将文本从表单转换为int [英] converting text to int from a form
问题描述
这里是我的代码的一些行。
手机:< input type =textname =cellphone>< br />
用户名:< input type =textname =username>< br />
$手机= $ _GET [手机];
// $ cellphone = int()$ cellphone;
$ username = $ _GET [username];
$ link = mysql_connect('myhost','myuser','mypass')或死(无法连接到数据库);
mysql_select_db('hunter',$ link)或死(找不到数据库);
回显fetced database;
//将用户信息注入数据库
mysql_query(INSERT INTO玩家值('','$ firstname','$ lastname','$ location','$ cellphone','$ username' ,'$ email','$ password'))或死(无法注入数据库。);
但由于某些原因,我无法获取单元格号码以进入我的数据库。
请帮助我:D
FIRST:
you 应必须清理所有传入变量!
然后,转换为整数,你可以使用:
$ cellphone =(int)$ _GET [cellphone];
更好的解决方案是使用 filter_var();
$ cellphone = filter_var($ _GET [cellphone],FILTER_VALIDATE_INT);
您应该阅读 input validation / sanitazion 和filter_var,然后再编写任何进一步的代码。
>现在,人们开始建议 mysql_real_escape_string()
(它可以完成这项工作,但并不是最好的解决方案)通过PDO或MySQLi查看准备好的语句
am trying to fetch some data from a form, but i cant for some reason. here are some lines of my code.
cellphone: <input type = "text" name = "cellphone"><br />
username : <input type = "text" name = "username"><br />
$cellphone = $_GET["cellphone"]; //$cellphone = int() $cellphone; $username= $_GET["username"]; $link = mysql_connect('myhost', 'myuser', 'mypass') or die("could not connect to database"); mysql_select_db ('hunter',$link) or die ("could not find database"); echo "fetced database"; //injecting user info into database mysql_query("INSERT INTO player values ('','$firstname','$lastname','$location','$cellphone','$username','$email','$password')")or die("could not inject into database.");
but i can not get the cell number to get into my database for some reason. please help me :D
FIRST:
you should must sanitize all incoming variables!
then, to cast to an integer, you can use:
$cellphone = (int) $_GET["cellphone"];
A better solution is to use filter_var();
$cellphone = filter_var( $_GET["cellphone"], FILTER_VALIDATE_INT);
You should read about input validation/sanitazion and filter_var before writing any further code.
now, before people start to advice mysql_real_escape_string()
(which does the job, but is not the best solution), take a look at prepared statements through either PDO or MySQLi
这篇关于将文本从表单转换为int的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!