在另一页上带有进程的PHP表单 - 但是PHP验证不起作用

您现在要做的是：

1. 加载index.php
2. 包括process.php
3. 没有$_POST数据，因此它跳过检查并显示表单

然后将表单发布到process.php:

1. 加载process.php
2. 检查$_POST
3. 如果数据正常：echo成功消息，或插入错误时失败
4. 如果数据不正常：您到达脚本末尾时什么也不做，导致空白页

您应该做的是将表单指向index.php

1. 加载index.php
2. 仅当存在$_POST数据时才包括process.php
3. 检查$_POST
4. 如果可以：回显消息和DIE
5. 如果不正常：设置错误
6. 显示表单(再次显示，包括错误(

所以index.php应该看起来像：

<?php
$name = $email = $message = "";
$nameErr = $emailErr = "";
//If there is $_POST data, do the check
if ($_SERVER['REQUEST_METHOD'] == "POST") {
// load process.php only if needed
require_once "process.php";
//... do the testing

if (empty($nameErr) && empty($emailErr)) {
// load config.php only if needed
require_once "config.php";
//... insert into db
if ($stmt -> execute()) {
//SHOW a SUCCESS message and STOP
echo ...;
die;
}
else {
//show a FAIL message and STOP
echo ...;
die;
}
}
}
?>
//At this point, there is either no POST data (first time load), or you checked the data and there are errors. So you DISPLAY THE FORM (again), including errors.
<form action="index.php" method="POST">
....
</form>

我假设您的表单在index.php中。首先，您应该制作一个表格，检查会话中是否有任何存储为错误消息的内容，或者是否显示错误：

<?php
// index.php
session_start();
$emailErr = isset($_SESSION['error_email']) ? $_SESSION['error_email'] : '';
$messageErr = isset($_SESSION['error_message']) ? $_SESSION['error_message'] : '';
$nameErr = isset($_SESSION['error_name']) ? $_SESSION['error_name'] : '';
?>
<form action="process.php" method="POST">
<div>
<label for="name">Name:</label><br />
<input type="text" name="name" id="name" value="<?php echo $name; ?>"><br />
<span class="error"><?php echo $nameErr; ?></span><br />
</div>
<div>
<label for="email">Email:</label><br />
<input type="text" name="email" id="email" value="<?php echo $email; ?>"><br />
<span class="error"><?php echo $emailErr; ?></span><br />
</div>
<div>
<label for="message">Message:</label><br />
<textarea name="message" id="message" cols="22" rows="10"><?php echo $message; ?></textarea>
<span class="error"><?php echo $messageErr; ?></span><br />
</div>
<br />
<input type="submit" name="submit" value="Submit">  
</form>

现在，您应该在process.php中处理表单，并为未验证的字段设置所需的会话错误：

// process.php
session_start();
unset($_SESSION['error_email'], $_SESSION['error_message'], $_SESSION['error_name']);
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$valid = true;
$input_name = test_input($_POST['name']);
if (empty($input_name)) {
$_SESSION['error_name'] = "Please enter a name!";
$valid = false;
} elseif (!preg_match("/^[a-zA-Z ]*$/", $input_name)) {
$_SESSION['error_name'] = "Only letters and white spaces are allowed!";
$valid = false;
} else {
$name = $input_name;
}
$input_email = test_input($_POST['email']);
if (empty($input_email)) {
$_SESSION['error_email'] = "Please enter an email address!";
$valid = false;
} elseif (!filter_var($input_email, FILTER_VALIDATE_EMAIL)) {
$_SESSION['error_email'] = "Invalid email address!";
$valid = false;
} else {
$email = $input_email;
}
$input_message = test_input($_POST['message']);
if (empty($input_message)) {
$_SESSION['error_message'] = "Please enter your message!";
$valid = false;
} else {
$message = $input_message;
}
if ($valid) {
$sql = "INSERT INTO users (name, email, message) VALUES (?, ?, ?)";
if ($stmt = $conn -> prepare($sql)) {
$stmt -> bind_param("sss", $param_name, $param_email, $param_message);
$param_name = $name;
$param_email = $email;
$param_message = $message;
if ($stmt -> execute()) {
echo "<p style='color:green'>Thank you for submitting the form! We'll get back to you soon.</p>";
echo "<a href='index.php'>Go back</a>";
} else {
echo "<p style='color:red'>Something went wrong! Please try again later.</p>";
}
}
$stmt -> close();
$conn -> close();
} else {
$conn -> close();
header('Location: index.php');
exit('<meta httpd-equiv="Refresh" content="0;url=index.php"/>');
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}