-1
我的代碼不能正常工作,檢查是否主題名稱是已經存在使用PHP SQL注入預處理語句:PHP的MySQL - 檢查主題名稱是否已經存在
代碼:
<?php
if($_GET["action"] == "post") {
$servername = "localhost";
$username = "MY DB";
$password = "MY PASS";
$dbname = "MY DB";
// Create connection
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$checkSubject = $conn->prepare("SELECT * FROM IndexData WHERE SubjectName = ?");
$checkSubject->bind_param('s', $_POST['filename']);
$checkSubject->execute();
$checkSubject->store_result();
$countSubject = $checkSubject->num_rows;
//Create or Edit Files
if(strlen($_POST['filename']) <= 30 && strlen($_POST['filename']) >= 8 && strlen($_POST['comment']) >= 100 && strlen($_POST['comment']) <= 5000 && strlen($_POST['description']) >= 50 && strlen($_POST['description']) <= 500 && strlen($_POST['userSName']) >= 10 && strlen($_POST['userSName']) <= 20) {
if ($countSubject > 0) {
$echoTxt = " <pre>Subject Has Been Posted!
Link: <a href=\"Code-Blog-Index-Posts.php?SubjectName=" . $_POST['filename'] . "\" target=\"_blank\">Click Me</a></pre> <br>";
require("CreateDataPosts.php");
} else {
$echoTxt = die("<pre>[ERROR]Subject Already Exist!</pre>");
}
} else {
echo "<pre><span class=\"error\">Subject must Greater than 8 and Less than 30 characters</span></pre>";
echo "<pre><span class=\"error\">Post must Greater than 100 and Less than 5000 characters</span></pre>";
echo "<pre><span class=\"error\">Description must Greater than 50 and Less than 500 characters</span></pre>";
die();
}
echo $echoTxt;
echo "<a name=\"PostResult\"></a>";
$countSubject->close();
$conn->close();
}
?>
,它總是返回到0
我不知道爲什麼,但 我希望你可以解決它的傢伙!,謝謝!
'$ _POST ['filename']'這使得我的* Spidey感*刺痛,因爲它最可能需要'$ _FILES'。很難肯定地說沒有看到表格是什麼樣的。 –
我使用窗體實例:'' – CharlesCraft50
'這是值得懷疑的if($ _ GET [「action」] ==「post」)''。檢查錯誤報告和查詢錯誤。 –