stackoom
  简体   繁体   中英

PHP Form Validation and POST variables

 原文  2017-06-19 09:19:15       php/ post

Question

I'm new to PHP and I'm trying some form validation. I have the following code:

I submit a form and submit the data to an SQL statement if it passes validation. If the form is valid, it redirects to an external success page.

What I can't do is get the original post variables onto the success page. How could I do this please? My code is below:

PHP: 

   <body>
<?php

$firstnameErr = $emailErr = $lastnameErr = $gradeErr = $roleErr = "";
$firstname = $email = $lastname = $grade = $role = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (empty($_POST["firstname"])) {
        $firstnameErr = "First name is required";
    } else {
        $firstname = user_input($_POST["firstname"]);
    }

    if (empty($_POST["lastname"])) {
        $lastnameErr = "Last mame is required";
    } else {
        $lastname = user_input($_POST["lastname"]);
    }

    if (empty($_POST["email"])) {
        $emailErr = "Email is required";
    } else {
        $email = user_input($_POST["email"]);
    }

    if (empty($_POST["grade"])) {
        $gradeErr = "Grade is required";
    } else {
        $grade = user_input($_POST["grade"]);
    }


    if (empty($_POST["role"])) {
        $roleErr = "Role is required";
    } else {
        $role = user_input($_POST["role"]);
    }

    if($firstnameErr == '' && $emailErr == '' && $lastnameErr == '' && $gradeErr == '' && $roleErr == ''){

        $stmt = $conn->prepare("INSERT INTO `Tom`.`staff_details` (`first_name`, `surname`, `role`, `grade`,`email`) VALUES ('$firstname', '$lastname','$role', '$grade','$email');");
        $stmt->execute();
        header('Location: staff_added.php');
        exit();
    };

}

function user_input($data) {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}

?>

HTML: 

<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
    <fieldset>
        <p><span class="error">* required field</span></p>
        <label>First name:</label><input type="text" name="firstname" />
        <span class="error">* <?php echo $firstnameErr;?></span><br>
        <label>Last name:</label><input type="text" name="lastname" />
        <span class="error">* <?php echo $lastnameErr;?></span><br>
        <label>Role:</label><input type="text" name="role" />
        <span class="error">* <?php echo $roleErr;?></span><br>
        <label>Grade:</label><input type="text" name="grade" />
        <span class="error">* <?php echo $gradeErr;?></span><br>
        <label>Email:</label><input type="text" name="email" />
        <span class="error">* <?php echo $emailErr;?></span><br><br>
        <input class="standard_submit" type="submit" value="Save" id="submit_search_button">
    </fieldset>

</form>

I would like those variables to move across to the staff_added.php page so that I can print them back to the user. I've done some reading over this but as far, it's not making much sense.

Any help would be appreciated.

Thank you

2 answers

solution1
 1  2017-06-19 09:30:56

Using prepared statements you should be looking at an approach like this perhaps rather than directly embedding variables in the sql. 

<?php
    function user_input($data) {
        $data = trim($data);
        $data = stripslashes($data);
        $data = htmlspecialchars($data);
        return $data;
    }
    $firstname = $email = $lastname = $grade = $role = false;

    if( $_SERVER["REQUEST_METHOD"] == "POST" ) {
        $errors=array();


        if( empty($_POST["firstname"])) $errors[] = "First name is required";
        else $firstname = user_input( $_POST["firstname"] );


        if( empty($_POST["lastname"])) $errors[] = "Last mame is required";
        else $lastname = user_input($_POST["lastname"]);


        if( empty($_POST["email"])) $errors[] = "Email is required";
        else $email = user_input($_POST["email"]);


        if( empty($_POST["grade"]) ) $errors[] = "Grade is required";
        else $grade = user_input($_POST["grade"]);



        if( empty($_POST["role"])) $errors[] = "Role is required";
        else $role = user_input( $_POST["role"] );


        if( empty( $errors ) ){

            $stmt = $conn->prepare("INSERT INTO `Tom`.`staff_details` (`first_name`, `surname`, `role`, `grade`,`email`) VALUES (?,?,?,?,?);");
            if( $stmt ){
                $stmt->bind_param('sssss',$firstname,$lastname,$role,$grade,$email);
                $stmt->execute();

                exit( header( 'Location: staff_added.php' ) );
            } else { echo 'statement failed'; }


        } else {
            foreach( $errors as $error )echo $error . '<br />';
        }

    }
?>

solution2
 1 ACCPTED  2017-06-19 10:07:31

You can store the variables in a SESSION object and then will be available from everywhere : 

<?php
session_start();
//other code...
$_SESSION["role"] = $role; 
//other code...
?>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question POST form variables to another php file after validation Php form validation, Post POST Variables on a FORM PHP PHP $_POST Form validation and Postback PHP POST form validation error PHP Form POST Variables Empty Javascript form validation based on PHP session variables PHP form validation from jQuery ajax post Post Self Form Validation and Submission in PHP PHP Form Validation with isset($_POST['name'])
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM