-1
我有一個有四個值的表單,player1,player2,awayTeam和homeTeam。PHP表格提交
在檢查值是否爲空之後,它不想將結果發送到數據庫。我不確定它爲什麼不想提交。
還有兩個隨機數將被比較並根據if num1 > num2記錄提交。
<?php
$link = mysqli_connect("localhost","test", "passowrd", "test");
if (mysqli_connect_error()) {
die ("DB has not been connected");
}
// create two random numbers
$Num1 = rand();
$Num2 = rand();
if (isset($_POST['submit'])) {
$playerOne = mysqli_real_escape_string ($link, $_POST['playerOne']);
$playerTwo = mysqli_real_escape_string ($link, $_POST['playerTwo']);
$awayTeam = mysqli_real_escape_string ($link, $_POST['awayTeam']);
$homeTeam = mysqli_real_escape_string ($link, $_POST['homeTeam']);
//check if player one is empty
if (empty($playerOne)) {
echo "Game Creator PSN required!" . "<br>";
}
//check if player two is empty
if (empty($playerTwo)) {
echo "Second Player PSN required!";
}
} else {
//compare two numbers
if ($Num1 > $Num2) {
$sql = "INSERT INTO randomizer (playerOne, playerTwo, awayteam, homeTeam) VALUES (' $playerOne', '$playerTwo', '$awayTeam', '$homeTeam')";
if ($link->query($sql) === true) {
echo "Record Added Sucessfully";
} else {
echo "There was a problem";
}
} else {
$sql = "INSERT INTO randomizer (playerOne, playerTwo, awayteam, homeTeam) VALUES (' $playerTwo', '$playerOne', '$awayTeam', '$homeTeam')";
if ($link->query($sql) === true) {
echo "Record Added Sucessfully";
} else {
echo "There was a problem";
}
}
}
?>
爲什麼2'insert'語句?目前的執行會發生什麼? – chris85
**警告**:使用'mysqli'時,您應該使用[參數化查詢](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)和['bind_param']( http://php.net/manual/en/mysqli-stmt.bind-param.php)將用戶數據添加到您的查詢中。 **不要**使用手動轉義和字符串插值或串聯來實現此目的,因爲您將創建嚴重的[SQL注入漏洞](http://bobby-tables.com/)。意外地未經轉義的數據是一個嚴重的風險。使用綁定參數不那麼冗長,並且更容易檢查以檢查您是否正確地進行了操作。 – tadman
請儘量避免像'=== TRUE'這樣的不必要的東西混淆你的代碼的習慣。許多函數被設計爲返回邏輯上真或假的值,因此是多餘的。創建像'$ sql'這樣的拋棄變量並立即將它們提供給函數也是一個壞主意。而是直接將該字符串提供給函數。 – tadman