九、表单处理
9.1 GET和POST方法
<!-- form.html -->
<!DOCTYPE html>
<html>
<head>
<title>表单示例</title>
</head>
<body>
<!-- GET方法 -->
<form action="process.php" method="get">
<input type="text" name="username">
<input type="submit" value="提交">
</form>
<!-- POST方法 -->
<form action="process.php" method="post">
<input type="text" name="username">
<input type="password" name="password">
<input type="submit" value="提交">
</form>
<!-- 文件上传 -->
<form action="upload.php" method="post" enctype="multipart/form-data">
<input type="file" name="avatar">
<input type="submit" value="上传">
</form>
</body>
</html>
<?php
// process.php - 处理表单数据
// 获取GET数据
$username = $_GET['username'] ?? '';
$username = htmlspecialchars($username); // 防止XSS攻击
// 获取POST数据
$username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';
// 获取REQUEST数据(包含GET、POST、COOKIE)
$username = $_REQUEST['username'] ?? '';
// 检查请求方法
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// 处理POST请求
}
// 表单验证
$errors = [];
if (empty($username)) {
$errors[] = "用户名不能为空";
}
if (strlen($username) < 3) {
$errors[] = "用户名至少3个字符";
}
if (!preg_match("/^[a-zA-Z0-9_]+$/", $username)) {
$errors[] = "用户名只能包含字母、数字和下划线";
}
if (empty($errors)) {
// 保存数据
echo "验证成功";
} else {
// 显示错误
foreach ($errors as $error) {
echo $error . "<br>";
}
}
9.2 文件上传处理
<?php
// upload.php - 处理文件上传
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// 检查是否有文件上传
if (isset($_FILES['avatar']) && $_FILES['avatar']['error'] === UPLOAD_ERR_OK) {
$file = $_FILES['avatar'];
// 获取文件信息
$fileName = $file['name'];
$fileTmpName = $file['tmp_name'];
$fileSize = $file['size'];
$fileError = $file['error'];
$fileType = $file['type'];
// 获取文件扩展名
$fileExt = pathinfo($fileName, PATHINFO_EXTENSION);
$allowedExts = ['jpg', 'jpeg', 'png', 'gif'];
// 验证
if (in_array(strtolower($fileExt), $allowedExts)) {
if ($fileSize <= 5 * 1024 * 1024) { // 5MB
// 生成唯一文件名
$newFileName = uniqid('', true) . '.' . $fileExt;
$uploadPath = 'uploads/' . $newFileName;
// 移动文件
if (move_uploaded_file($fileTmpName, $uploadPath)) {
echo "文件上传成功:" . $newFileName;
} else {
echo "文件移动失败";
}
} else {
echo "文件太大,不能超过5MB";
}
} else {
echo "不允许的文件类型";
}
} else {
// 上传错误
switch ($_FILES['avatar']['error']) {
case UPLOAD_ERR_INI_SIZE:
echo "文件超过php.ini限制";
break;
case UPLOAD_ERR_FORM_SIZE:
echo "文件超过表单限制";
break;
case UPLOAD_ERR_PARTIAL:
echo "文件只有部分被上传";
break;
case UPLOAD_ERR_NO_FILE:
echo "没有文件被上传";
break;
case UPLOAD_ERR_NO_TMP_DIR:
echo "找不到临时文件夹";
break;
case UPLOAD_ERR_CANT_WRITE:
echo "文件写入失败";
break;
}
}
}
?>
9.3 数据验证与过滤
<?php
// 使用filter_var进行验证和过滤
// 验证邮箱
$email = "user@example.com";
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "邮箱有效";
}
// 验证URL
$url = "https://www.example.com";
if (filter_var($url, FILTER_VALIDATE_URL)) {
echo "URL有效";
}
// 验证IP
$ip = "192.168.1.1";
if (filter_var($ip, FILTER_VALIDATE_IP)) {
echo "IP有效";
}
// 验证整数
$age = "25";
if (filter_var($age, FILTER_VALIDATE_INT)) {
echo "整数有效";
}
// 验证整数范围
$options = [
'options' => [
'min_range' => 18,
'max_range' => 60
]
];
if (filter_var($age, FILTER_VALIDATE_INT, $options)) {
echo "年龄在18-60之间";
}
// 数据过滤
$input = "<script>alert('XSS')</script>";
$clean = filter_var($input, FILTER_SANITIZE_STRING);
echo $clean; // "alert('XSS')"
// 过滤特殊字符
$text = "Hello @World!";
$filtered = filter_var($text, FILTER_SANITIZE_SPECIAL_CHARS);
// 自定义验证函数
function validatePhone($phone) {
return preg_match("/^1[3-9]\d{9}$/", $phone);
}
十、会话管理
10.1 Cookie
<?php
// 设置Cookie
// setcookie(name, value, expire, path, domain, secure, httponly)
setcookie("username", "张三", time() + 3600); // 1小时后过期
setcookie("theme", "dark", time() + 86400, "/"); // 全站有效
setcookie("secure", "value", time() + 3600, "/", "", true, true); // 安全Cookie
// 读取Cookie
echo $_COOKIE['username'] ?? '未设置';
// 删除Cookie
setcookie("username", "", time() - 3600); // 设置过期时间为过去
// Cookie数组
setcookie("user[name]", "张三", time() + 3600);
setcookie("user[age]", "25", time() + 3600);
echo $_COOKIE['user']['name']; // 张三
10.2 Session
<?php
// 启动Session
session_start();
// 设置Session变量
$_SESSION['user_id'] = 1;
$_SESSION['username'] = "张三";
$_SESSION['login_time'] = time();
// 读取Session变量
if (isset($_SESSION['user_id'])) {
echo "用户ID:" . $_SESSION['user_id'];
}
// 删除Session变量
unset($_SESSION['username']);
// 删除所有Session变量
$_SESSION = [];
// 销毁Session
session_destroy();
// 会话配置(在php.ini或脚本中)
ini_set('session.cookie_lifetime', 3600);
ini_set('session.gc_maxlifetime', 3600);
ini_set('session.save_path', '/tmp/sessions');
// 安全Session配置
ini_set('session.cookie_httponly', 1);
ini_set('session.use_only_cookies', 1);
ini_set('session.cookie_secure', 1); // HTTPS only
// 登录示例
function login($username, $password) {
// 验证用户
if ($username === 'admin' && $password === '123456') {
session_regenerate_id(true); // 防止会话固定攻击
$_SESSION['user_id'] = 1;
$_SESSION['username'] = $username;
$_SESSION['login_time'] = time();
return true;
}
return false;
}
// 登录检查
function isLoggedIn() {
return isset($_SESSION['user_id']);
}
// 登出
function logout() {
$_SESSION = [];
session_destroy();
session_unset();
}
// 会话超时检查
function checkSessionTimeout($timeout = 1800) {
if (isset($_SESSION['login_time']) && (time() - $_SESSION['login_time'] > $timeout)) {
logout();
return false;
}
return true;
}
十一、数据库操作(MySQLi)
11.1 MySQLi面向过程
<?php
// 连接数据库
$host = 'localhost';
$user = 'root';
$pass = '123456';
$dbname = 'mydb';
$conn = mysqli_connect($host, $user, $pass, $dbname);
// 检查连接
if (!$conn) {
die("连接失败:" . mysqli_connect_error());
}
echo "连接成功";
// 设置字符集
mysqli_set_charset($conn, "utf8mb4");
// 执行查询
$sql = "SELECT * FROM users WHERE age > ?";
$stmt = mysqli_prepare($conn, $sql);
$age = 18;
mysqli_stmt_bind_param($stmt, "i", $age);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
// 获取数据
while ($row = mysqli_fetch_assoc($result)) {
echo "姓名:" . $row['name'] . "<br>";
}
// 获取单条数据
$row = mysqli_fetch_assoc($result);
$rows = mysqli_fetch_all($result, MYSQLI_ASSOC);
// 插入数据
$sql = "INSERT INTO users (name, age) VALUES (?, ?)";
$stmt = mysqli_prepare($conn, $sql);
$name = "张三";
$age = 25;
mysqli_stmt_bind_param($stmt, "si", $name, $age);
mysqli_stmt_execute($stmt);
$insert_id = mysqli_insert_id($conn);
$affected_rows = mysqli_stmt_affected_rows($stmt);
// 更新数据
$sql = "UPDATE users SET age = ? WHERE name = ?";
$stmt = mysqli_prepare($conn, $sql);
$age = 26;
$name = "张三";
mysqli_stmt_bind_param($stmt, "is", $age, $name);
mysqli_stmt_execute($stmt);
// 删除数据
$sql = "DELETE FROM users WHERE name = ?";
$stmt = mysqli_prepare($conn, $sql);
$name = "张三";
mysqli_stmt_bind_param($stmt, "s", $name);
mysqli_stmt_execute($stmt);
// 获取记录数
$count = mysqli_num_rows($result);
// 关闭连接
mysqli_close($conn);
11.2 MySQLi面向对象
<?php
// 连接数据库
$mysqli = new mysqli('localhost', 'root', '123456', 'mydb');
// 检查连接
if ($mysqli->connect_error) {
die("连接失败:" . $mysqli->connect_error);
}
// 设置字符集
$mysqli->set_charset("utf8mb4");
// 准备语句
$stmt = $mysqli->prepare("SELECT * FROM users WHERE age > ?");
$age = 18;
$stmt->bind_param("i", $age);
$stmt->execute();
$result = $stmt->get_result();
// 获取数据
while ($row = $result->fetch_assoc()) {
echo $row['name'];
}
// 插入数据
$stmt = $mysqli->prepare("INSERT INTO users (name, age) VALUES (?, ?)");
$stmt->bind_param("si", $name, $age);
$name = "张三";
$age = 25;
$stmt->execute();
// 获取插入ID
$insertId = $mysqli->insert_id;
// 事务处理
$mysqli->begin_transaction();
try {
$mysqli->query("UPDATE accounts SET balance = balance - 100 WHERE id = 1");
$mysqli->query("UPDATE accounts SET balance = balance + 100 WHERE id = 2");
$mysqli->commit();
} catch (Exception $e) {
$mysqli->rollback();
throw $e;
}
// 关闭连接
$mysqli->close();
11.3 PDO(推荐)
<?php
// 连接数据库
$dsn = "mysql:host=localhost;dbname=mydb;charset=utf8mb4";
$username = "root";
$password = "123456";
try {
$pdo = new PDO($dsn, $username, $password);
// 设置错误模式为异常
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// 设置默认获取模式
$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
echo "连接成功";
} catch (PDOException $e) {
die("连接失败:" . $e->getMessage());
}
// 准备语句(防止SQL注入)
$stmt = $pdo->prepare("SELECT * FROM users WHERE age > :age");
$age = 18;
$stmt->execute(['age' => $age]);
// 获取数据
$users = $stmt->fetchAll();
foreach ($users as $user) {
echo $user['name'];
}
// 获取单条
$user = $stmt->fetch();
// 插入数据
$stmt = $pdo->prepare("INSERT INTO users (name, age) VALUES (:name, :age)");
$stmt->execute([
':name' => "张三",
':age' => 25
]);
$insertId = $pdo->lastInsertId();
// 更新数据
$stmt = $pdo->prepare("UPDATE users SET age = :age WHERE name = :name");
$stmt->execute([
':age' => 26,
':name' => "张三"
]);
// 删除数据
$stmt = $pdo->prepare("DELETE FROM users WHERE name = :name");
$stmt->execute([':name' => "张三"]);
// 事务处理
$pdo->beginTransaction();
try {
$pdo->exec("UPDATE accounts SET balance = balance - 100 WHERE id = 1");
$pdo->exec("UPDATE accounts SET balance = balance + 100 WHERE id = 2");
$pdo->commit();
} catch (Exception $e) {
$pdo->rollBack();
throw $e;
}
// 批量插入
$stmt = $pdo->prepare("INSERT INTO users (name, age) VALUES (?, ?)");
$data = [
["张三", 25],
["李四", 30],
["王五", 28]
];
foreach ($data as $row) {
$stmt->execute($row);
}
// 关闭连接
$pdo = null;
