输入的表单数据未保存在mysql db中? [英] entered form data is not saving in mysql db?
本文介绍了输入的表单数据未保存在mysql db中?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
这是我的代码,无法正常运行
<?php
include('admin/class.php');
这是我的数据库连接:
$hostname="localhost";
$username="root";
$password="";
$dbhandle = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
echo "Connected to MySQL<br>";
$se = mysql_select_db("timesheet1234",$dbhandle)
or die("Could not select timesheet1234");
echo "connected to db";
点击按钮后,即可使用此功能:
if(isset($_POST['save']))
{
$sel=@$_POST['selpro'];
$mon=@$_POST['mon'];
$tue=@$_POST['tue'];
$wed=@$_POST['wed'];
$thu=@$_POST['thu'];
$fri=@$_POST['fri'];
$sat=@$_POST['sat'];
$sun=@$_POST['sun'];
此处正在编写查询功能
if(isset($_SESSION['user']))
{
echo "session user";
$sql="UPDATE empdaytimesheet SET
`project code`='$sel',`mon`='$mon',`tue`='$tue',`wed`='$wed',`thu`='$thu',`
fri`='$fri',`sat`='$sat',`sun`='$sun' where `username`='".$_SESSION['user']."'";
$res=mysql_query($sql,$dbhandle);
这是无法使用的问题:
if($res){
echo "<script type='text/javascript'>";
echo "alert('TimeSheet Saved..!')";
echo "</script>";
echo "<script type='text/javascript'>";
echo "window.location='my_timesheet.php'";
echo "</script>";
}
else
{
echo "<script type='text/javascript'>";
echo "alert('Some Error Occured ! Retry..!')";
echo "</script>";
echo "<script type='text/javascript'>";
echo "window.location='my_timesheet.php'";
echo "</script>";
}
}
}
?>
解决方案
删除$ _POST之前的'@',就可以了.
但是,您当前的脚本看起来很容易受到SQLi的攻击.</p>
您还使用了不推荐使用的扩展名.您应该考虑改用MySQLi或PDO.
查看此答案以了解更多信息关于如何使您的代码更安全.
Here is my code which is not working properly
<?php
include('admin/class.php');
Here is my db connection:
$hostname="localhost";
$username="root";
$password="";
$dbhandle = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
echo "Connected to MySQL<br>";
$se = mysql_select_db("timesheet1234",$dbhandle)
or die("Could not select timesheet1234");
echo "connected to db";
Here am doing the functionality after clicking the button:
if(isset($_POST['save']))
{
$sel=@$_POST['selpro'];
$mon=@$_POST['mon'];
$tue=@$_POST['tue'];
$wed=@$_POST['wed'];
$thu=@$_POST['thu'];
$fri=@$_POST['fri'];
$sat=@$_POST['sat'];
$sun=@$_POST['sun'];
Here am writing the query functionality
if(isset($_SESSION['user']))
{
echo "session user";
$sql="UPDATE empdaytimesheet SET
`project code`='$sel',`mon`='$mon',`tue`='$tue',`wed`='$wed',`thu`='$thu',`
fri`='$fri',`sat`='$sat',`sun`='$sun' where `username`='".$_SESSION['user']."'";
$res=mysql_query($sql,$dbhandle);
Here is the problem where it is not working:
if($res){
echo "<script type='text/javascript'>";
echo "alert('TimeSheet Saved..!')";
echo "</script>";
echo "<script type='text/javascript'>";
echo "window.location='my_timesheet.php'";
echo "</script>";
}
else
{
echo "<script type='text/javascript'>";
echo "alert('Some Error Occured ! Retry..!')";
echo "</script>";
echo "<script type='text/javascript'>";
echo "window.location='my_timesheet.php'";
echo "</script>";
}
}
}
?>
解决方案
Remove the '@' before $_POST and you should be fine.
However, your current script looks like it's vulnerable to SQLi.
And you are also using a deprecated extension. You should consider using MySQLi or PDO instead.
Check this answer on more information on how to make your code more secure.
这篇关于输入的表单数据未保存在mysql db中?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文