验证数据并将其添加到数据库中
在此部分,您要将 PHP 代码添加到 createNewWisher.php 中。将该代码添加到文件顶部的 PHP 块中。PHP 块必须在*所有* HTML 代码上面,是空行或是空白内容。要使重定向语句正常工作,PHP 代码块位置是非常重要的。在 PHP 块中,按编写顺序键入或粘贴本节下面介绍的代码块。
添加以下代码以验证数据:
初始化变量。前几个变量用于传送数据库凭证,其他变量在 PHP 操作中使用。
/** database connection credentials */$dbHost="localhost"; //on MySql
$dbXeHost="localhost/XE"; $dbUsername="phpuser";$dbPassword="phpuserpw";
/** other variables */
$userNameIsUnique = true;
$passwordIsValid = true;
$userIsEmpty = false;
$passwordIsEmpty = false;
$password2IsEmpty = false;
在这些变量下面,添加一个 if 子句。 if 子句的参数检查是否通过 POST 方法从自身请求页面。如果不是,将不执行进一步验证,并且页面显示上述空字段。
/** Check that the page was requested from itself via the POST method. */
if ($_SERVER["REQUEST_METHOD"] == "POST") {
}
在 if 子句的花括号中,添加另一个 if 子句,用于检查用户是否填写了许愿者的名字。如果文本字段 "user" 为空,则将 $userIsEmpty 值更改为 true。
/** Check that the page was requested from itself via the POST method. */
if ($_SERVER["REQUEST_METHOD"] == "POST") {
/** Check whether the user has filled in the wisher's name in the text field "user" */ *
if ($_POST["user"]=="") {
$userIsEmpty = true;
}*
}
添加代码以建立数据库连接。如果无法建立连接,则将 MySQL 或 Oracle OCI8 错误发送到输出。
对于 MySQL 数据库:
/** Check that the page was requested from itself via the POST method. */
if ($_SERVER["REQUEST_METHOD"] == "POST") {
/** Check whether the user has filled in the wisher's name in the text field "user" */
if ($_POST["user"]=="") {
$userIsEmpty = true;
}
/** Create database connection */*$con = mysqli_connect($dbHost, $dbUsername, $dbPassword);
if (!$con) {
exit('Connect Error (' . mysqli_connect_errno() . ') '
. mysqli_connect_error());
}
//set the default client character set
mysqli_set_charset($con, 'utf-8');*
}
对于 Oracle 数据库:
/** Check that the page was requested from itself via the POST method. */
if ($_SERVER['REQUEST_METHOD'] == "POST") {
/** Check whether the user has filled in the wisher's name in the text field "user" */
if ($_POST['user'] == "") {
$userIsEmpty = true;
}
/** Create database connection */*$con = oci_connect($dbUsername, $dbPassword, $dbXeHost, "AL32UTF8");
if (!$con) {
$m = oci_error();
exit('Connect Error' . $m['message']);
}*
}
添加代码以检查名字与 "user" 字段匹配的用户是否已存在。该代码的工作方式是,尝试查找名字与 "user" 字段中的名字匹配的许愿者 ID 号。如果此类 ID 号存在,则将 $userNameIsUnique 的值更改为 "false"。
对于 MySQL 数据库:
/** Check that the page was requested from itself via the POST method. */
if ($_SERVER["REQUEST_METHOD"] == "POST") {
/** Check whether the user has filled in the wisher's name in the text field "user" */
if ($_POST["user"]=="") {
$userIsEmpty = true;
}/** Create database connection */$con = mysqli_connect($dbHost, $dbUsername, $dbPassword);if (!$con) {exit('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());}*/**set the default client character set */
mysqli_set_charset($con, 'utf-8');*
*/** Check whether a user whose name matches the "user" field already exists */**mysqli_select_db($con, "wishlist");
$user = mysqli_real_escape_string($con, $_POST["user"]);
$wisher = mysqli_query($con, "SELECT id FROM wishers WHERE name='".$user."'");
$wisherIDnum=mysqli_num_rows($wisher);
if ($wisherIDnum) {
$userNameIsUnique = false;
}*
}
对于 Oracle 数据库:
/** Check that the page was requested from itself via the POST method. */
if ($_SERVER['REQUEST_METHOD'] == "POST") {
/** Check whether the user has filled in the wisher's name in the text field "user" */
if ($_POST['user'] == "") {
$userIsEmpty = true;
}
/** Create database connection */$con = oci_connect($dbUsername, $dbPassword, $dbXeHost, "AL32UTF8");
if (!$con) {
$m = oci_error();
exit('Connection Error ' . $m['message']);
}
*/** Check whether a user whose name matches the "user" field already exists */*
*$query = "SELECT id FROM wishers WHERE name = :user_bv";
$stid = oci_parse($con, $query);
$user = $_POST['user'];
$wisherID = null;
oci_bind_by_name($stid, ':user_bv', $user);
oci_execute($stid);
// Each user name should be unique. Check if the submitted user already exists.
$row = oci_fetch_array($stid, OCI_ASSOC);
if ($row){
$userNameIsUnique = false;
}*
}
在检查用户是否唯一的代码后面,添加一系列 if 子句,以便检查用户是否正确输入并确认了口令。该代码检查窗体中的 Password ("password") 和 Confirm Password ('password2) 字段是否不为空以及是否相同。如果为空或不相同,则会更改相应的布尔型变量的值。
if ($_POST["password"]=="") {$passwordIsEmpty = true;
}if ($_POST["password2"]=="") {$password2IsEmpty = true;
}if ($_POST["password"]!=$_POST["password2"]) {$passwordIsValid = false;
}
通过添加在 "wishers" 数据库中插入新条目的代码,完成 if ($_SERVER['REQUEST_METHOD'] == "POST") 子句。该代码检查是否唯一地指定了许愿者名字,以及是否有效地输入并确认了口令。如果符合这些条件,该代码将从 HTML 窗体中提取 "user" 和 "password" 值,然后将其分别插入到 wishers 数据库新行中的 Name 和 Password 列。在创建该行后,该代码将关闭数据库连接并将应用程序重定向到 editWishList.php 页。
对于 MySQL 数据库:
/** Check that the page was requested from itself via the POST method. */
if ($_SERVER['REQUEST_METHOD'] == "POST") {
/** Check whether the user has filled in the wisher's name in the text field "user" */
if ($_POST['user'] == "") {
$userIsEmpty = true;
}
/** Create database connection */
$con = mysqli_connect($dbHost, $dbUsername, $dbPassword);
if (!$con) {
exit('Connect Error (' . mysqli_connect_errno() . ') '
. mysqli_connect_error());
}
//set the default client character set
mysqli_set_charset($con, 'utf-8');
/** Check whether a user whose name matches the "user" field already exists */
mysqli_select_db($con, "wishlist");
$user = mysqli_real_escape_string($con, $_POST['user']);
$wisher = mysqli_query($con, "SELECT id FROM wishers WHERE name='".$user."'");
$wisherIDnum=mysqli_num_rows($wisher);
if ($wisherIDnum) {
$userNameIsUnique = false;
}
/** Check whether a password was entered and confirmed correctly */
if ($_POST['password'] == "") {
$passwordIsEmpty = true;
}
if ($_POST['password2'] == "") {
$password2IsEmpty = true;
}
if ($_POST['password'] != $_POST['password2']) {
$passwordIsValid = false;
}
/** Check whether the boolean values show that the input data was validated successfully.
* If the data was validated successfully, add it as a new entry in the "wishers" database.
* After adding the new entry, close the connection and redirect the application to editWishList.php.
*/
*if (!$userIsEmpty && $userNameIsUnique && !$passwordIsEmpty && !$password2IsEmpty && $passwordIsValid) {
$password = mysqli_real_escape_string($con, $_POST['password']);
mysqli_select_db($con, "wishlist");
mysqli_query($con, "INSERT wishers (name, password) VALUES ('" . $user . "', '" . $password . "')");
mysqli_free_result($wisher);
mysqli_close($con);
header('Location: editWishList.php');
exit;
}*
}
对于 Oracle 数据库:
/** Check that the page was requested from itself via the POST method. */
if ($_SERVER['REQUEST_METHOD'] == "POST") {
/** Check whether the user has filled in the wisher's name in the text field "user" */
if ($_POST['user'] == "")
$userIsEmpty = true;
/** Create database connection */
$con = oci_connect($dbUsername, $dbPassword, $dbXeHost, "AL32UTF8");
if (!$con) {
$m = oci_error();
echo $m['message'], "\n";
exit;
}
/** Check whether a user whose name matches the "user" field already exists */
$query = "select ID from wishers where name = :user_bv";
$stid = oci_parse($con, $query);
$user = $_POST['user'];
$wisherID = null;
oci_bind_by_name($stid, ':user_bv', $user);
oci_execute($stid);
/**Each user name should be unique. Check if the submitted user already exists. */
$row = oci_fetch_array($stid, OCI_ASSOC);
if ($row) {
$wisherID = $row['ID'];
}
if ($wisherID != null) {
$userNameIsUnique = false;
}
//Check for the existence and validity of the password
if ($_POST['password'] == "") {
$passwordIsEmpty = true;
}
if ($_POST['password2'] == "") {
$password2IsEmpty = true;
}
if ($_POST['password'] != $_POST['password2']) {
$passwordIsValid = false;
}
/** Check whether the boolean values show that the input data was validated successfully.
* If the data was validated successfully, add it as a new entry in the "wishers" database.
* After adding the new entry, close the connection and redirect the application to editWishList.php.
*/
*if (!$userIsEmpty && $userNameIsUnique && !$passwordIsEmpty && !$password2IsEmpty && $passwordIsValid) {
$query = "INSERT INTO wishers (name, password) VALUES (:user_bv, :pwd_bv)";
$stid = oci_parse($con, $query);
$pwd = $_POST['password'];
oci_bind_by_name($stid, ':user_bv', $user);
oci_bind_by_name($stid, ':pwd_bv', $pwd);
oci_execute($stid);
oci_free_statement($stid);
oci_close($con);
header('Location: editWishList.php');
exit;
}*
}