-1
我得到這個錯誤:公告:未定義的索引錯誤
Notice: Undefined index: prospectname in C:\wamp\www\var\SAS\insert.php on line 12
下面是代碼
<form action="#" method="POST" class='form-horizontal form-bordered'>
<div class="control-group">
<label for="prospectname" class="control-label">Prospect Name</label>
<div class="controls">
<input type="text" name="prospectname" id="prospectname" placeholder="prospectname" class="input-xlarge">
</div>
</div>
<div class="control-group">
<label for="status" class="control-label">Status</label>
</div>
</form>
sas.js
$(".registeradd").click(function() {
var prospectname = $("#prospectname").val();
var status = $("#status").val();
var dataString = 'prospectname =' + prospectname + '&status=' + status;
if (prospectname == '') {
alert("Please Enter Some Text");
} else {
$("#flash").show();
$("#flash").fadeIn(400).html;
$.ajax({
type: "POST",
url: "insert.php",
data: dataString,
cache: false,
success: function (html) {
$("#display").after(html);
$("#flash").hide();
}
});
}
return false;
});
Insert.php
<?php
$dbHost = 'localhost'; // usually localhost
$dbUsername = 'root';
$dbPassword = '';
$dbDatabase = 'test';
$db = mysql_connect($dbHost, $dbUsername, $dbPassword) or die ("Unable to connect to Database Server.");
mysql_select_db ($dbDatabase, $db) or die ("Could not select database.");
$prospectname =$_POST['prospectname'];
$status=$_POST['status'];
$sql_insert="insert into salesactivity(prospectname,status) values '$prospectname','$status')";
print $sql_insert;
mysql_query($sql_insert);
?>
您是vurnerable到[SQL注入](http://en.wikipedia.org/wiki/SQL_injection)。你知道嗎? – George