php非空验证
我想说这种方法是不是很常用的非空验证,现在的普遍使用的是javascript来验证非空,但是作为学习php的一些知识点,还是可以看看的。
先来看看commit.php中的方法
<?php $db = mysql_connect('localhost','root','Ctrip07185419'); mysql_select_db('moviesite',$db) or die(mysql_error($db)); mysql_query('set names "gb2312"',$db); ?> <!-- <html> <head></head> <title>Commit</title> <body> --> <?php switch($_GET['action']) { case "add": { switch($_GET['type']) { case 'movie': $error = array(); $movie_name = isset($_POST['movie_name']) ? trim($_POST['movie_name']) : ''; if(empty($movie_name)) { $error[] = urlencode('Please enter an movie name'); } $movie_type = isset($_POST['movie_type']) ? trim($_POST['movie_type']) : ''; if(empty($movie_type)) { $error[] = urldecode('Please enter an movie type'); } $movie_year = isset($_POST['movie_year']) ? trim($_POST['movie_year']) : ''; if(empty($movie_year)) { $error[] = urldecode('Please enter an movie year'); } $movie_leadactor = isset($_POST['movie_leadactor']) ? trim($_POST['movie_leadactor']) : ''; if(empty($movie_leadactor)) { $error[] = urldecode('Please enter an movie leadactor'); } $movie_director = isset($_POST['movie_director']) ? trim($_POST['movie_director']) : ''; if(empty($movie_director)) { $error[] = urldecode('Please enter an movie director'); } $movie_release = isset($_POST['movie_release']) ? trim($_POST['movie_release']) : ''; if(empty($movie_release)) { $error[] = urldecode('Please enter an movie release'); } else if(!preg_match('|^\d{2}-\d{2}-\d{4}$|' , $movie_release)) { $error[] = urlencode('Please enter a date in dd-mm-yyyy format'); } else { list($day, $month, $year) = explode('-', $movie_release); if(!checkdate($month , $day , $year)) { $error[] = urldecode('please enter a validate date'); } else { $movie_release = mktime(0, 0, 0, $month, $day, $year); } } $movie_rating = isset($_POST['movie_rating']) ? trim($_POST['movie_rating']) : ''; if(empty($movie_rating)) { $error[] = urldecode('Please enter an movie leadactor'); } else if(!is_numeric($movie_rating)) { $error[] = urlencode('Please enter a numeric rating'); } else if($movie_rating < 0 || $movie_rating > 10) { $error[] = urlencode('Please enter a rating between 1 and 10'); } if(empty($error)) { //var_dump($movie_rating); //注意是movie_type不是mvioe_type,大错特错 $query = 'insert into movie(movie_name,movie_year,movie_type,movie_leadactor,movie_director,movie_release,movie_rating) values("'.$movie_name.'",'.$movie_year.','.$movie_type.','.$movie_leadactor.','.$movie_director.','.$movie_release.','.$movie_rating.')'; } else { //注意是Location不是Lacotion,大错特错 header('Location:movie_checkformat.php?action=add&error=' . join($error , urlencode('<br />'))); //var_dump($error); //var_dump($_POST); } break; } break; } case 'edit': switch($_GET['type']) { case 'movie': { $error = array(); $movie_name = isset($_POST['movie_name']) ? trim($_POST['movie_name']) : ''; if(empty($movie_name)) { $error[] = urlencode('Please enter an movie name'); } $movie_type = isset($_POST['movie_type']) ? trim($_POST['movie_type']) : ''; if(empty($movie_type)) { $error[] = urldecode('Please enter an movie type'); } $movie_year = isset($_POST['movie_year']) ? trim($_POST['movie_year']) : ''; if(empty($movie_year)) { $error[] = urldecode('Please enter an movie year'); } $movie_leadactor = isset($_POST['movie_leadactor']) ? trim($_POST['movie_leadactor']) : ''; if(empty($movie_leadactor)) { $error[] = urldecode('Please enter an movie leadactor'); } $movie_director = isset($_POST['movie_director']) ? trim($_POST['movie_director']) : ''; if(empty($movie_director)) { $error[] = urldecode('Please enter an movie director'); } $movie_release = isset($_POST['movie_release']) ? trim($_POST['movie_release']) : ''; if(empty($movie_release)) { $error[] = urldecode('Please enter an movie release'); } else if(!preg_match('|^\d{2}-\d{2}-\d{4}$|' , $movie_release)) { $error[] = urlencode('Please enter a date in dd-mm-yyyy format'); } else { list($day, $month, $year) = explode('-', $movie_release); if(!checkdate($month , $day , $year)) { $error[] = urldecode('please enter a validate date'); } else { $movie_release = mktime(0, 0, 0, $month, $day, $year); } } $movie_rating = isset($_POST['movie_rating']) ? trim($_POST['movie_rating']) : ''; if(empty($movie_rating)) { $error[] = urldecode('Please enter an movie leadactor'); } else if(!is_numeric($movie_rating)) { $error[] = urlencode('Please enter a numeric rating'); } else if($movie_rating < 0 || $movie_rating > 10) { $error[] = urlencode('Please enter a rating between 1 and 10'); } if(empty($error)) { //var_dump($_POST); $query = 'update movie set movie_name="'.$_POST['movie_name'].'", movie_type='.$_POST['movie_type'].', movie_year='.$_POST['movie_year'].', movie_leadactor='.$_POST['movie_leadactor'].', movie_director='.$_POST['movie_director']. ' movie_release='.$_POST['movie_release'].' movie_rating='.$_POST['movie_rating'].' where movie_id='.$_POST['movie_id']; } else { //注意是Location不是Lacotion,大错特错 header('Location:movie_checkformat.php?action=add&error=' . join($error , urlencode('<br />'))); } } break; } break; default: break; } if(isset($query)) { mysql_query($query,$db) or die(mysql_error($db)); } ?> <html> <head> <title>Commit</title> </head> <body> <p>Done!</p> </body> </html>
其实逻辑很简答的,看下面的代码
$movie_leadactor = isset($_POST['movie_leadactor']) ? trim($_POST['movie_leadactor']) : '';
if(empty($movie_leadactor))
{
$error[] = urldecode('Please enter an movie leadactor');
}
其实就是使用isset方法来验证输入是否为空,如果是空的话把错误信息记入到一个数组$error中,然后使用header方法跳转到填写信息的页面中,跳转的方法看上去有点糟糕,如下header('Location:movie_checkformat.php?action=add&error=' . join($error , urlencode('<br />')));,是将所有错误信息使用换行符来连接起来放到url中来跳转,很我觉得这个有点不合适的。
来看填写信息的页面movie_checkformat.php,
<?php $db = mysql_connect('localhost','root','Ctrip07185419') or die('can not connect to mysql'); mysql_select_db('moviesite',$db) or die(mysql_error($db)); mysql_query('set names gbk',$db); if(isset($_GET['action']) && $_GET['action'] == 'edit') { $query = 'SELECT movie_name,movie_type,movie_year,movie_leadactor,movie_director,movie_release,movie_rating FROM movie WHERE movie_id='.$_GET['id']; //echo $query; $result = mysql_query($query , $db) or die(mysql_error($db)); extract(mysql_fetch_assoc($result)); } else { $movie_name=''; $movie_type=0; $movie_year=date('Y'); $movie_leadactor=0; $movie_director=0; $movie_release=time(); $movie_rating=5; } ?> <html> <head> <title><?php echo ucfirst($_GET['action']);?> Movie</title> <style type="text/css"> <!-- #error { background-color: #600; border: 1px solid #FF0; color: #FFF; text-align: center; margin: 10px; padding: 10px; } --> </style> </head> <body> <?php if(isset($_GET['error']) && $_GET['error'] != '') { echo '<div id="error">'.$_GET['error'].'</div>'; } ?> <form action="commit.php?action=<?php echo $_GET['action'];?>&type=movie" method="post"> <table> <tr> <td>Movie Name</td> <td><input type="text" name="movie_name" value="<?php echo $movie_name;?>"/></td> </tr> <tr> <td>Movie Type</td> <td><select name="movie_type" id=""> <?php $query = 'select movietype_id,movietype_label from movietype order by movietype_label'; $result = mysql_query($query , $db) or die(mysql_error($db)); while($row = mysql_fetch_assoc($result)) { if($row['movietype_id'] == $movie_type) { echo '<option value="'.$row["movietype_id"].'" selected="selected">'.$row["movietype_label"].'</option>'; } else { echo '<option value="'.$row["movietype_id"].'">'.$row["movietype_label"].'</option>'; } } ?> </select></td> </tr> <tr> <td>Movie Year</td> <td><select name="movie_year" id=""> <?php for($yr = date('Y');$yr>1970;$yr--) { if($yr == $movie_year) { echo '<option value="'.$yr.'" selected="selected">'.$yr.'</option>'; } else { echo '<option value="'.$yr.'">'.$yr.'</option>'; } } ?> </select></td> </tr> <tr> <td>Lead actor</td> <td><select name="movie_leadactor" id=""> <?php $query = 'select people_id,people_fullname from people where people_isactor = 1 order by people_fullname'; $result = mysql_query($query,$db) or die(mysql_error($db)); while($row = mysql_fetch_assoc($result)) { if($row["people_id"] == $movie_leadactor) { echo '<option value="'.$row["people_id"].'" selected="selected">'.$row["people_fullname"].'</option>'; } else { echo '<option value="'.$row["people_id"].'">'.$row["people_fullname"].'</option>'; } } ?> </select></td> </tr> <tr> <td>Director</td> <td><select name="movie_director" id=""> <?php $query = 'select * from people where people_isdirector=1 order by people_fullname'; $result = mysql_query($query , $db) or die(mysql_error($db)); while($row = mysql_fetch_assoc($result)) { if($row['people_id'] == $movie_director) { echo '<option value="'.$row['people_id'].'" selected="selected">'.$row["people_fullname"].'</option>'; } else { echo '<option value="'.$row['people_id'].'">'.$row["people_fullname"].'</option>'; } } ?> </select></td> </tr> <tr> <td>Movie release date <br /><small>(dd-mm-YYYY)</small></td> <td> <input type="text" name="movie_release" value="<?php echo date('d-m-y' , $movie_release);?>" /> </td> </tr> <tr> <td>Movie rating <br /><small></small></td> <td><input type="text" name="movie_rating" value="<?php echo $movie_rating;?>"/></td> </tr> <tr> <td colspan="2" style="text-align:center"> <?php if('edit' == $_GET['action']) { echo '<input type="hidden" value="'.$_GET["id"].'" name="movie_id"/>'; } ?> <input type="submit" name="submit" value="<?php echo ucfirst($_GET['action']);?>"/> </td> </tr> </table> </form> </body> </html>
在html中的body开始的时候如果传递的error参数不为空则输出错误信息,代码如下:
<?php
if(isset($_GET['error']) && $_GET['error'] != '')
{
echo '<div id="error">'.$_GET['error'].'</div>';
}
?>
很简单,这种写法也很糟糕,完全可以放在javascript中来实现,估计实际生产中很少会有人这么写的。
这里顺便看看一些常见的判断方法:
is_array():判断变量是否是一个数组
is_binary(): 判断变量是否是一个二进制串
is_bool():判断布尔类型变量true还是false,1还是0
is_callable(): 判断变量是否是一个可以访问的函数,估计就是判断是否是代理类型
is_int(): 判断整型
is_null(): 判断是否为空
is_numeric():判断是否是数字或者数字形式的字符串吧
is_object(): 判断变量是否是一个对象
is_resource(): 判断资源类型
is_string(): 判断是否是字符串类型
is_unicode(): 判断是否是unicode字符串
某些时候使用is_xx方法比较慢,使用ctype_xx类型的方法较快,但是它只能检验字符串类型,不能检验对象,数组,资源类型。ctype_xx方法举例如下:
ctype_alnum(): 判断变量是否是数字类型字符串
ctype_alpha(): 判断变量全是字符串
ctype_cntrl(): 判断是控制字符,就是转移字符如"\n"
ctype_digit(): 判断字符串全部是数字字符,不包含任何非数组字符"."这样的也不包含
ctype_graph(): 检查是否有任何可打印字符,除了空格(补)
ctype_lower() : 检查小写字母
ctype_print(): 检查是否都是可打印字符,就是不包含转移字符,和ctype_control()是相斥的
ctype_punct(): 检查是否有任何可打印字符而不是空格或字母数字字符
ctype_space(): 检查是否都是空白字符
ctype_upper() : 检查是否都是大写字符
ctype_xdigit(): 检查是否是16进制的字符串,只能包括 “0123456789abcdef”
还可以使用preg_match来检验输入,这个是用正则表达式的方式来进行检验的。