插入数据库之前表单验证的逻辑

Question

我想在插入数据库之前编写一个数据验证逻辑。如果数据无效，则会提示用户错误，但随后我面临的问题不是我希望的逻辑： (1) 消息“数据插入成功！”甚至显示错误检查消息是提示的。 (2) 消息“数据插入成功！”显示即使没有在表单中输入数据然后点击提交。

我应该如何将逻辑更改为我希望拥有的逻辑？

<?php
// Initialize variables to null.
$comp_nameError ="";
$compLicenseeNameError ="";

if(isset($_POST['comp_name']))  {$comp_name= $_POST['comp_name'];}
if(isset($_POST['comp_licensee_name'])) {$comp_licensee_name= $_POST['comp_licensee_name'];}

//On submitting form below function will execute
if (isset($_POST['submit'])) {

    function test_input($data) {
        $data = trim($data);
        $data = stripslashes($data);
        $data = htmlspecialchars($data);
    return $data;
    }           

    //-------------------------Form Validation Start---------------------//
   if (empty($_POST["comp_name"])) {
     $comp_nameError = "Name is required";
   } else {
     $comp_name = test_input($_POST["comp_name"]);
     // check name only contains letters and whitespace
     if (!preg_match("/^[a-zA-Z ]*$/",$comp_name)) {
       $comp_nameError = "Only letters and white space allowed"; 
     }
   }

   if (empty($_POST["comp_licensee_name"])) {
     $compLicenseeNameError = "Company Licensee Name is required";
   } else {
     $comp_licensee_name = test_input($_POST["comp_licensee_name"]);
   }
   //-------------------------Form Validation End---------------------//


    // attempt a connection
    $host="host=xx.xx.xx.xx";
    $port="port=xxxx";
    $dbname="dbname=xxxx";
    $credentials="user=xxxxxx password=xxxxxxx";

    $dbh = pg_connect("$host $port $dbname $credentials");
    if (!$dbh) {
        die("Error in connection: " . pg_last_error());
    }

    // execute query
    $sql = "INSERT INTO t_comp(comp_name, comp_licensee_name)VALUES('$comp_name', '$comp_licensee_name')";
    $result = pg_query($dbh, $sql); 

    if (!$result) {
        die("Error in SQL query: " . pg_last_error());
    }
    echo "Data successfully inserted!";

    // free memory
    pg_free_result($result); 

    // close connection
    pg_close($dbh);
}
//php code ends here 
?>


<html>
    <head>

    <link rel="stylesheet" href="style/style.css" />
    </head>
    <body>

        <div class="maindiv">
            <div class="form_div">    
            <form method="post" action="compReg.php">                   
                <span class="error">* required field.</span>

                <br>
                <hr/>
                <br>
                Company Name:<br><input class="input" type="text" name="comp_name" value="">
                <span class="error">* <?php echo $comp_nameError;?></span>
                <br>         

                Company Licensee:<br><input class="input" type="text" name="comp_licensee_name" value="">
                <span class="error">* <?php echo $compLicenseeNameError;?></span>
                <br>    

                <input class="submit" type="submit" name="submit" value="Submit"> 
            </form>
            </div>          
        </div>
    </body>
</html>

Answer 1

我会将错误累积到一个数组中，只有当它为空时才继续插入部分：

$errors = array();
if (empty($_POST["comp_name"])) {
    $errors[] = "Name is required";
} else {
    $comp_name = test_input($_POST["comp_name"]);
    // check name only contains letters and whitespace
    if (!preg_match("/^[a-zA-Z ]*$/",$comp_name)) {
        $errors[] = "Only letters and white space allowed in the computer name"; 
    }
}

if (empty($_POST["comp_licensee_name"])) {
    $errors[] = "Company Licensee Name is required";
} else {
    $comp_licensee_name = test_input($_POST["comp_licensee_name"]);
}

if (!empty($errors)) {
    echo "The following errors occurred:<br/>" . implode('<br/>', $errors);
    exit();
}

// If we didn't exit, continue to the insertion code

Answer 2

    <?php
    // Initialize variables to null.
   $comp_nameError ="";
   $compLicenseeNameError ="";

    if(isset($_POST['comp_name']))  {$comp_name= $_POST['comp_name'];}
       if(isset($_POST['comp_licensee_name'])) {
             $comp_licensee_name= $_POST['comp_licensee_name'];}

           //On submitting form below function will execute
             if (isset($_POST['submit'])) {

                // check boolean variable value 
                $is_valid = 1;

                function test_input($data) {
                    $data = trim($data);
                    $data = stripslashes($data);
                    $data = htmlspecialchars($data);
                      return $data;
                 }           

     //-------------------------Form Validation Start---------------------//
      if (empty($_POST["comp_name"])) {
          $comp_nameError = "Name is required";
          } else {
            $comp_name = test_input($_POST["comp_name"]);
          // check name only contains letters and whitespace
           if (!preg_match("/^[a-zA-Z ]*$/",$comp_name)) {
             $validation_error = "Only letters and white space allowed"; 
               $is_valid = 0;
           }
     }

        if (empty($_POST["comp_licensee_name"])) {
           $validation_error = "Company Licensee Name is required";
           $is_valid =0;
          } else {
             $comp_licensee_name = test_input($_POST["comp_licensee_name"]);
            }
          //-------------------------Form Validation End---------------------//


        // attempt a connection
  if($is_valid == 1 ){
    $host="host=xx.xx.xx.xx";
    $port="port=xxxx";
    $dbname="dbname=xxxx";
    $credentials="user=xxxxxx password=xxxxxxx";

    $dbh = pg_connect("$host $port $dbname $credentials");
    if (!$dbh) {
        die("Error in connection: " . pg_last_error());
    }

    // execute query
    $sql = "INSERT INTO t_comp(comp_name, comp_licensee_name)VALUES('$comp_name', '$comp_licensee_name')";
    $result = pg_query($dbh, $sql); 

    if (!$result) {
        die("Error in SQL query: " . pg_last_error());
    }
    echo "Data successfully inserted!";

    // free memory
    pg_free_result($result); 

    // close connection
    pg_close($dbh);
} else {
     echo $validation_error; 
     die;
}
 }
 //php code ends here 
?>