php：在运行 INSERT 查询之前检查变量是否不为空

Question

我为我的婚礼网站构建了一个歌曲请求表单，并想在将表单输入存储到数据库之前检查我存储表单输入的变量是否为空。我的目标很简单，防止在 for 被触发时将空白行添加到 mysql db。

 <?php 
// extract data from form; store in variable
$artist =  $_POST["artist"];
$song = $_POST["song"];

// connect to server 
$conn = mysql_connect('host', 'user', 'pass');


// check if you can connect; if not then die

if (!$conn) {
    echo "<center>";
    die('Could Not Connect: ' . mysql_error());
    echo "</center>";
    }

// check if you can select table; in not then die

$db = mysql_select_db('database', $conn);

if (!$db) {
    echo "<center>";
    die('Database Not Selected: ' . mysql_error());
    echo "</center>";
    }

// Define the query to inser the song request
$insert = mysql_query("INSERT INTO Songs (Artist, Song) VALUES ('$artist', '$song')");  

// check if above variables are empty 
if (!empty($artist) and !empty($song)) {
    echo "<center>";
    echo "Insert was succesful<br>";
    echo "<a href='index.html' target='_self' >Back</a>";
    echo "</center>";
}
else {
    echo "<center>";
    die("Please fill in at least the artist name");
    echo "</center>";
}

// close the connection to the server
mysql_close($conn);
?>

我在一个名为 insert.php 的文件中包含上述内容，该文件在提交索引页面上的表单时被触发。表单正在使用 POST 提交并且工作正常，但是我想防止发生空白提交。

对编程非常陌生，想学习如何正确地做到这一点。

感谢您的耐心等待。

Answer 1

Please, don't use mysql_* functions in new code。它们不再维护and are officially deprecated。看到red box？改为了解 prepared statements，并使用 PDO 或 MySQLi - this article 将帮助您决定哪个。如果你选择 PDO，here is a good tutorial。

但是，作为对您问题的直接回答：不要在插入结果之后进行验证，而是在之前进行验证。 此外，如果您确实使用 mysql_* 函数，请记住清理（使用 mysql_real_escape_string）您插入数据库的任何内容。清理输入将防止 SQL injections 并消除一些漏洞问题。

if($errors) {
    // there are errors, don't submit to database
    // run through error display process

} else {
    // submit to database
    $insert = mysql_query("INSERT INTO Songs (Artist, Song) VALUES ('$artist', '$song')");
}

Answer 2

你离得太近了！您所要做的就是在检查艺术家和歌曲是否填写后插入插入！

<?php 
    // extract data from form; store in variable
    $artist =  $_POST["artist"];
    $song = $_POST["song"];

    // connect to server 
    $conn = mysql_connect('host', 'user', 'pass');

    // check if you can connect; if not then die

    if (!$conn) {
        echo "<center>";
        die('Could Not Connect: ' . mysql_error());
        echo "</center>";
    }

    // check if you can select table; in not then die

    $db = mysql_select_db('database', $conn);

    if (!$db) {
        echo "<center>";
        die('Database Not Selected: ' . mysql_error());
        echo "</center>";
    }

    // check if above variables are empty 
    if (!empty($artist) and !empty($song)) {
        // Define the query to inser the song request
        $insert = mysql_query("INSERT INTO Songs (Artist, Song) VALUES ('$artist', '$song')");  

        if($insert) {
          echo "<center>";
          echo "Insert was succesful<br>";
          echo "<a href='index.html' target='_self' >Back</a>";
          echo "</center>";
        }
    }
    else {
        echo "<center>";
        die("Please fill in at least the artist name");
        echo "</center>";
    }

    // close the connection to the server
    mysql_close($conn);

就是这样！

Answer 3

使用 empty 就足够了。也有isset

http://php.net/manual/en/function.isset.php

Answer 4

嗯，你已经收到了empty 的支票。只需在插入之前移动它并采取相应措施

if (empty($artist)) {
    echo "<center>";
    die("Please fill in at least the artist name");
    echo "</center>";
}

或同时检查

if (empty($artist) or empty($song)) {
...
}

Answer 5

首先通过函数或使用if语句来验证变量

if (!empty($artist) && !empty($song))
 { $insert = mysql_query("INSERT INTO Songs (Artist, Song) VALUES ('$artist', '$song')");}