堆栈内存溢出
  简体   繁体   English

PHP验证表单,不带字符

[英]Php validation form without char

 原文  2016-07-17 07:14:22       javascript/ php

问题描述

I have a problem.I need that the user can not send the form without having to write something I have this form : 我有一个问题,我需要用户不能发送表单,而不必写一些我拥有此表单的东西: 

 <div id="content" class="inner-wrapper reg"> <div id="mside"> <div class="section goback"> <div class="btn-back"><a class="back" onClick="history.go(-1)"><?= $lang['profile']['back'] ?></a></div> </div> <div class="section register"> <form id="mail-cons" method="post" action="" enctype="multipart/form-data" > <div class="step2"> <ul class="step-ul"> <h2>Asesoría vía correo electrónico</h2> <?//Primul pas pt user, descrierea problemei if(loggedtype()=='user' AND $data['user_description']==''){?> <div class="step-message sys-info"><img class='small icon' src='<?=$url_base?>css/images/icons/information.png' alt=''/> <?=$lang['mc']['user_step1']?></div> <div class="row mail-cnsl"> </div> <div class="row"> <textarea id="descriere2 " name="descriere" class="tinymce" rows="20" cols="50" style="width: 554px; height: 517px;"><?php echo $_REQUEST["descriere"];?></textarea> </div> <div class="row submit mail-cnsl"> <input type="submit" name="submitdesc" value="Enviar solicitud!" /> </div> <? } ?>

And this function for validation: 并使用此功能进行验证: 

 <script type="text/javascript"> function validate_required(field,alerttxt) { with (field) { if (value==null||value=="") { alert(alerttxt);return false; } else { return true; } } } function validate_form(thisform) { with (thisform) { if(window.clicked) return true; if (validate_required(user_description_extra,"Por favor, introduzca el motivo del rechazo!")==false) {user_description_extra.focus();return false;} } } </script> <script type="text/javascript"> function validate_length(f,a,l){ z=f.value; x=z.length; if (x<l){alert (a); f.focus(); return false;} return true; } </script>

And this function for submit : 并提交此功能: 

 if(isset($_POST['submitdesc'])){ $upd = mysql_query("UPDATE discussion SET active='0' WHERE id='".$_GET['iddisc']."'") or die(mysql_error()); $sel = mysql_query("SELECT * FROM discussion WHERE id='".$_GET['iddisc']."'") or die(mysql_error()); $data = mysql_fetch_array($sel); $upd_mc = mysql_query("UPDATE mail_counseling SET new_user=0, new_cons=1, user_description='".mysql_real_escape_string($_POST['descriere'])."' WHERE id_disc='".$_GET['iddisc']."'") or die(mysql_error()); //Notificari if($_SESSION['loggedin']['type']=='user'){ $insid = $user['id_user']; $type1 = 'user'; $type2 = 'client'; }else{ $insid = $cons['id_counselor']; $type1 = 'consilier'; $type2 = 'counselor'; } $insnotifs = mysql_query("INSERT INTO mc_notifs (type,id_user,message) VALUES ('".$_SESSION['loggedin']['type']."','".$insid."','".mysql_real_escape_string($message)."')") or die(mysql_error()); //End Notificari //Send notification mail $query_tpl_mail = "SELECT * FROM mails WHERE id_mails='6'"; $tpl_mail = mysql_query($query_tpl_mail, $conn) or die(mysql_error()); $row_tpl_mail = mysql_fetch_assoc($tpl_mail); $subject = $row_tpl_mail['title_mail'.$lng_s_tb]; $message = $row_tpl_mail['description'.$lng_s_tb]; avertizare_mail($cons["email"],$subject,$lang['mc']['notif1']); avertizare_mail($user["email"],$subject,$lang['mc']['notif11']); header("Location: ".$url_base."$tip_user-account/mail-counseling/ok/"); exit; }

But don't work .Can I help my? 但是不工作。我能帮我吗?

1 个解决方案

解决方案1
 0  2016-07-17 07:35:25

Do not rely on the client side validation. 不要依赖客户端验证。 Turning off javascript may leave your form vulnerable. 关闭javascript可能会使您的表单容易受到攻击。 You must do this work in php more securely and easily. 您必须在php中更安全,更轻松地完成此工作。 

if(isset($_POST['submitdesc'])){

    $desc = htmlspecialchars(trim($_POST['descriere']))); 

    if(isset($desc)){
           $upd = mysql_query("UPDATE discussion SET active='0' WHERE id='".$_GET['iddisc']."'") or die(mysql_error());

   $sel = mysql_query("SELECT * FROM discussion WHERE id='".$_GET['iddisc']."'") or die(mysql_error());
   $data = mysql_fetch_array($sel);

   $upd_mc = mysql_query("UPDATE mail_counseling SET new_user=0, new_cons=1, user_description='".mysql_real_escape_string($_POST['descriere'])."' WHERE id_disc='".$_GET['iddisc']."'") or die(mysql_error());

   //Notificari
   if($_SESSION['loggedin']['type']=='user'){
      $insid = $user['id_user'];
      $type1 = 'user';
      $type2 = 'client';
   }else{
      $insid = $cons['id_counselor'];
      $type1 = 'consilier';
      $type2 = 'counselor';
   }



   $insnotifs = mysql_query("INSERT INTO mc_notifs (type,id_user,message) VALUES ('".$_SESSION['loggedin']['type']."','".$insid."','".mysql_real_escape_string($message)."')") or die(mysql_error());
   //End Notificari

   //Send notification mail
   $query_tpl_mail = "SELECT * FROM mails WHERE id_mails='6'";
   $tpl_mail = mysql_query($query_tpl_mail, $conn) or die(mysql_error());
   $row_tpl_mail = mysql_fetch_assoc($tpl_mail);

   $subject = $row_tpl_mail['title_mail'.$lng_s_tb];
   $message = $row_tpl_mail['description'.$lng_s_tb];
   avertizare_mail($cons["email"],$subject,$lang['mc']['notif1']);
   avertizare_mail($user["email"],$subject,$lang['mc']['notif11']);
   header("Location: ".$url_base."$tip_user-account/mail-counseling/ok/");
   exit;
    }else{
       ?><script>alert('Empty text field is not allowed.')</script><?php
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PHP表单验证警报,无需重定向页面 - PHP form validation alerts without redirecting page 使用PHP无需jQuery进行Ajax表单验证 - Ajax form validation with php WITHOUT jQuery 使用PHP验证显示表单提交的数据值而无需刷新 - Show form submitted data values with PHP validation without refresh 表单验证,无警报 - Form Validation without Alerts 未经验证取消表格 - Cancel Form without validation 角度形式验证但没有 <form> ? - Angular form validation but without <form>? php和javascript中的表单验证 - form validation in php and javascript jQuery验证与PHP形式 - jquery validation with php form 带有JavaScript验证的php表单 - php form with javascript validation PHP验证表格 - PHP validation form
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM