0

我正在尝试将表单字段的内容发布到 MySql 数据库中。博客的标题和内容应该发布到 mysql 表中,但我不断收到此错误:注意:未定义索引:第 10 行 /home/ooze/public_html/main2/uploadblog.php 中的标题博客注意:未定义索引:/中的博客内容第 11 行的 home/ooze/public_html/main2/uploadblog.php。

<table>
<tr class="top row" style="font-weight: bold;"><td>
<p>Upload your blog</p>
<form name="f4" action="uploadblog.php" method="post"  enctype="multipart/form-data">
title: <input type="text" name="titleblog" />
<br/>
<textarea name="blogcontent" rows="10" columns="60" style="width:350px; height:150px;">Enter you blog here
</textarea>
<br/>
<input type="submit" value="Submit" style="margin-left: 300px;"/>
</form>
</td></tr>
</table>

这是php代码:

<?php
session_start();
?>
<?php
$a = $_POST["titleblog"];
$b = $_POST["blogcontent"];
$conn = mysql_connect("localhost","ooze","");
mysql_select_db ("ooze");
$mysql="INSERT INTO blog (title, blog_content, date, username) VALUES ('$a','$b', CURDATE(), $_SESSION[gatekeeper])";
mysql_query($mysql) or die(mysql_error());
echo "<p>Blog submitted</p>";
mysql_close($conn);
?>
4

2 回答 2

0

您忘记转义字符串以防止 SQL 注入:

<?php
session_start();
?>
<?php
$a = mysql_real_escape_string($_POST["titleblog"]); // <--
$b = mysql_real_escape_string($_POST["blogcontent"]); // <--
$conn = mysql_connect("localhost","ooze","");
mysql_select_db ("ooze");
$mysql="INSERT INTO blog (title, blog_content, date, username) VALUES ('$a','$b',     CURDATE(), $_SESSION[gatekeeper])";
mysql_query($mysql) or die(mysql_error());
echo "<p>Blog submitted</p>";
mysql_close($conn);
?>

有关 SQL 注入的更多信息,请参阅:

http://php.net/manual/en/security.database.sql-injection.php

于 2012-05-14T16:00:45.393 回答
0 
<?php
if(isset($_post['submit']) && $_post['submit'] == 'Submit') {
$a = $_POST["titleblog"];
$b = $_POST["blogcontent"];
$conn = mysql_connect("localhost","ooze","");
mysql_select_db ("ooze");
$mysql="INSERT INTO blog (title, blog_content, date, username) VALUES ('$a','$b', CURDATE(), $_SESSION[gatekeeper])";
mysql_query($mysql) or die(mysql_error());
echo "<p>Blog submitted</p>";
mysql_close($conn);
}
?>

并且字段的值也丢失了。像这样给<input type="text" name="titleblog" value="" />

于 2012-05-14T15:36:58.057 回答