我正在为我和我的妻子建立一个CRM,用于我们的业务。我创建了一个页面,其中包含几个目标:
- 能够在数据库中创建新条目。
- 能够查看数据库中的现有条目。
- 能够更新数据库中的现有条目。
我最初有几个 php 文件来执行这些东西,但现在使用 GOTO 函数让代码根据发生的情况弹跳到我需要运行的不同部分,同时保持在同一页面上。
我的问题是,除了看起来很乱之外,这样做是否有失败?将来,我将研究其他更清洁的方法(欢迎提出建议),但这目前对我有用,我想继续该项目并开始构建我需要的其他部分CRM。如果您愿意,可以将其视为测试版。如果我已经做的事情有一些巨大的缺点,我宁愿现在解决它,但如果这至少是温和合理的,我会继续前进。
这是我所拥有的:
<?php
// Include Connection Credentials
include("../../comm/com.php");
//Connection to Database
$link = mysqli_connect($servername, $username, $password, $dbname);
// Connection Error Check
if ($link->connect_errno) {
echo "Sorry, there seems to be a connection issue.";
exit;
}
// Define Empty Temporary Client ID
$new_client_id ="";
// Define Empty Success Message
$successful ="";
// Define Empty Error Messages
$firstnameErr ="";
$lastnameErr ="";
$addressErr ="";
$cityErr ="";
$stateErr ="" ;
$zipcodeErr ="";
$phoneErr ="";
$emailErr ="";
// CHECK FOR SEARCH PROCESS
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (isset($_POST['searched'])) {
$client_id = $_POST['client_id'];
$buttontxt = "Update";
goto SearchReturnProcess;
}
}
// Retrieve Client ID
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST['client_id'])) {
$buttontxt = "Create Client";
goto CreatNewClientProcess;
} else {
$client_id = $_POST['client_id'];
$buttontxt = "Update";
goto UpdateClientProcess;
}
}
// CONTINUE FOR NEW CLIENT
CreatNewClientProcess:
// Check For Missing Fields and report
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["firstname"])) {
$firstnameErr = "First name is a required field - please make entry below";
goto FinishUpProcess;
}
if (empty($_POST["lastname"])) {
$lastnameErr = "Last name is a required field - please make entry below";
goto FinishUpProcess;
}
if (empty($_POST["email"])) {
$emailErr = "Email is a required field - please make entry below";
goto FinishUpProcess;
}
if (empty($_POST["phone"])) {
$phoneErr = "Phone is a required field - please make entry below";
goto FinishUpProcess;
}
if (empty($_POST["address"])) {
$addressErr = "Address is a required field - please make entry below";
goto FinishUpProcess;
}
if (empty($_POST["city"])) {
$cityErr = "City is a required field - please make entry below";
goto FinishUpProcess;
}
if (empty($_POST["state"])) {
$stateErr = "State/Province is a required field - please make entry below";
goto FinishUpProcess;
}
if (empty($_POST["zipcode"])) {
$zipcodeErr = "Postal code is a required field - please make entry below";
goto FinishUpProcess;
}
}
// Prepared Statement For Database Search
if ($stmt = $link->prepare("INSERT INTO client (firstname, lastname, address, city, state, zipcode, phone, email) VALUES (?,?,?,?,?,?,?,?)")){
// Bind Search Variable
$stmt->bind_param('ssssssss', $firstname, $lastname, $address, $city, $state, $zipcode, $phone, $email);
// Define Form Field Input
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$address = $_POST['address'];
$city = $_POST['city'];
$state = $_POST['state'];
$zipcode = $_POST['zipcode'];
$phone = $_POST['phone'];
$email = $_POST['email'];
// Execute the Statement
$stmt->execute();
}
// Close Statment
$stmt->close();
// Report Successful Entry
$successful = "Client Successfully Created!";
// Define New Client ID
$new_client_id = $link->insert_id;
// FINISH NEW CLIENT PROCESS
goto FinishUpProcess;
// CONTINUE FOR SEARCHED PROCESS
SearchReturnProcess:
// Prepared Statement For Database Search
$stmt = $link->prepare("SELECT firstname, lastname, address, city, state, zipcode, phone, email FROM client WHERE client_id=?");
// Bind Client ID into Statement
$stmt->bind_param('s', $client_id);
// Execute the Statement
$stmt->execute();
// Bind Variables to Prepared Statement
$stmt->bind_result($firstname, $lastname, $address, $city, $state, $zipcode, $phone, $email);
//fetch value
$stmt->fetch();
// Close Statment
$stmt->close();
// FINISH SEARCHED PROCESS
goto FinishUpProcess;
// CONTINUE FOR UPDATE CLIENT PROCESS
UpdateClientProcess:
// Prepared Statement For Database Search
if ($stmt = $link->prepare("UPDATE client SET firstname=?, lastname=?, address=?, city=?, state=?, zipcode=?, phone=?, email=? WHERE client_id=?")){
// Bind Search Variable
$stmt->bind_param('sssssssss', $firstname, $lastname, $address, $city, $state, $zipcode, $phone, $email, $client_id);
// Define Form Field Input
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$address = $_POST['address'];
$city = $_POST['city'];
$state = $_POST['state'];
$zipcode = $_POST['zipcode'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$client_id = $_POST['client_id'];
// Execute the Statement
$stmt->execute();
}
// Close Statment
$stmt->close();
// Report Successful Update
$successful = "Client Updated Successfully!";
// FINISH UPDATE PROCESS
goto FinishUpProcess;
// CONTINUE FOR FINISHING UP PROCESS
FinishUpProcess:
// Disconnect from Database
mysqli_close($link)
?>
<!DOCTYPE html>
<html>
<head>
<title>Client Information</title>
<link rel="stylesheet" href="styles.css">
</head>
<body>
<div class="container">
<form id="contact" action="" method="post">
<h4>enter client info below</h4>
<font color="red"><?php echo $successful; ?></font>
<fieldset>
<input name="client_id" value="<?php if (empty($_POST['client_id'])) { echo $new_client_id; } else { echo $_POST['client_id']; } ?>" type="hidden">
</fieldset>
<fieldset>
<font color="red"><?php echo $firstnameErr; ?></font>
<input name="firstname" value="<?php if (isset($_POST['client_id'])) { echo $firstname; } else { echo $_POST['firstname']; } ?>" placeholder="First Name" type="text" tabindex="1" autofocus>
</fieldset>
<fieldset>
<font color="red"><?php echo $lastnameErr; ?></font>
<input name="lastname" value="<?php if (isset($_POST['client_id'])) { echo $lastname; } else { echo $_POST['lastname']; } ?>" placeholder="Last Name" type="text" tabindex="2">
</fieldset>
<fieldset>
<font color="red"><?php echo $emailErr; ?></font>
<input name="email" value="<?php if (isset($_POST['client_id'])) { echo $email; } else { echo $_POST['email']; } ?>" placeholder="Email Address" type="email" tabindex="3">
</fieldset>
<fieldset>
<input name="mailinglist" id="checkbox" type="checkbox" checked>
<label>add to the mailing list</label>
</fieldset>
<fieldset>
<font color="red"><?php echo $phoneErr; ?></font>
<input name="phone" value="<?php if (isset($_POST['client_id'])) { echo $phone; } else { echo $_POST['phone']; } ?>" placeholder="Phone Number" type="tel" tabindex="4">
</fieldset>
<fieldset>
<font color="red"><?php echo $addressErr; ?></font>
<input name="address" value="<?php if (isset($_POST['client_id'])) { echo $address; } else { echo $_POST['address']; } ?>" placeholder="Street Address" type="text" tabindex="5">
</fieldset>
<fieldset>
<font color="red"><?php echo $cityErr; ?></font>
<input name="city" value="<?php if (isset($_POST['client_id'])) { echo $city; } else { echo $_POST['city']; } ?>" placeholder="City" type="text" tabindex="6">
</fieldset>
<fieldset>
<font color="red"><?php echo $stateErr; ?></font>
<input name="state" value="<?php if (isset($_POST['client_id'])) { echo $state; } else { echo $_POST['state']; } ?>" placeholder="State/Province" type="text" tabindex="7">
</fieldset>
<fieldset>
<font color="red"><?php echo $zipcodeErr; ?></font>
<input name="zipcode" value="<?php if (isset($_POST['client_id'])) { echo $zipcode; } else { echo $_POST['zipcode']; } ?>" placeholder="Postal Code" type="text" tabindex="8">
</fieldset>
<fieldset>
<font color="red"><?php echo $countryErr; ?></font>
<input name="country" value="<?php if (isset($_POST['client_id'])) { echo $country; } else { echo $_POST['country']; } ?>" placeholder="Country" type="text" tabindex="9">
</fieldset>
<fieldset>
<input name="vegan" type="checkbox">
<label>Vegan or Vegitarian</label>
</fieldset>
<fieldset>
<input name="smoker" type="checkbox">
<label>Smoker</label>
</fieldset>
<fieldset>
<textarea name="client_notes" placeholder="general notes" tabindex="10"></textarea>
</fieldset>
<fieldset>
<button name="submit" type="submit" data-submit="...Sending"><?php echo $buttontxt; ?></button>
</fieldset>
</form>
</div>
</body>
</html>
我不确定我是否知道PHP中存在goto。多年来,我一直使用(并滥用)我的gotos份额,但最近没有。关于修复:
1 - 您的许多 goto(例如,SearchReturnProcess)可以用函数调用替换。与其制作以标签开头的代码块(并使用 goto 到达那里),不如创建一个具有相同名称的单独函数function SearchReturnProcess()并将代码放在那里。
2 - 对于错误处理,请使用ifelseif:
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["firstname"])) {
$firstnameErr = "First name is a required field - please make entry below";
} elseif (empty($_POST["lastname"])) {
$lastnameErr = "Last name is a required field - please make entry below";
} elseif...
等。 然后,您可以使这组语句以else结尾,后跟"无错误"代码块,或者您可以创建一个通用错误变量(例如,$fieldErr),并在块之后具有类似if ($fieldErr != '')的代码来处理错误显示,并简单地将错误显示在一个位置而不是每个字段旁边。
是的。
我不会宣扬异端和亵渎,但会告诉你你的大多数 GOTO 都是错误的。
- 更新客户端进程。这是一个非常奇怪的想法,您必须仅验证创建的输入。创建和更新应始终相同。所以这个是无用和有害 的
- 完成验证例程中的过程。从可用性的角度来看,这很糟糕。当受害者的头被固定在滴水的水龙头下时,有一种古老的中国酷刑。起初无害,但及时让人发疯。所以你正在进行验证。为什么不检查所有字段,然后立即告诉用户,而不是一个接一个地显示错误?
- 完成保存数据的过程。这违反了HTTP协议规则,即在处理POST请求后,服务器应发出位置标头,使用GET方法重定向客户端。否则,如果客户端刷新页面,则记录将被复制。
- 看起来很乱。你说的。由于其单调的结构,我花了很长时间来浏览您的代码以对其进行审查。代码填充是故意发明的。例如,在 Python 中,您被迫使用填充来区分从属代码块。
此代码的正确结构如下
$errors = [];
if ($_POST) {
if (empty($_POST["firstname"])) {
$errors['firstname'] = "First name is a required field - please make entry below";
}
// and so on
if (!$errors) {
if (empty($_POST['client_id'])) {
// go for insert
} else {
// go for update
}
header("Location: .");
exit;
}
$firstname = htmlspecialchars($_POST['firstname']);
// and so on
}
if (!$errors ) {
if (!empty($_GET['client_id'])) {
// search your data from a GET variable
} else {
// define empty variables
}
}
?>
<html goes here>