我使用jotform.com做了一個表單,並沒有調整任何東西,只是將$ action =「」更改爲我的.php文件中的$ _POST查詢。我有相同的文件打印$ _POST數組來驗證所有的值都是從html接收的,所以我不會包含html代碼。我已經包含了以下.PHP和表單提交.PHP打印以下陣列確認所有已經發布後:
successArray ([formID] => 32750985631157 [q1_referral] => John Doe [q12_contactType] => Array ([0] => Array ([0] => Prospect)) [q3_companyNameindividual] => John Doe\'s Company [q4_dba] => John Doe\'s D.B.A [q15_mainofficePhone] => Array ([area] => 305 [phone] => 8654565) [q28_mainContact] => Array ([first] => John [last] => Doe) [q8_address] => Array ([addr_line1] => 1223 Cedar Ave [addr_line2] => N/A [city] => Miami [state] => Florida [postal] => 33054 [country] => United States) [q32_email32] => [email protected] [q11_website11] => [email protected] [q29_secondaryContact] => Array ([first] => [last] =>) [q10_mainofficePhone10] => Array ([area] => [phone] =>) [q13_mobilePhone13] => Array ([area] => [phone] =>) [q14_fax14] => Array ([area] => [phone] =>) [q20_homePhone20] => Array ([area] => [phone] =>) [q26_otherPhone] => Array ([area] => [phone] =>) [q30_email2] => [q31_email3] => [q27_secondaryAddress] => Array ([addr_line1] => [addr_line2] => [city] => [state] => [postal] => [country] =>) [q23_notes] => [website] => [simple_spc] => 32750985631157-32750985631157)
在MySQL表中的所有列設置有當然比其他ID限255對VARCHAR。不上mysql表顯示的數值是:
main_contact varchar(255)
main_phone varchar(255)
main_address varchar(255)
Main_address2 varchar(255)
main_city varchar(255)
main_state varchar(255)
main_postcode varchar(255)
main_country varchar(255)
我一直在打我的頭幾個小時,確保我正確地寫了PHP。如果沒有人有解決方案,我會發布其他代碼。先謝謝你。
<?php
require_once('info.php');
mysqli_query($con,"INSERT INTO contacts(referral,name,dba,main_contact,main_phone,main_address,main_address2,main_city,main_state,main_postcode,main_country,main_email,website_address)VALUES('".$_POST['q1_referral']."','".$_POST['q3_companyNameindividual']."','".$_POST['q4_dba']."','".$_POST['q28_mainContact[first]']."','".$_POST['q15_mainofficePhone[phone]']."','".$_POST['q8_address[addr_line1]']."','".$_POST['q8_address[addr_line2]']."','".$_POST['q8_address[city]']."','".$_POST['q8_address[state]']."','".$_POST['q8_address[postal]']."','".$_POST['q8_address[country]']."','".$_POST['q32_email32']."','".$_POST['q11_website11']."')");
echo "success";
print_r($_POST);
?>
如果你打算使用mysqli,請利用它並參數化。你的代碼是廣泛開放的mysql注入 – aynber
我是一個新手,並希望在安全性之前專注於功能。您是否建議我應該同時學習這兩個安全問題,或者以後是否可以修補這些安全問題?此外,我會谷歌你的意思是參數化,但如果你有一個時刻,你可以提供一個簡短的例子嗎?謝謝您的意見。 – justinmfeliciano
總是這樣做,這樣你就不會忘記將來的事情在它變成現實時會改變。我對PDO比mysqli更精通,但請查看以下內容以供初學者使用:http://php.net/manual/en/mysqli.prepare.php – aynber