Form validation
I need to create a form that has many of the same fields, that have to be inserted into a database, but the problem I have is that if a user only fills in one or two of the rows, the form will still submit the blank data of the empty fields along with the one or two fields the user has filled in.
How can I check for the rows that have not been filled in and leave them out of the query? or check for those that have been filled in and add them to the query. . .
The thank_you.php file will capture the $_POST variables and add them to the database.
<form method="post" action="thank_you.php">
Name: <input type="text" size="28" name="name1" />
E-mail: <input type="text" size="28" name="email1" />
<br />
Name: <input type="text" size="28" name="name2" />
E-mail: <input type="tex开发者_StackOverflow中文版t" size="28" name="email2" />
<br />
Name: <input type="text" size="28" name="name3" />
E-mail: <input type="text" size="28" name="email3" />
<br />
Name: <input type="text" size="28" name="name4" />
E-mail: <input type="text" size="28" name="email4" />
<input type="image" src="images/btn_s.jpg" />
</form>
I am assuming that I could use javascript or jQuery to accomplish this, how would I go about doing this?
Thanx in advance for the help.
As others have said, it's bad practise to rely on javascript as your only form of validation. Look to javascript as a way to help your users submit valid data - but you should always validate on the server side. With that in mind, here's my suggestion:
<form method="post" action="thank_you.php">
Name: <input type="text" size="28" name="name1" />
E-mail: <input type="text" size="28" name="email1" />
<br />
Name: <input type="text" size="28" name="name2" />
E-mail: <input type="text" size="28" name="email2" />
<br />
Name: <input type="text" size="28" name="name3" />
E-mail: <input type="text" size="28" name="email3" />
<br />
Name: <input type="text" size="28" name="name4" />
E-mail: <input type="text" size="28" name="email4" />
<input type="image" src="images/btn_s.jpg" />
</form>
<?php
$num = 4; //Number of times the field is repeated
for($i = 1; $i <= $num; $i++){
if($_POST['name'.$i] != '' && $_POST['email'.$i] !=''){ //Only process if name and email are not blank
$thisname = $_POST['name'.$i];
$thisemail = $_POST['email'.$i];
//Your code here
}
}
?>
It's good to use javascript for form validation, but you shouldn't rely on it. The first thing to do is to check the values in $_POST in PHP, and make sure they're something valid looking (or at the very least, check that they're not "").
To check with javascript, you would put an onSubmit="..." in the form tag, which returns false if the form data is invalid (meaning "don't submit the form"). And you'd also probably want an alert, or you could modify the page somehow to indicate the problem. I'm not going to write out a form validation script for you though.
You can do JavaScript validation by using the submit button to call a JavaScript function instead of submitting the form. If the data passes your validation criteria, the JavaScript function can then submit the data. However, you should not rely completely on JavaScript validation. If the user has JavaScript disabled, their data will not be validated, so your PHP application must be robust enough to handle blank data. It isn't just blank data that you need to be concerned with, though. You need to validate the user input for garbage and sanitize the data before using it in the database.
I don't know the exact PHP syntax, but I'll write some pseudo-code that ought to do the trick. The basic idea is when you retrieve the $_POST values, you'll want to create a new hash that has values that are acceptable and then you can pass that hash to whatever methods needs to build out queries or whatever. The way I'll do this is to remove invalid values from the hash entirely, so it appears they were never there. Obviously, you can do this differently (mark them as invalid, etc).
$cleaned_args = array();
foreach ($_POST as $key => $value) {
if ($_POST[$key] != "" && is_valid_email($_POST[$key])) {
$cleaned_args[$key] = $_POST[$key];
}
make_db_call_or_whatever($cleaned_args);
where is_valid_email
is a method that maybe PHP has or you have to write. You could even generalize the if clause into an is_valid($_POST[arg])
method if you want, but it depends on how complex the situation is.
Hopefully, this helps to give you an idea of how to do this. I think this will be easier than dynamically removing inputs with JavaScript before the form submission and, as mentioned, will be more secure than doing it only on the client side.
精彩评论