-2
有一些問題確切地說明了我在下面的php腳本中發生錯誤的位置。它通過來自HTML表單的帖子獲取數據。然後在將它們插入數據庫之前嘗試一些驗證。任何人發現任何東西POST服務器端表單驗證
<?php
if(isset($_POST['submit_form']))
{
validate_data($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = strip_tags($data);
$data = htmlspecialchars($data);
$data = mysqli_real_escape_string($data);
return $data;
}
$address = validate_data($_POST['name']);
$address = validate_data($_POST['address']);
$zipcode = validate_data($_POST['zipcode']);
$county = validate_data($_POST['county']);
$phone = validate_data($_POST['phone']);
$email = validate_data($_POST['email']);
$password = validate_data($_POST['password']);
$pwVerified = validate_data($_POST['pwVerified']);
//create connection
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO company (name, address, zipcode, county, phone, email, password, pwVerified)
VALUES
('$name', '$address', '$zipcode','$county','$phone', '$email', '$password', '$pwVerified')";
if ($conn->query($sql) === TRUE) {
// echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}else
{ echo "there is a problem";}
include 'sign.php';
?>
是啊這個'$ data = mysqli_real_escape_string($ data);'不知道你的POST數組是否包含值。該函數需要傳遞給它的db連接。 '$ data = mysqli_real_escape_string($ conn,$ data);'(一件事)。 –
'validate_data($ data)'應該是一個函數:'function validate_data($ data)' –
你得到的錯誤是什麼? – Pete