Home > Article > Backend Development > How to implement data verification after PHP form submission
How to implement data validation after PHP form submission
When developing web applications, forms are one of the most common ways to interact with users. However, the data submitted by users is often unreliable, so we need to verify the data submitted by the form to ensure the security and integrity of the data. This article will introduce how to use PHP to implement data validation after form submission.
action
attribute of the form to the path of a PHP file to handle form submission The data. For example: <form action="handle_form.php" method="post"> <input type="text" name="username" placeholder="用户名"> <input type="password" name="password" placeholder="密码"> <input type="submit" value="提交"> </form>
$_POST
global variable to obtain the form submission data. Then, we can perform corresponding verification for different form fields. For example, we can use the empty()
function to check if a required field is empty, and the filter_var()
function to verify email addresses and URLs and other specific formats.
<?php $username = $_POST['username']; $password = $_POST['password']; // 验证用户名 if (empty($username)) { echo "用户名不能为空"; } // 验证密码 if (empty($password)) { echo "密码不能为空"; } // 验证邮箱 $email = $_POST['email']; if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { echo "邮箱格式不正确"; } // 验证URL $url = $_POST['url']; if (!filter_var($url, FILTER_VALIDATE_URL)) { echo "URL格式不正确"; } ?>
In the above example, we first use the empty()
function to check whether the user name and password are empty. If they are empty, the corresponding prompt information will be output. Then, we use the filter_var()
function to verify whether the email and URL match the corresponding format. If they do not match, the corresponding prompt information is output.
<?php $errors = []; // 验证用户名 if (empty($username)) { $errors['username'] = "用户名不能为空"; } // 验证密码 if (empty($password)) { $errors['password'] = "密码不能为空"; } // 验证邮箱 $email = $_POST['email']; if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors['email'] = "邮箱格式不正确"; } // 验证URL $url = $_POST['url']; if (!filter_var($url, FILTER_VALIDATE_URL)) { $errors['url'] = "URL格式不正确"; } if (!empty($errors)) { foreach ($errors as $error) { echo $error; } } ?>
By storing error information in the $errors
array, and traversing and outputting error information after submission, unified error handling and prompts can be achieved.
<?php $username = $_POST['username']; $username = mysqli_real_escape_string($conn, $username); // ... ?>
In the above example, we use the mysqli_real_escape_string()
function to safely escape the user name, which can prevent users from maliciously submitting data containing special characters.
Summary
Through the above steps, we can verify the data after the form is submitted, thereby improving the security of the application. In actual applications, more flexible verification can be performed based on specific needs, and front-end JavaScript can be combined for real-time verification to improve user experience.
The above is the detailed content of How to implement data verification after PHP form submission. For more information, please follow other related articles on the PHP Chinese website!