category']; ?>" name="Category" id="Category" Title="Category" readonly > 


      <label class="title" for="Location">Location:</label> 
      <input type="text" placeholder="<?php echo $data['Location']; ?>" name="Location" id="Location" title="Enter item location" ><br /> 

      <label class="title" for="Saletype">Sale Type:</label> 
      <input type="text" placeholder="<?php echo $data['Saletype']; ?>" name="Saletype" id="Saletype" title="Sale Type" readonly > 


      <label class="title" for="Price">Price: $</label> 
      <input type="text" placeholder="<?php echo $data['Price']; ?>" name="Price" id="Price" title="Please enter your name" readonly><br /> 

      <label class="title" for="Duration">Duration:</label> 
      <input type="text" placeholder="<?php echo $data['Duration']; ?>" name="Duration" id="Duration" title="End Date" readonly><br /> 

      <label class="title" for="Payment">Payment Type:</label> 
      <input type="text" placeholder="<?php echo $data['Payment']; ?>" name="Payment" id="Payment" title="Payment" readonly > 
      <select name="Payment" id="Payment" > 
       <option value="PayPal">PayPal</option> 
       <option value="Bank Deposit">Bank Deposit</option> 
       <option value="Card">Credit Card</option> 
      </select><br> 


       <div class="submit"><input type="submit" value="submit" name="submit" /></div> 
      <div class="reset"><input type="reset" /></div> 

      </fieldset> 


      </form> 

Answer 1

您可以使用HTML表单上的required属性。这将确保表单不能被提交，除非有输入值。

<input type="text" required /> 

在你的PHP文件，你可以使用isset()函数来检查所有的值。

if (isset($description) && isset($img_path) && isset($description) && isset($payment)) 
{ 
    // other code 
} 

您还应该确保转义值。

if (isset($description) && isset($img_path) && isset($description) && isset($payment)) 
{ 
    $description = mysqli_real_escape_string($conn, $description); 
    $img_path = mysqli_real_escape_string($conn, $img_path); 
    $location = mysqli_real_escape_string($conn, $location); 
    $payment = mysqli_real_escape_string($conn, $payment); 

    $updateQuery = "UPDATE item SET Description = '$Description', img_path = '$img_path', Location = '$Location', Payment = '$Payment' WHERE ItemID= $productID"; 
    $mysqli->query($updateQuery); 
} 

的mysqli_real_escape_string转义为SQL语句中使用的字符串的特殊字符，并考虑到连接

你应该始终做既前端和后端验证当前的字符集。