1. 首頁
  2. 問答
  3. Php將空白數據插入表

Php將空白數據插入表

2013-06-11 120 views
0

我的代碼插入一個空的記錄到MySQL表「激活」,而不是獲取數據activate.html。它調用我剝去的activate.php。我也應該補充說我是PHP的新手,但是我知道注入攻擊。我原來有一些解決的安全問題,但正如我所說,已經剝離了代碼來解決問題的根源。另外,當我回顯表單字段時,它們會填充,而不是放入MySql表中。任何想法爲什麼?先謝謝你。Php將空白數據插入表

<?php 
$host = "host"; // Host name 
$username = "user"; // Mysql username 
$password = "pass"; // Mysql password 
$db_name = "db"; // Database name 
$tbl_name = "activate"; // Table name 

// Connect to server and select database. 

mysql_connect("$host", "$username", "$password") or die("cannot connect"); 
mysql_select_db("$db_name") or die("cannot select DB"); 

// Get values from form 

if (isset($_POST['submit'])) { 
    $esn = mysql_real_escape_string($_POST['esn']); 
    $esnverify = mysql_real_escape_string($_POST['esnverify']); 
    $zip = mysql_real_escape_string($_POST['zip']); 
    $comments = mysql_real_escape_string($_POST['comments']); 
} 

// Insert data into mysql 

$sql = "INSERT INTO $tbl_name (esn, esnverify, zip, comments) VALUES ('$esn', '$esnverify', '$zip', '$comments')"; 
$result = mysql_query($sql); 

// if successfully insert data into database, displays message "Successful". 

if ($result) { 
    echo "Successful"; 
    echo "<br />"; 
    echo $_POST['esn']; 
    echo "<br />"; 
    echo $_POST['esnverify']; 
    echo "<br />"; 
    echo $_POST['zip']; 
    echo "<br />"; 
    echo $_POST['comments']; 
    echo "<br />"; 
    echo "<a href='thankyou.html'>Back to main page</a>"; 
} 
else { 
    echo "ERROR"; 
} 

?> 

    <?php 

// close connection 

mysql_close(); 
?>

Activate.html

<form method="post" action="activate.php"> 
<p><b>ESN:</b> <input type="text" id="esn" name="esn" maxlength="50"><br/> 
<b>Confirm ESN:</b> <input type="text" name="esnverify" id="esnverify" maxlength="50"><br/> 
<b>Zip:</b> <input type="text" name="zip" id="zip" maxlength="5"><br/> 

<p>Your comments:<br /> 
<textarea name="comments" rows="10" cols="40" id="comments" maxlength="500"></textarea></p> 

<p><input type="submit" value="Send it!"></p></form>

來源

2013-06-11 JuStin

+0

從哪個頁面收到'$ _POST'變量? – Kevin

+1

由於您的提交按鈕沒有'name'屬性,這個條件'if(isset($ _ POST ['submit']))'永遠不會被滿足。它應該像''。 – Lion

+0

謝謝你獅子!與移動我的大括號相結合,它被糾正!再次感謝大家,我非常感謝幫助。 – JuStin

回答

1 
<?php 
$host = "host"; // Host name 
$username = "user"; // Mysql username 
$password = "pass"; // Mysql password 
$db_name = "db"; // Database name 
$tbl_name = "activate"; // Table name 

// Connect to server and select database. 

mysql_connect("$host", "$username", "$password") or die("cannot connect"); 
mysql_select_db("$db_name") or die("cannot select DB"); 

// Get values from form 

if (isset($_POST['submit'])) { 
    $esn = mysql_real_escape_string($_POST['esn']); 
    $esnverify = mysql_real_escape_string($_POST['esnverify']); 
    $zip = mysql_real_escape_string($_POST['zip']); 
    $comments = mysql_real_escape_string($_POST['comments']); 


// Insert data into mysql 

$sql = "INSERT INTO $tbl_name (esn, esnverify, zip, comments) VALUES ('$esn', '$esnverify', '$zip', '$comments')"; 
$result = mysql_query($sql); 

// if successfully insert data into database, displays message "Successful". 

if ($result) { 
    echo "Successful"; 
    echo "<br />"; 
    echo $_POST['esn']; 
    echo "<br />"; 
    echo $_POST['esnverify']; 
    echo "<br />"; 
    echo $_POST['zip']; 
    echo "<br />"; 
    echo $_POST['comments']; 
    echo "<br />"; 
    echo "<a href='thankyou.html'>Back to main page</a>"; 
} 
else { 
    echo "ERROR"; 
} 

} 

?> 

    <?php 

// close connection 

mysql_close(); 
?>

另外,在HTML代碼更改此:

添加名稱= '提交' 到輸入字段/提交按鈕。

來源

2013-06-11 18:47:53 sinisake

+0

我改變了大括號,但現在頁面什麼都不做,甚至沒有回聲輸入? – JuStin

+0

@JuStin,編輯回覆 - 另外,我看到獅子已經回答。 :) – sinisake

1

即使$_POST['submit']未設置(在這種情況下,您的變量將沒有價值),你的代碼仍然會嘗試將數據插入到表中。這就是爲什麼有空白行。

正如Lion在他的評論中所說,由於您的提交按鈕沒有名稱屬性,所以$_POST['submit']將永遠不會被設置,因此您將始終插入空白數據。

來源

2013-06-11 18:47:12

相關問題

 相關問題