问题描述:

How can I use PHP form validation with this code? Thank you

<?php

$hostname = ""; // usually is localhost, but if not sure, check with your hosting company, if you are with webune leave as localhost

$db_user = ""; // change to your database password

$db_password = ""; // change to your database password

$database = ""; // provide your database name

$db_table = ""; // leave this as is

# STOP HERE

####################################################################

# THIS CODE IS USED TO CONNECT TO THE MYSQL DATABASE

$db = mysql_connect($hostname, $db_user, $db_password);

mysql_select_db($database,$db);

?>

<html>

<head>

<title>Add your url to our database</title>

</head>

<body>

<?php

if (isset($_REQUEST['Submit'])) {

# THIS CODE TELL MYSQL TO INSERT THE DATA FROM THE FORM INTO YOUR MYSQL TABLE

$sql = "INSERT INTO $db_table(title,description,url,keywords) values ('".mysql_real_escape_string(stripslashes($_REQUEST['title']))."','".mysql_real_escape_string(stripslashes($_REQUEST['description']))."','".mysql_real_escape_string(stripslashes($_REQUEST['url']))."','".mysql_real_escape_string(stripslashes($_REQUEST['keywords']))."')";

if($result = mysql_query($sql ,$db)) {

echo '<h1>Thank you</h1>Your information has been entered into our database<br><br>';

} else {

echo "ERROR: ".mysql_error();

}

} else {

?>

<h1><center><center></h1>

<hr>

<center>

<form method="post" action="">

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp title:<br>

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp<input type="text" name="title">

<br>

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp description: <br>

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp<input type="text" name="description">

<br>

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp Url: <br>

<font color="#0000FF">http://</font><input type="text" name="url">

<br>&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp<input type="submit" name="Submit" value="Submit">

</form></br>

<?php

}

?> <center>

</body>

</html>

网友答案:

Look at the filter_var() and filter_input() functions to filter your input. I also encourage you to use PDO prepared statements to protect against SQL injection. For form validation, you'll need to compare the value of the inputs to what you are willing to accept. Also, you'll need at least one more condition statement to determine what to do based on whether the input is valid (add it to sql) vs invalid (display error).

相关阅读:
Top