2014-04-11 72 views
0

bellow是一個插入數據到表中的腳本。我已經使用strlen()函數檢查字符串的長度,如果字符串的長度低於限制但它不會停止查詢向表中添加另一行,則會返回錯誤。我怎樣才能做到這一點。非常感謝您關於php字符串長度的問題

<?php 
$con=mysqli_connect("localhost","zzzz","xxxxzzz2","my_project"); 
// Check connection 
if (mysqli_connect_errno()) 
    { 
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
    } 

//$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num) 
//VALUES 
//('$_POST[ProductName]','$_POST[ProductCond]','$_POST[ProductPrice]','$_POST[ProductCat]','$_POST[ProductRegion]','$_POST[Email]','$_POST[PhoneNumber]')"; 

$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num) 
VALUES 
('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')"; 

if (!mysqli_query($con,$sql)) 
    { 
    die('Error: ' . mysqli_error($con)); 
    } 

//here is the part in question 

if (strlen($ProductName) < 10) 
{ 
    die('Error: ' . mysqli_error($sql)); 
} 
echo "1 record added"; 

mysqli_close($con); 
?> 
+0

移動您的插入語句___after___長度檢查....如果它在那之前,那麼它會在那之前運行 –

+0

但是PHP ___中的長字符串測試不會___生成MySQL錯誤,因此顯示MySQLi錯誤如果strlen($ ProductName)<10沒有意義...沒有MySQLi錯誤 –

+0

Mark是正確的,順便說一句你在哪裏給你的'$ ProductName'賦值? –

回答

0

你插入後檢查字符串的長度,你需要插入之前做檢查,這樣的:

<?php 
$con=mysqli_connect("localhost","zzzz","xxxxzzz2","my_project"); 
// Check connection 
if (mysqli_connect_errno()) 
{ 
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
} 

if (strlen($ProductName) < 10) 
{ 
    die('Error: product name too short!'); 
} 

$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat,  product_region, email, phone_num) 
VALUES 
('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')"; 

if (!mysqli_query($con,$sql)) 
{ 
    die('Error: ' . mysqli_error($con)); 
} 

//here is the part in question 


echo "1 record added"; 

mysqli_close($con); 
?> 

編輯使用die不被認爲是最佳做法。更好的方式來做到這一點,是在if聲明它包裝(例如),像這樣:

<?php 
$con=mysqli_connect("localhost","zzzz","xxxxzzz2","my_project"); 
if (mysqli_connect_errno()) { 
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
} elseif (strlen($ProductName) < 10) { 
    echo 'Error: product name too short!'; 
} else { 
    $sql= "INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num) 
      VALUES 
      ('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')"; 

    if (!mysqli_query($con,$sql)) { 
     echo 'Error: ' . mysqli_error($con); 
    } else { 
     echo "1 record added"; 
    } 
} 
mysqli_close($con); 
?> 

基於您的評論編輯2,如果你想檢查字符串ISN 「T超過50個字符,你可以使用這樣的事情:

<?php 
$con=mysqli_connect("localhost","zzzz","xxxxzzz2","my_project"); 
if (mysqli_connect_errno()) { 
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
} elseif (strlen($ProductName) < 10) { 
    echo 'Error: product name too short!'; 
} elseif (strlen($ProductName) > 50) { 
    echo 'Error: product name too long!'; 
} else { 
    $sql= "INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num) 
      VALUES 
      ('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')"; 

    if (!mysqli_query($con,$sql)) { 
     echo 'Error: ' . mysqli_error($con); 
    } else { 
     echo "1 record added"; 
    } 
} 
mysqli_close($con); 
?> 
+0

我還有一個問題,你如何添加另一個條件,以便它也檢查最大限制,例如> 50錯誤:必須小於... – user3463859

+0

我嘗試添加另一個,但如果它不起作用 – user3463859

+0

請參閱我的第二個編輯 – trizz

0

腳本的命令有錯誤的,邏輯需要像這樣:

<?php 
$con=mysqli_connect("localhost","zxzxzx","zxzxzx","my_project"); 
// Check connection 
if (mysqli_connect_errno()) 
    { 
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
    } 

//$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num) 
//VALUES 
//('$_POST[ProductName]','$_POST[ProductCond]','$_POST[ProductPrice]','$_POST[ProductCat]','$_POST[ProductRegion]','$_POST[Email]','$_POST[PhoneNumber]')"; 

$sql="INSERT INTO Product (product_name, product_cond, product_price, product_cat, product_region, email, phone_num) 
VALUES 
('$_POST[product_name]','$_POST[product_cond]','$_POST[product_price]','$_POST[product_cat]','$_POST[product_region]','$_POST[Email]','$_POST[PhoneNumber]')"; 

// First thing is to ask your condition.. 

if (strlen($ProductName) < 10) 
{ 
    die('Error: ' . mysqli_error($sql)); 
} 

echo "1 record added"; 
if (!mysqli_query($con,$sql)) 
    { 
    die('Error: ' . mysqli_error($con)); 
    } 



mysqli_close($con); 
?> 

我建議你在查詢中使用綁定參數來防止SQL注入。 PDO bindings