PHP必填字段（无HTML）

Question

So I need help with a required form field. I want the 3 fields (exam_id, subject, exam_date) to be required fields when filling out the PHP form. So when the insert button is hit, if a field is left blank and error will display or the action won't complete unless every field is filled in. I'm using all php, no HTML and no, I don't want to redo my form as HTML calling the php, I want it like this. There's no security problems either, this is just a simple project. My code:

<?php
echo '<link rel="stylesheet" type="text/css" href="css/tables.css" />';

$con = mysql_connect("localhost","root");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("StudentExams", $con);

if (isset($_POST['update']))
{
$UpdateQuery = "UPDATE Exam SET exam_id='$_POST[exam_id]', subject='$_POST[subject]', exam_date='$_POST[exam_date]' WHERE exam_id='$_POST[hidden]'";
mysql_query($UpdateQuery, $con);
};

if (isset($_POST['delete']))
{
$DeleteQuery = "DELETE FROM Exam WHERE exam_id='$_POST[hidden]'";
mysql_query($DeleteQuery, $con);
};

if (isset($_POST['insert']))
{
$InsertQuery = "INSERT INTO Exam (exam_id, subject, exam_date) VALUES ('$_POST[uexam_id]','$_POST[usubject]','$_POST[uexam_date]')";
mysql_query($InsertQuery, $con);
};

$sql = "SELECT * FROM Exam";

$Data = mysql_query($sql,$con);

echo "<table id='size' border='1'>
<tr>
<th>Exam_ID</th>
<th>Subject</th>
<th>Exam_Date</th>
</tr>";
while($record = mysql_fetch_array($Data))
{
echo "<form action=examisud.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name=exam_id value=" . $record['exam_id'] . " </td>";
echo "<td>" . "<input type=text name=subject value=" . $record['subject'] . " </td>";
echo "<td>" . "<input type=text name=exam_date value=" . $record['exam_date'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['exam_id'] . " </td>";
echo "<td>" . "<input type=image name=update value=update id=submit src=images/update.png" . " </td>";
echo "<td>" . "<input type=image name=delete value=delete id=submit src=images/delete.png" . " </td>";
echo "</tr>";
echo "</form>";
}
echo "<form action=examisud.php method=post>";
echo "<tr>";
echo "<td><input type=text name=uexam_id></td>";
echo "<td><input type=text name=usubject></td>";
echo "<td><input type=text name=uexam_date></td>";
echo "<td>" . "<input type=image name=insert value=insert id=submit src=images/insert.png" . " </td>";
echo "</form>";
echo "</table>";



echo "<a href='ExamForm.html'> Back to main page </a>";

mysql_close($con);

?>

Thanks in advance for anyone who can help me out! I feel there is either a very simple solution i'm missing or it's very convoluted due to the absence of a generic HTML form.

Answer 1

Just do a check on the top with isset

if(!isset($_POST['exam_id'],$_POST['subject'],$_POST['exam_date']))
{
 echo "These fields are required ! Please fill it up";
 header("location:backtoform.php");exit;
}

Warning : Since you are passing the $_POST parameters directly onto your query, you are prone to SQL Injection attacks.

---

This( mysql_* ) extension is deprecated as of PHP 5.5.0 , and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. Switching to PreparedStatements is even more better to ward off SQL Injection attacks !

Answer 2

isset( ... ) is only used to see if a field is set or not. It doesn't care if the value of the field is empty.

You need to use empty( .. ) instead. It would return true only if the field was ever set and is not empty. Two apples with one shot.

Across all your if statements, use !empty. Maintain an $error variable and initialize it to FALSE. Whenever an error occurs, set $error to TRUE. In the end, perform the required operation only when $error == FALSE .

$error = false;
    if (  !empty($_POST['update']   ){
    // stuff
    }
    else {
    // display error message
    $error=true;
    }

if(!$error){
// operations
}

This way you can neatly separate validations from operations.