将文本从表单转换为int [英] converting text to int from a form

问题描述

我试图从表单中获取一些数据，但我不能出于某种原因。
这里是我的代码的一些行。

 手机：< input type =textname =cellphone>< br /> 
用户名：< input type =textname =username>< br /> 
  

 
 $手机= $ _GET [手机]; 
 // $ cellphone = int（）$ cellphone; 
 $ username = $ _GET [username]; 
 
 $ link = mysql_connect（'myhost'，'myuser'，'mypass'）或死（无法连接到数据库）; 
 mysql_select_db（'hunter'，$ link）或死（找不到数据库）; 
回显fetced database; 
 //将用户信息注入数据库
 mysql_query（INSERT INTO玩家值（''，'$ firstname'，'$ lastname'，'$ location'，'$ cellphone'，'$ username' ，'$ email'，'$ password'））或死（无法注入数据库。）; 
 

但由于某些原因，我无法获取单元格号码以进入我的数据库。
请帮助我：D

解决方案

FIRST：

you 应必须清理所有传入变量！

然后，转换为整数，你可以使用：

  $ cellphone =（int）$ _GET [cellphone]; 
  

更好的解决方案是使用 filter_var（）;

  $ cellphone = filter_var（$ _GET [cellphone]，FILTER_VALIDATE_INT）; 
  

您应该阅读 input validation / sanitazion 和filter_var，然后再编写任何进一步的代码。

>

现在，人们开始建议 mysql_real_escape_string（）（它可以完成这项工作，但并不是最好的解决方案）通过PDO或MySQLi查看准备好的语句

am trying to fetch some data from a form, but i cant for some reason. here are some lines of my code.

cellphone: <input type = "text" name = "cellphone"><br />
username : <input type = "text" name = "username"><br />

    $cellphone = $_GET["cellphone"];
    //$cellphone = int() $cellphone;
    $username= $_GET["username"];

$link = mysql_connect('myhost', 'myuser', 'mypass') or die("could not connect to database");
    mysql_select_db ('hunter',$link) or die ("could not find database");
    echo "fetced database";
    //injecting user info into database
    mysql_query("INSERT INTO player values ('','$firstname','$lastname','$location','$cellphone','$username','$email','$password')")or die("could not inject into database.");

but i can not get the cell number to get into my database for some reason. please help me :D

解决方案

FIRST:
you should must sanitize all incoming variables!

then, to cast to an integer, you can use:

$cellphone = (int) $_GET["cellphone"];

A better solution is to use filter_var();

$cellphone = filter_var( $_GET["cellphone"], FILTER_VALIDATE_INT);

You should read about input validation/sanitazion and filter_var before writing any further code.

now, before people start to advice mysql_real_escape_string() (which does the job, but is not the best solution), take a look at prepared statements through either PDO or MySQLi

这篇关于将文本从表单转换为int的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！