PHP脚本未将表单数据插入数据库
Posted
技术标签:
【中文标题】PHP脚本未将表单数据插入数据库【英文标题】:PHP script not inserting form data to database 【发布时间】:2012-11-10 16:42:50 【问题描述】:我在将表单数据插入数据库时遇到问题。我可以连接到数据库,因为它不会引发错误但没有插入任何信息。以下是我的代码,任何帮助将不胜感激。
<?php
// string checking
function isValid($str)
if(!preg_match('/[^A-Za-z0-9.-]/', $str))
return true;
else
return false;
// Check for form submission
if(isset($_POST['submit']))
// Get the POST data
$agree = $_POST['agree'];
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$business = $_POST['business'];
$state = $_POST['state'];
$email = $_POST['email'];
// If the T&C box has been ticked
if($agree)
// Validate the POST data
$validationError = '';
// Name Validation
if($firstname == '')
$validationError .= "Please enter your first name.\n";
else
if(is_numeric($firstname))
$validationError .= "The first name you have supplied cannot contain numbers.\n";
if(strlen($firstname) > 50)
$validationError .= "The first name you have supplied must be less than 50 characters.\n";
if(strlen($firstname) < 3)
$validationError .= "The first name you have supplied is too short.\n";
if(isValid($firstname) == false )
$validationError .= "The first name cannot contain special characters.\n";
if($surname == "")
$validationError .= "Please enter your Surname.\n";
else
if(is_numeric($surname))
$validationError .= "The Surname you have supplied cannot contain numbers.\n";
if(strlen($surname) > 50)
$validationError .= "The Surname you have supplied must be less than 50 characters.\n";
if(strlen($surname) < 3)
$validationError .= "The Surname you have supplied is too short.\n";
if(isValid($surname) == false )
$validationError .= "The Surname cannot contain special characters.\n";
if($state == '')
$validationError .= "Please select your state.\n";
// Email validation
// Function to validate email addresses, taken from here: http://www.linuxjournal.com/article/9585
function check_email_address($email)
// Set up regular expression strings to evaluate the value of email variable against
$regex1 = '/^[_a-z0-9-][^()<>@,;:\\"[] ]*@([a-z0-9-]+.)+[a-z]2,4$/i';
// Run the preg_match function on regex 1
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email))
return false;
else
return true;
if($email != '')
if(!check_email_address($email))
$validationError .= "The email address does not appear to be correct, please try again.\n";
else
$validationError .= "Please enter your email address.\n";
//Start the mysql connection
if($validationError == '')
$link = mysql_connect('localhost', '--removed--', '--removed--');
if (!$link)
$validationError .= "There was an error connecting to the database. Please contact us so that we can fix the problem.\n";
else
// Select the db
mysql_select_db("keyinv_seminar", $link);
// Check for an existing entry under that email address
$checkQuery = 'SELECT * FROM seminar WHERE email="' . mysql_real_escape_string($email) . '"';
$result = mysql_query($checkQuery, $link);
if (mysql_num_rows($result) != 0)
$validationError .= "There is already an entry in the competition, using that email address.\n";
else
// There is no existing entry, update the db
$insertQuery = "INSERT INTO seminar (firstname, surname, business, state, email) VALUES ('" . mysql_real_escape_string($firstname) . "', '" . mysql_real_escape_string($surname) . "', '" . mysql_real_escape_string($business) . "', " . mysql_real_escape_string($state) . ", '" . mysql_real_escape_string($email) . "')";
$result = mysql_query($insertQuery, $link);
// Close the connection
if($link)
mysql_close($link);
if($validationError == '')
header('Location: thankyou.php');
else
$validationError = "You must accept the Terms and Conditions \nin order to enter this contest.";
?>
【问题讨论】:
您应该尝试捕获 mysql 错误,而不仅仅是验证错误。请参阅 mysql_error() php 函数。 正如人们常说的那样,你不应该再使用 mysql_query 了,但我相信你输入的 mysql_real_escape_string($state) (在插入时)需要 ' 标记。 -- 查看 F4r-20 的帖子以获得更好的总结。 【参考方案1】:查看您的 INSERT
查询..
$insertQuery = "INSERT INTO seminar (firstname, surname, business, state, email) VALUES ('"
. mysql_real_escape_string($firstname) . "', '"
. mysql_real_escape_string($surname) . "', '"
. mysql_real_escape_string($business) . "', "
. mysql_real_escape_string($state) . ", '"
. mysql_real_escape_string($email) . "')";
您错过了 $state
值周围的一些单引号。改成这样:
$insertQuery = "INSERT INTO seminar (firstname, surname, business, state, email) VALUES ('"
. mysql_real_escape_string($firstname) . "', '"
. mysql_real_escape_string($surname) . "', '"
. mysql_real_escape_string($business) . "', '"
. mysql_real_escape_string($state) . "', '"
. mysql_real_escape_string($email) . "')";
【讨论】:
好吧,我们不知道它很有可能在这个脚本之后被回显。 你是救生员,非常感谢你的帮助。我应该知道让我的代码更具可读性。以上是关于PHP脚本未将表单数据插入数据库的主要内容,如果未能解决你的问题,请参考以下文章
有人可以将来自不同主机的表单数据发送到我的 PHP 脚本,该脚本将获取的数据插入 MySQL 吗?如果是这样,我们如何保护它?