-1
好的。看來我的PHP代碼存在一些問題,而且它正在擾亂我。到目前爲止,形式一半工作,一半不工作。這裏是代碼。現在PHP表單數組到MySQL數據庫
<?php
include "cgi-bin/toplinks.php"; include "cgi-bin/charsheetarrays.php"; include "cgi-bin/dropdown.php"; include "cgi-bin/connect_to_mysql.php";
if (isset($_POST['pccharname'])){
$playerid=$_SESSION['id'];
$pccharname=ereg_replace("[^A-Z a-z]", "", $_POST['pccharname']);
$pcclan=$_POST['pcclan'];
$pcfamily=$_POST['famnames'];
$pchonor=$_POST['pchonor'];
$pcglory=$_POST['pcglory'];
$pcstatus=$_POST['pcstatus'];
$pctaint=$_POST['pctaint'];
$charconcept=ereg_replace("[^A-Z a-z]", "", $_POST['charconcept']);
$pcmon=$_POST['pcmon'];
$pcfamilyties=ereg_replace("[^A-Z a-z.:]", "", $_POST['pcfamilyties']);
$pchistorytext=ereg_replace("[^A-Z a-z.:]", "", $_POST['pchistorytext']);
$pcbelieftext=ereg_replace("[^A-Z a-z.:]", "", $_POST['pcbelieftext'])
$pcgoalstext=ereg_replace("[^A-Z a-z.:]", "", $_POST['pcgoalstext']);
$pchookstext=ereg_replace("[^A-Z a-z.:]", "", $_POST['pchookstext']);
$pcstatagi=$_POST['pcstatagi'];
$pcstatint=$_POST['pcstatint'];
$pcstatref=$_POST['pcstatref'];
$pcstataware=$_POST['pcstataware'];
$pcstatstam=$_POST['pcstatstam'];
$pcstatwill=$_POST['pcstatwill'];
$pcstatstr=$_POST['pcstatstr'];
$pcstatpercep=$_POST['pcstatpercep'];
$pcstatvoid=$_POST['pcstatvoid'];
$pcinitmodroll=$_POST['pcinitmodroll'];
$pcinitmodkeep=$_POST['pcinitmodkeep'];
$pcinitmodbonus=$_POST['pcinitmodbonuse'];
$pcwoundmod=$_POST['pcwoundmod'];
$pcarmor=$_POST['pcarmor'];
$pctnmods=$_POST['pctnmods'];
$pcadddisadlist=$_POST['pcaddisadlist'];
$ssstringarr=array (ss1=>$_POST['ss0'],ss2=>$_POST['ss1'],ss3=>$_POST['ss2'],ss4=>$_POST['ss3'],ss5=>$_POST['ss4'],ss6=>$_POST['ss5'],ss7=>$_POST['ss6']);
$ssstring=implode("~",$ssstringarr);
for($i=0; $i<36; $i++)
{
$n=$i-1;
$skillnum="skill". $n;
$emphnum="skill". $n ."emph";
$ranknum="skill". $n ."rank";
$skillstringarr= array();
$skillemphstringarr= array();
$skillrankstringarr= array();
$skillstringarr[skillnum] = $_POST[skillnum];
$skillemphstringarr[emphnum] = $_POST[emphnum];
$skillrankstringarr[ranknum] = $_POST[ranknum];
}
$skillstring=implode("~",$skillstringarr);
$emphstring=implode("~",$skillemphstringarr);
$rankstring=implode("~",$skillrankstringarr);
$pctechs=$_POST['pctechs'];
$pcspells=$_POST['pcspells'];
$pckata=$_POST['pckata'];
$pckiho=$_POST['pckiho'];
$pcworninv=$_POST['pcworninv'];
$pcownedinv=$_POST['pcownedinv'];
$pcnormgen=$_POST['pcnormgen'];
$pcdamgen=$_POST['pcdamgen'];
$pcgmnotes=$_POST['pcgmnotes'];
$servinfolog=$_POST['servinfolog'];
$pcdatesanc=$_POST['pcdatesanc'];
$pcwhosanc=$_POST['pcwhosanc'];
$pclastlogin=$_POST['pclastlogin'];
$pcxpavail=$_POST['pccp'];
if (($pccharname=="")||($pcclan=="---")||$famname=="---"||$famname=="Pick A Family"||($pcschool=="---")||($pcschool=="--Crab Schools--")||($pcschool=="--Crab Schools--")||($pcschool=="--Crane Schools--")||($pcschool=="--Dragon Schools--")||($pcschool=="--Lion Schools--")||($pcschool=="--Mantis Schools--")||($pcschool=="--Phoenix Schools--")||($pcschool=="--Scorpion Schools--")||($pcschool=="--Unicorn Schools--")||($pcschool=="--Imperial Schools--")||($pcschool=="--Badger Schools--")||($pcschool=="--Dragonfly Schools--")||($pcschool=="--Hare Schools--")||($pcschool=="--Monkey Schools--")||($pcschool=="--Oriole Schools--")||($pcschool=="--Ox Schools--")||($pcschool=="--Sparrow Schools--")||($pcschool=="--Tortoise Schools--")||($pcschool=="--Monk Schools--")||($pcschool=="--Ronin Schools--")||($pcschool=="--Merchant Schools")||($pcschool=="--Pick A School--"))
{
$errormsg = "Please correct your error";
}else{
$sql=mysql_query("INSERT INTO pcchars (playerid,pccharid,pccharname,pcclan,pcschool,pchonor,pcglory,pcstatus,pctaint,pchistorytext,pcbelieftext,pcgoalstext,pchookstext,charconcept,pcmon,pcfamilyties,pcstatagi,pcstatint,pcstatref,pcstataware,pcstatstam,pcstatwill,pcstatstr,pcstatpercep,pcstatvoid,pcinitmodroll,pcinitmodkeep,pcinitmodbonus,pcwoundmod,pcarmor,pctnmods,pcaddisadlist,ssstring,skillstring,emphstring,rankstring,pctechs,pcspells,pckata,pckiho,pcworninv,pcownedinv,pcgentry,damgentry,pcgmnotes,servinfolog,pcdatecreate,issanced,pcdatesanc,whosanc,pclastlogin,pcxpavail)VALUES('$playerid','$pccharid','$pccharname','$pcclan','$pcschool','$pchonor','$pcglory','$pcstatus','$pctaint','$pchistorytext','$pcbelieftext','$pcgoalstext','$pchookstext','$charconcept','$pcmon','$pcfamilyties','$pcstatagi','$pcstatint','$pcstatref','$pcstataware','$pcstatstam','$pcstatwill','$pcstatstr','$pcstatpercep','$pcstatvoid','$pcinitmodroll','$pcinitmodkeep','$pcinitmodbonus','$pcwoundmod','$pcarmor','$pctnmods','$pcaddisadlist','$ssstring','$skillstring','$emphstring','$rankstring','$pctechs','$pcspells','$pckata','$pckiho','$pcworninv','$pcownedinv','$pcgentry','$damgentry','$pcgmnotes','$servinfolog','now()','$issanced','$pcdatesanc','$whosanc','$pclastlogin','$pcxpavail')") or die (mysql_error());
}
}else{
echo "<html><head></head><body>Please <a href='http://fiveringsonline.net/login.php'>Login</a> here. You will have to make your character again, because I haven't set it up to save.</body></html>";
}//close id set
?>
,爲pchistory和技能,等級和EMPH陣內爆,我什麼也得不到。也沒有adsdissads。 現在,歷史和adsdisads是textareas,所以,他們應該在技術上工作。
我明白我的循環我的廢話,考慮到它傳遞價值觀像沒有人的業務。
所以,最終,我正在尋找一點幫助,讓這個工作。
PDO。學習它,愛它。 http://xkcd.com/327/ –
你正在做一些可怕的錯誤。請了解[SQL注入](http://en.wikipedia.org/wiki/SQL_injection)。如果有人在你的表單中輸入了SQL代碼,這將會被執行(如果正確),並且可以讀取/刪除/做任何你想要處理的數據庫......非常危險! 拜倫惠特洛克提到了PDO,如果使用得當,也可以解決這個問題。 – opatut
sohsiteadmin,@Byron Whitlock在說你的代碼非常注重SQL注入。在搜索窗口(或谷歌)中鍵入'sql-injection php'。 – Ben