php - 如何阻止 mysqli_query 添加缺少信息的记录?
问题描述
我有订阅者输入他们的电子邮件地址的表格,这将被发布到 mysql 数据库。问题是,如果您访问该页面,即使没有订阅,即使没有所需的电子邮件地址,也会将一条记录添加到数据库中。更糟糕的是,它似乎每三秒添加一次记录。我怎么能阻止这个?我的代码有问题吗。
<?php
$servername = "localhost";
$username = "root";
$password = "";
// create connection
$conn = mysqli_connect($servername, $username, $password);
// check connection
if (!$conn) {
die("connection error: " . mysqli_connect_error());
}
echo "connected";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST['email'])) {
$emailErr = "Email required";
} else {
$email = post_input($_POST['email']);
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
if (!isset($emailErr)) {
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email address";
}
}
}
}
// function to clean email
function post_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
// select correct database
mysqli_select_db($conn, "mailinglist");
// query to insert email
$sql = "INSERT INTO subscribers (email) VALUES ('" . $_POST['email'] ."')";
if (mysqli_query($conn, $sql)) {
echo "Thank you for subscribing";
} else {
echo "Error creating record: " . "<br>" . mysqli_error($conn);
}
header('location: index.php');
mysqli_close($conn);
解决方案
只需检查 if 语句是否有可以保存的电子邮件并将保存到数据库的 if 语句如下所示:
<?php
$servername = "localhost";
$username = "root";
$password = "";
// create connection
$conn = mysqli_connect($servername, $username, $password);
// check connection
if (!$conn) {
die("connection error: " . mysqli_connect_error());
}
echo "connected";
$emailErr = ''; //it is a good practice to initialize variable before its use.
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST['email'])) {
$emailErr = "Email required";
} else {
$email = post_input($_POST['email']);
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
if (!isset($emailErr)) {
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email address";
}
}
}
}
// function to clean email
function post_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
// select correct database
mysqli_select_db($conn, "mailinglist");
//if you have an email in $email and there is no
//error in $emailErr
if(!empty($email) && empty($emailErr)) {
//insert it to the db.
//THIS IS INSECURE WAY - Check links in comments!
// query to insert email
$sql = "INSERT INTO subscribers (email) VALUES ('" . $_POST['email'] ."')";
if (mysqli_query($conn, $sql)) {
echo "Thank you for subscribing";
} else {
echo "Error creating record: " . "<br>" . mysqli_error($conn);
}
}
mysqli_close($conn);
header('location: index.php');
exit();
推荐阅读
- php - 如何在 php 中获取 httponly cookie?
- python - django allauth - 如何查询 SocialApp?
- c# - 在 WPF 中异步打开窗口
- codesandbox - 为什么 Codesandbox 无法渲染代码并显示奇怪的错误
- javascript - JS 奇怪的表达式:+!!NaN * "" - - [,]
- reactjs - 有什么方法可以在 react-native 中将屏幕重新渲染到底部标签导航 v5
- python - 使用熊猫对数据框进行排序
- java - 'Controller' 中构造函数的参数 0 需要一个找不到的 'service' 类型的 bean。不工作:添加注释,组件扫描
- angular - Nginx 反向代理允许在 Tomcat 上运行的 Jasper 报告服务器的 CORS 失败的预检请求访问控制检查
- css - 如何在 React 中添加 CSS 退出动画?(没有任何第三方库/包)