0
如果text_checkin等於從(從我的表中的列保留是)保留。再次如果text_checkin等於列reservefrom,瀏覽器將回顯「相同的日期」,它在第一行工作,但我輸入第二行相同的數據在保留從列數據將被插入,即使reservefrom列是等於text_checkin。PHP和MySQL中的等值數據
這裏的結構:
$reservation = mysqli_query($db, "SELECT * from reservation");
//if submit is clicked
$checkin = $_POST['text_checkin'];
$sqlroom3 = "SELECT * FROM reservation";
$resultroom3 = mysqli_query($db, $sqlroom3);
$valuesroom3 = mysqli_fetch_assoc($resultroom3);
$num_rowsroom3 = $valuesroom3['reservefrom'];
if(isset($_POST['submitBtn']) && $row = mysqli_fetch_array($reservation))
{
if($row['reservefrom'] == $checkin)
{
echo "asdasd";
}
else
{
$lastname = $_POST['text_lastname'];
$firstname = $_POST['text_firstname'];
$address = $_POST['text_address'];
$tnumber = $_POST['text_tnumber'];
$cnumber = $_POST['text_cnumber'];
$email = $_POST['text_email'];
$checkin = $_POST['text_checkin'];
$checkout = $_POST['text_checkout'];
$room = $_POST['text_room'];
$tour = $_POST['text_tour'];
$guest = $_POST['text_guest'];
$query = "INSERT INTO reservation (lastname, firstname, homeaddress, telephonenumber, cellphonenumber, email, reservefrom, reserveto, room, tour, guestnumber) values ('$lastname', '$firstname', '$address', '$tnumber', '$cnumber', '$email', '$checkin', '$checkout', '$room', '$tour', '$guest')";
mysqli_query($db, $query);
echo "Data Submitted!";
}
}
值得注意的是,你的代碼是*全面開放*到SQL注入**。您基本上正在執行您的用戶向您發送的任何代碼。 – David
注意:'mysqli'的面向對象的接口明顯較少,使得代碼更易於閱讀和審計,並且不容易與陳舊的'mysql_query'接口混淆。在你過於投入程序風格之前,它是值得轉換的。例如:'$ db = new mysqli(...)'和'$ db-> prepare(「...」)過程接口是PHP4時代的一個神器,當引入mysqli API時,不應該在新的代碼 – tadman
**警告**:使用'mysqli'時,應該使用[參數化查詢](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)和['bind_param' ](http://php.net/manual/en/mysqli-stmt.bind-param.php)將用戶數據添加到您的查詢中**不要**使用字符串插值或連接來完成此操作,因爲您已創建一個嚴重的[SQL注入漏洞](http://bobby-tables.com/)。**從不**將'$ _POST','$ _GET'或**任何**用戶數據直接放入查詢中,它可以如果有人試圖利用你的錯誤,這會非常有害 – tadman