我想驗證我的php表單使用異常,但不知何故它不起作用。如果用戶在「nameg」中輸入任何不是字符串的字符,並在「amountg」中輸入任何非整數的字符,都會拋出異常。應例外,即使在這種情況下使用:php腳本不會拋出異常
if(!empty($_POST['nameg']) && !empty($_POST['amountg']))
{
$user="rootdummy";
$pass="password";
$db="practice";
$nameg=$_POST['nameg'];
$amountg=$_POST['amountg'];
try{
if(!is_int($amountg) || !is_string($nameg)){
throw new Exception("This is the exception message!");
}
}
catch (Exception $e){
$e->getMessage();
}
mysql_connect('localhost',$user,$pass) or die("Connection Failed!, " . mysql_error());
$query="INSERT INTO practable (name,given) VALUES('$nameg',$amountg) ON DUPLICATE KEY UPDATE name='$nameg', given=IFNULL(given + $amountg,$amountg)";
mysql_select_db($db) or die("Couldn't connect to Database, " . mysql_error());
mysql_query($query) or die("Couldn't execute query! ". mysql_error());
mysql_close() or die("Couldn't disconnect!");
include("dbclient.php");
echo "<p style='font-weight:bold;text-align:center;'>Information Added!</p>";
}
您的代碼很容易受到SQL注入和mysql_ *輕輕地棄用。 – Paul 2012-03-24 14:07:36
你作爲'$ _POST ['amountg']'發佈了什麼,值? – safarov 2012-03-24 14:08:38
是$ _POST ['amountg']是用戶通過表單輸入的值。 – tutak 2012-03-24 14:15:29