0
我是相當新的PHP和我有這種代碼的各種問題基本上我想添加2個選擇選項的時間值到一個變量,然後將該變量存儲爲我的數據庫中的時間。我不清楚如何發佈一個包含兩個值的變量,它可能通過數組實現,但我已經嘗試過,並且只是說它沒有結果,請參閱下面的代碼。我可以將兩個選擇元素中的值分配給一個變量嗎?
此外,如果它通過PHP,建議將更有用,請參閱圖像的形式。
<?php
//connect to db
include 'connect.php';
//This is the directory where images will be saved
$event_type = $_POST['event_type'];
$title = strip_tags($_POST['title']);
$description = strip_tags($_POST['description']);
$date = strip_tags ($_POST['date']);
$stime = $_POST['stime']);
$etime = $_POST['etime'])
$add1 = strip_tags($_POST['address1']);
$add2 = strip_tags($_POST['address2']);
$city = strip_tags($_POST['city']);
$postcode = strip_tags($_POST['postcode']);
$country = strip_tags($_POST['country']);
$tick = strip_tags($_POST['tkqty']);
$price = strip_tags($_POST['price']);
$now = time();
$image_name = addslashes($_FILES['image']['name']);
$image_tmpname = addslashes($_FILES['image']['tmp_name']);
$image_size = getimagesize($_FILES['image']['tmp_name']);
if (strtotime($date) < $now) {
echo $errormsg = "that date is not valid";}
if ($image_size==FALSE)
echo "That is not an image";
else
{
if ($image_name)
$target = "uploaded/$image_name";
move_uploaded_file($_FILES['image']['tmp_name'],$target);
$user = $_SESSION['user_id'];
mysql_query ("INSERT into events VALUES('','$event_type','$title','$description','$date','$stime','$etime','$target','$add1','$add2','$city','$postcode','$country','$tick','$price','$user')");
//Tells you if its all ok
echo "<h2> Event Add Successful</h2>";
echo "Your event : ".$title." is now live, please return to <a href='manage_event.php'>manage event</a> area. ";
}
?>
'strip_tags'不是防止SQL注入的正確方法。 –