MYSQL,PHP插入空白
问题描述:
所以,我已经研究到处,我看不出为什么插入空白。我在另一个文件中使用几乎相同的代码,并且可以正常工作。任何帮助?MYSQL,PHP插入空白
<?php
//Connection
$first_name = mysqli_real_escape_string($_POST [' first_name ']) ;
$last_name = mysqli_real_escape_string($_POST [' last_name ']) ;
$email = mysqli_real_escape_string($_POST [' email ']) ;
$message = mysqli_real_escape_string($_POST [' message ']) ;
$insert_sql = "INSERT INTO generaldis (first_name, last_name, email, message)
VALUES ('$first_name', '$last_name' , '$email' , '$message');";
if (!mysql_query($insert_sql,$link))
{
die('Error: ' . mysql_error());
}
echo '<h1>Whoop! Your Message Has Been Posted!</h1><br><p><a href="http://example.com ">Click Here To Go Back</a></p>';
?>
答
试试这个:
$fields = array(
'first_name' => "/[a-zA-Z-_]+/",
'last_name' => "/[a-zA-Z-_]+/",
'email' => '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/',
'message' => null
);
$permit = true;
foreach($fields AS $field => $regexp) {
if(is_null($regexp)) continue;
if(!preg_match($regexp, $_REQUEST[$field])) {
$permit = false;
break;
}
}
if($permit) {
$query = "INSERT INTO general_dis SET ";
$values = array();
foreach($fields AS $field => $regexp) {
$value = $_REQUEST[$field];
if(is_null($regexp)) {
$value = mysql_real_escape_string($value);
}
$values[] = "`".$field."`='".$value."' ";
}
$values = implode(', ', $values);
$query .= $values;
mysql_query($query);
}
你混合'mysqli_ *'和'mysql_ *'功能。你应该为你的查询和数据库连接使用'mysqli'。 – jeroen
**危险**:您正在使用[一个**过时的**数据库API](http://stackoverflow.com/q/12859942/19068),并应使用[现代替换](http:// php。净/手动/ EN/mysqlinfo.api.choosing.php)。你也**易受[SQL注入攻击](http://bobby-tables.com/)**,现代的API会使[防御]更容易(http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php)自己从。 – Quentin
您在使用'mysqli_real_escape_string'到变量之后存储POST数据,然后直接在查询中使用'$ _POST'数据而不是变量? –