同一页面上的PHP表单验证-此逻辑正确吗？

Question

I am trying to build a simple registration form that passes through some checks and then saves the data to the database. 我正在尝试构建一个简单的注册表单，该表单将通过一些检查，然后将数据保存到数据库中。 Initially, there was just the registration form and the processing form and the un-validated form data was getting saved in the data base. 最初，只有注册表格和处理表格，而未经验证的表格数据已保存在数据库中。 The trouble started when I tried to get some validation into the process. 当我尝试对过程进行验证时，麻烦就开始了。

    <Edit>

There are only three goals here: 这里只有三个目标：

To prevent logged in users from trying to register. 为了防止已登录的用户尝试注册。
As long as there is no active user account running in the browser, first ensure that there are no empty fields and 只要浏览器中没有运行活动的用户帐户，请首先确保没有空字段，
Send the form data for processing. 发送表格数据进行处理。

For #1, posting to php self seemed ideal as it avoided a lot of extra coding for me and has the advantage to the users of not having to type in all the stuff again. 对于＃1，发布到php self似乎是理想的选择，因为它为我避免了很多额外的编码，并且对用户具有不必再次键入所有内容的优点。

For #2, validation is limited to checking for empty fields right now and nothing else. 对于＃2，验证仅限于现在检查空白字段，仅此而已。 This is a registration form and user data is being collected - no authentication of the user at all. 这是一张注册表格，正在收集用户数据-完全不对用户进行身份验证。

For #3, I have devised a way of sending the data to another php and that is not an issue any more. 对于＃3，我设计了一种将数据发送到另一个php的方法，这不再是问题。

The issue is the logic. 问题是逻辑。 Why are the parts that are working separately failing when put together? 为什么分开工作的零件放在一起会失效？ Is there some fault in the logic I am applying to the process? 我对流程应用的逻辑中是否有错误？

One of the comments said something about elseif and I have tried that also. 其中一条评论谈到了elseif，我也尝试过。 I am not getting any error in the code - no parse errors, no syntax errors, no fatal errors - but nothing is happening either - just the register form getting refreshed. 我没有在代码中出现任何错误-没有解析错误，没有语法错误，没有致命错误-但也没有发生任何事情-只是刷新了注册表。 The individual parts of the system work separately on test pages but when put together with the full form, it doesn't work. 系统的各个部分分别在测试页上工作，但是当与完整表单放在一起时，它将不起作用。

    </Edit>

Here on SE I found the way to post the form to php self and tried it out with the sample code in the post. 在SE上，我找到了将表单发布到php self的方法，并在发布后的示例代码中进行了尝试。 It worked as expected, all seemed to be fine and so I added it to my form page. 它按预期工作，一切似乎都很好，因此我将其添加到了表单页面。 But it is doing nothing when on the actual form page except reloading it. 但是在实际的表单页面上，除了重新加载之外，它什么也没做。

Again, here on SE I found a post that showed how all the errors could be caught in an array and displayed. 再次，在SE上，我发现了一个帖子，展示了如何将所有错误捕获到数组中并显示出来。 It seemed to work on a sample file and I added the code with the appropriate changes of variable names to my registration page. 它似乎可以在一个示例文件上工作，我在变量注册页面中添加了对变量名进行适当更改的代码。 If there is no user logged in and the user clicks on submit, the empty field error that is caught should be displayed. 如果没有用户登录，并且用户单击“提交”，则应显示捕获到的空字段错误。 It didn't. 没有。 display any errors even when all the fields were left blank. 即使所有字段都留为空白，也会显示任何错误。 Everything collapsed after that. 此后一切都崩溃了。

All that is happening now is that the registration form reloads - error or no error! 现在发生的一切就是重新加载了注册表-错误或没有错误！

I have tried so many things that I am no longer sure whether what I was trying to do since last evening is what the code is doing now. 我已经尝试了很多事情，以至于我不再确定自从昨晚以来我一直在试图做的事情就是代码现在正在做的事情。 So I am starting over with just the logic and the related questions. 因此，我仅从逻辑和相关问题开始。

Here is the logic and the questions for each stage.... 这是每个阶段的逻辑和问题。

    <php session_start() ;?>
    <?php
    //check if the user is logged in
    if (isset($_SESSION['validuser'])) {
          //catch this first - before user spends time filling out the 12 fields!
          //send to message page saying "you cannot register - you are already a member and     logged in"
          //WORKING PERFECTLY - CONFIRMS FORM POSTING TO SAME PAGE CORRECTLY!
          //time for other checks....
    }
    else (!isset($_SESSION['validuser']) && isset($_POST['submit'])) {

          //if there is no logged in user and form has been submitted, start checking the      fields to see if any fields are empty
          //collect all errors in array and display?
          //direct back to the form with appropriate messages, form fields retained
          //exit here? or no?
          //focus  now has to pass to the form again - need any code for this? or will it happen automatically?
    }
    if isset($_POST['submit'])) {
          //Should this part be within the else block?
          //If it is out side, will it get rendered on load?
          //if there are no errors proceed to process the form
          //there are further checks that need talking to the database
          //once those checks and approvals are over the data gets saved to the database

    }


    ?>
    <html>
       <body>
        <form action="<?=$_SERVER['PHP_SELF']?>" method = "POST">
            <!--  12 fields to be filled out by user     -->
            <input type = "submit" name = "submit" value = "submit" />
        </form>
        </body>
    </html>

What am I missing? 我想念什么？ Please remember that this is a workflow I am trying to clean up. 请记住，这是我要清理的工作流程。 The original code is so souped up now that I don't want to expose it here - chances are that I will get a lot of advice about sanitation of input and escaping of output! 现在，原始代码已变得如此繁琐，以至于我不想在这里公开它-很有可能我将获得有关输入卫生和输出转义的很多建议！ I have deliberately left out those bits in this development environment where only I have access to the forms and database. 在此开发环境中，我故意省略了那些位，在这些环境中，只有我才能访问表单和数据库。 Sanitizing and escaping only adds clutter at this point. 在这一点上进行消毒和逃逸只会增加混乱。

That said, once I have the workflow right I will add those bits too :-) 就是说，一旦我拥有正确的工作流程，我也将添加这些位:-)

Answer 1

I'd restructure it as follows: 我将其重组如下：

if (isset($_SESSION['validuser'])) 
{
    //user is authenticated
}
elseif (!isset($_SESSION['validuser']) && isset($_POST['submit'])) 
{
    //user is not authenticated, proceed
    if (isset($_POST['submit'])) //checking if form was submitted
    {
        //process 12 input fields
    }
    else
    {
        //form wasn't submitted, display error
    }
}

Answer 2

Here's a solution that should work based upon what you've described. 这是一个应根据您的描述而起作用的解决方案。

<?php
    session_start();

    // If we have a "valid users"
    if (isset($_SESSION['validuser']))
    {
        // Display stuff for registered users
    }
    else // If we don't have a valid user
    {
        // If there was data submitted to the server
        if (isset($_POST))
        {
            // Handle validation for ... whatever
            // print_r($_POST); To see data
        }
    }
?>

<html>
     <body>
        <!-- Don't display the form to "valid users". -->
        <?php if (!isset($_SESSION['validuser'])): ?>
             <form action="<?=$_SERVER['PHP_SELF']?>" method = "POST">
                 <!--  12 fields to be filled out by user     -->
                 <input type = "submit" name = "submit" value = "submit" />
             </form>
        <?php endif; ?>
     </body>
</html>

Answer 3

You are mostly right, the way I would do it would be 您基本上是对的，我会这样做的

 if (isset($_SESSION['validuser'])) {

}else {

    if isset($_POST['submit'])) {
         //Check errors here
    }
}

同一页面上的PHP表单验证-此逻辑正确吗？

问题描述

3 个解决方案

解决方案1
1 2013-08-08 14:08:29

解决方案2
0 2013-08-08 14:02:35

解决方案3
0 2013-08-08 14:03:02

同一页面上的PHP表单验证-此逻辑正确吗？

问题描述

3 个解决方案

解决方案1 1 2013-08-08 14:08:29

解决方案2 0 2013-08-08 14:02:35

解决方案3 0 2013-08-08 14:03:02

解决方案1
1 2013-08-08 14:08:29

解决方案2
0 2013-08-08 14:02:35

解决方案3
0 2013-08-08 14:03:02