回答編集履歴
2
変更
test
CHANGED
@@ -9,3 +9,249 @@
|
|
9
9
|
'".$clean_data['middle_name']."','".$clean_data['phone']."')";
|
10
10
|
|
11
11
|
```
|
12
|
+
|
13
|
+
|
14
|
+
|
15
|
+
実行できませんが、想像して作成してみました。
|
16
|
+
|
17
|
+
```php
|
18
|
+
|
19
|
+
<?php
|
20
|
+
|
21
|
+
/* Program name: checkBlankOnly_2.php
|
22
|
+
|
23
|
+
* Description: Program displays the blank form and checks
|
24
|
+
|
25
|
+
* all the form fields for blank fields.
|
26
|
+
|
27
|
+
*/
|
28
|
+
|
29
|
+
ini_set("display_errors","on");
|
30
|
+
|
31
|
+
error_reporting(E_ALL | E_STRICT);
|
32
|
+
|
33
|
+
ini_set("include_path","./includes");
|
34
|
+
|
35
|
+
include("dbinfo.inc");
|
36
|
+
|
37
|
+
|
38
|
+
|
39
|
+
if(isset($_POST['submitted']) and $_POST['submitted'] == "yes")
|
40
|
+
|
41
|
+
{
|
42
|
+
|
43
|
+
foreach($_POST as $field => $value)
|
44
|
+
|
45
|
+
{
|
46
|
+
|
47
|
+
if(empty($value))
|
48
|
+
|
49
|
+
{
|
50
|
+
|
51
|
+
if($field != "middle_name")
|
52
|
+
|
53
|
+
{
|
54
|
+
|
55
|
+
$blank_data[] = $field;
|
56
|
+
|
57
|
+
}
|
58
|
+
|
59
|
+
}
|
60
|
+
|
61
|
+
else
|
62
|
+
|
63
|
+
{
|
64
|
+
|
65
|
+
$good_data[$field] = strip_tags(trim($value));
|
66
|
+
|
67
|
+
}
|
68
|
+
|
69
|
+
}
|
70
|
+
|
71
|
+
if(@sizeof($blank_data) > 0)
|
72
|
+
|
73
|
+
{
|
74
|
+
|
75
|
+
$message = "<p style='color: red; margin-bottom: 0;
|
76
|
+
|
77
|
+
font-weight: bold'>
|
78
|
+
|
79
|
+
You didn't fill in one or more required fields.
|
80
|
+
|
81
|
+
You must enter:
|
82
|
+
|
83
|
+
<ul style='color: red; margin-top: 0;
|
84
|
+
|
85
|
+
list-style: none' >";
|
86
|
+
|
87
|
+
/* display list of missing information */
|
88
|
+
|
89
|
+
foreach($blank_data as $value)
|
90
|
+
|
91
|
+
{
|
92
|
+
|
93
|
+
$message .= "<li>$value</li>";
|
94
|
+
|
95
|
+
}
|
96
|
+
|
97
|
+
$message .= "</ul>";
|
98
|
+
|
99
|
+
echo $message;
|
100
|
+
|
101
|
+
extract($good_data);
|
102
|
+
|
103
|
+
include("form_test3.inc");
|
104
|
+
|
105
|
+
exit();
|
106
|
+
|
107
|
+
}
|
108
|
+
|
109
|
+
foreach($_POST as $field => $value)
|
110
|
+
|
111
|
+
{
|
112
|
+
|
113
|
+
if(!empty($value))
|
114
|
+
|
115
|
+
{
|
116
|
+
|
117
|
+
$name_patt = "/^[A-Za-z' -]{1,50}$/";
|
118
|
+
|
119
|
+
$phone_patt = "/^[0-9)(xX -]{7,20}$/";
|
120
|
+
|
121
|
+
$radio_patt = "/(new|changed)/";
|
122
|
+
|
123
|
+
if(preg_match("/name/i",$field))
|
124
|
+
|
125
|
+
{
|
126
|
+
|
127
|
+
if(!preg_match($name_patt,$value))
|
128
|
+
|
129
|
+
{
|
130
|
+
|
131
|
+
$error_array[] = "$value is not a valid name";
|
132
|
+
|
133
|
+
}
|
134
|
+
|
135
|
+
}
|
136
|
+
|
137
|
+
if(preg_match("/phone/i",$field))
|
138
|
+
|
139
|
+
{
|
140
|
+
|
141
|
+
if(!preg_match($phone_patt,$value))
|
142
|
+
|
143
|
+
{
|
144
|
+
|
145
|
+
$error_array[] = "$value is not a valid phone number";
|
146
|
+
|
147
|
+
}
|
148
|
+
|
149
|
+
} // endif phone format check
|
150
|
+
|
151
|
+
if(preg_match("/status/i",$field))
|
152
|
+
|
153
|
+
{
|
154
|
+
|
155
|
+
if(!preg_match($radio_patt,$value))
|
156
|
+
|
157
|
+
{
|
158
|
+
|
159
|
+
$error_array[] = "$value is not a valid status";
|
160
|
+
|
161
|
+
}
|
162
|
+
|
163
|
+
}
|
164
|
+
|
165
|
+
}
|
166
|
+
|
167
|
+
//$clean_data = NULL;
|
168
|
+
|
169
|
+
//$sql = "INSERT INTO CustomerPhone (last_name,first_name,middle_name,phone)
|
170
|
+
|
171
|
+
//VALUES ('$clean_data[last_name]','$clean_data[first_name]',
|
172
|
+
|
173
|
+
// '$clean_data[middle_name]','$clean_data[phone]')";
|
174
|
+
|
175
|
+
}
|
176
|
+
|
177
|
+
if(@sizeof($error_array) > 0)
|
178
|
+
|
179
|
+
{
|
180
|
+
|
181
|
+
$message = "<ul style='color: red; list-style: none' >";
|
182
|
+
|
183
|
+
foreach($error_array as $value)
|
184
|
+
|
185
|
+
{
|
186
|
+
|
187
|
+
$message .= "<li>$value</li>";
|
188
|
+
|
189
|
+
}
|
190
|
+
|
191
|
+
$message .= "</ul>";
|
192
|
+
|
193
|
+
echo $message;
|
194
|
+
|
195
|
+
extract($clean_data);
|
196
|
+
|
197
|
+
include("form_test3.inc");
|
198
|
+
|
199
|
+
exit();
|
200
|
+
|
201
|
+
}
|
202
|
+
|
203
|
+
else
|
204
|
+
|
205
|
+
{
|
206
|
+
|
207
|
+
$cxn = mysqli_connect($host,$user,$passwd,$dbname)
|
208
|
+
|
209
|
+
or die("Couldn't connect to server");
|
210
|
+
|
211
|
+
//foreach((array)$clean_data as $field => $value)
|
212
|
+
|
213
|
+
$clean_data = array();
|
214
|
+
|
215
|
+
foreach($_POST as $field => $value)
|
216
|
+
|
217
|
+
{
|
218
|
+
|
219
|
+
$clean_data[$field] = mysqli_real_escape_string($cxn,$value);
|
220
|
+
|
221
|
+
}
|
222
|
+
|
223
|
+
//$sql = "INSERT INTO CustomerPhone (last_name,first_name,middle_name,phone)
|
224
|
+
|
225
|
+
//VALUES ('$clean_data[last_name]','$clean_data[first_name]',
|
226
|
+
|
227
|
+
// '$clean_data[middle_name]','$clean_data[phone]')";
|
228
|
+
|
229
|
+
$sql = "INSERT INTO CustomerPhone (last_name,first_name,middle_name,phone) VALUES ('"
|
230
|
+
|
231
|
+
.$clean_data['last_name']."','".$clean_data['first_name']."','"
|
232
|
+
|
233
|
+
.$clean_data['middle_name']."','".$clean_data['phone']."')";
|
234
|
+
|
235
|
+
|
236
|
+
|
237
|
+
$result = mysqli_query($cxn,$sql)
|
238
|
+
|
239
|
+
or die("Couldn't execute query");
|
240
|
+
|
241
|
+
include("stored.inc");
|
242
|
+
|
243
|
+
}
|
244
|
+
|
245
|
+
}
|
246
|
+
|
247
|
+
else
|
248
|
+
|
249
|
+
{
|
250
|
+
|
251
|
+
include("form_test3.inc");
|
252
|
+
|
253
|
+
}
|
254
|
+
|
255
|
+
?>
|
256
|
+
|
257
|
+
```
|
1
変更
test
CHANGED
@@ -1,11 +1,11 @@
|
|
1
|
-
セキュリティの面から変えるのがよろしいかとおもいますが
|
1
|
+
セキュリティの面から変えるのがよろしいかとおもいますが、とりあえすです。
|
2
2
|
|
3
3
|
```php
|
4
4
|
|
5
5
|
$sql = "INSERT INTO CustomerPhone (last_name,first_name,middle_name,phone)
|
6
6
|
|
7
|
-
VALUES ('".$clean_data[last_name]."','".$clean_data[first_name]."',
|
7
|
+
VALUES ('".$clean_data['last_name']."','".$clean_data['first_name']."',
|
8
8
|
|
9
|
-
'".$clean_data[middle_name]."','".$clean_data[phone]."')";
|
9
|
+
'".$clean_data['middle_name']."','".$clean_data['phone']."')";
|
10
10
|
|
11
11
|
```
|