我在这里有个头疼.单击提交按钮后,我的代码未将数据插入customer_upload表.它确实成功地将我重定向到成功消息,如我的代码所示.
我已经检查过提交的数据是否正在发布,我很确定脚本会挂起mysql_query.我通过在我的PHP代码中注释掉MysqL_query和头重定向来检查这个,并在点击提交时回显变量$key,$firstname,$lastname和$company.一切都很好……
这是我的数据库的样子:
这是我的代码(我知道MysqL已被弃用!我很快就会切换!):
<?PHP
header('Expires: Sun, 01 Jan 2014 00:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
include('../includes/connection.PHP');
$thisPage = "File Transfers";
$keyrand = rand(100000000, 999999999);
if(isset($_POST['submit'])) {
$key = MysqL_real_escape_string($_POST['key']);
$firstname = MysqL_real_escape_string($_POST['firstname']);
$lastname = MysqL_real_escape_string($_POST['lastname']);
$company = MysqL_real_escape_string($_POST['company']);
$date= date("F j, Y");
MysqL_query("INSERT INTO customer_uploads (key, firstname, lastname, company, date) VALUES ('$key', '$firstname', '$lastname', '$company', '$date')");
header("LOCATION: /filetransfers.PHP?message=success");
}
?>
HTML表单:
<form method="post">
<div class="row">
<div class="col-md-5">
<div class="form-group">
<label>Key</label>
<input name="keyvisible" type="number" class="form-control" placeholder="<?PHP echo $keyrand ?>" disabled="disabled">
<input name="key" type="hidden" class="form-control" value="<?PHP echo $keyrand; ?>">
</div>
</div>
</div>
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label>First Name</label>
<input name="firstname" id="category" type="text" class="form-control" placeholder="First Name">
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label>Last Name</label>
<input name="lastname" type="text" class="form-control" placeholder="Last Name"?>
</div>
</div>
</div>
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label>Company</label>
<input name="company" type="text" class="form-control" placeholder="Company"?>
</div>
</div>
</div>
<button name="submit" type="submit" id="NewCustomerUploadSubmit" class="btn btn-info btn-fill pull-right">Add Upload Key</button>
<div class="clearfix"></div>
</form>
关于我做错了什么的任何想法?
解决方法:
MysqL中的密钥是一个保留字,如果您计划仍在使用它,则必须将其封装在刻度中:
MysqL_query("INSERT INTO customer_uploads (`key`, firstname, lastname, company, date)
VALUES ('$key', '$firstname', '$lastname', '$company', '$date')");
参考:
> https://dev.mysql.com/doc/refman/5.5/en/keywords.html
> https://en.wikipedia.org/wiki/Prepared_statement
> MysqL_real_escape_string()仍然倾向于注入
>咨询:SQL injection that gets around mysql_real_escape_string()就此而言.
考虑转移到MysqLi_或PDO API(使用预准备语句),因为MysqL_ API已被弃用并从PHP 7中删除.
“not inserting data or throwing errors”
