1

它验证并正确显示我的数组中的错误,但它不会 POST 到我的数据库。表单上所有字段的命名都是正确的(大小写也正确),PHP和MYSQL,dbconnect.php都是正确和正确的。我认为问题出在数组函数的某个地方。现在我这个月才开始学习 PHP,所以请放轻松。谢谢您的帮助!

<?php
include ('scripts/dbconnect.php');
$Name = mysql_real_escape_string($Name);
$Email = mysql_real_escape_string($Email);

if (isset($_POST['formsubmitted'])) {
$error = array();//Declare An Array to store any error message  

if (empty($_POST['Name'])) {//if no name has been supplied 
    $error[] = 'Please Enter Your Name ';//add to array "error"
    } else {
        $Name = $_POST['Name'];//else assign it a variable
    }

if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['Email'])) { //regular expression for email validation
    $Email = $_POST['Email'];
    } else {
         $error[] = 'Your EMail Address is Invalid  ';
    }
}
if (empty($error)) //Send to database if no errors
    mysql_query("INSERT INTO InviteRequestDB ( 'Name', 'Email' ) VALUES ( '$Name', '$Email' )");
    mysql_close($connect); //Close connection to database

  foreach ($error as $key => $values) {
  echo "<li style=color:#FFF> $values </li>";
  }

?>

现在我知道我不应该使用 mysql。但是我遇到了太多 mysqli 的问题,这只是一个简单的联系表格。

我也应该像现在一样对每个变量执行 mysql_real_escape_string 吗?还是程序的顺序不正确?

<form action="applyforinvite.php" method="post">
    <input class="textbox" type="text" name="Name" />
    <input class="textbox" type="text" name="Email" />
  <input type="hidden" name="formsubmitted" value="TRUE" />
  <input type="submit" value="Register" />
</form>

谢谢您的帮助!

4

3 回答 3

2

改变

mysql_query("INSERT INTO InviteRequestDB ( 'Name', 'Email' ) VALUES ( '$Name', '$Email' )");


mysql_query('INSERT INTO InviteRequestDB ( Name, Email ) VALUES ( "'.$Name.'", "'.$Email.'" )') or die(mysql_error());

编辑

<?php
include ('scripts/dbconnect.php');

if(isset($_POST['formsubmitted'])){
    #   Will contain errors
    $Error = array(); 

    #   Email
    $Email = (isset($_POST['Email']) ? $_POST['Email'] : '');
    if($Email == '' OR !preg_match('/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/', $Email)){
        $Error[] = 'Email address is invalid.';
    }

    #   Name
    $Name = (isset($_POST['Name']) ? $_POST['Name'] : '');
    if($Name == ''){
        $Error[] = 'Please enter your name.';
    }

    if(count($Error)){
        echo '<ul>';
        foreach($Error as $Value){
            echo '<li style="color: #FFF;">'.$Value.'</li>';
        }
        echo '</ul>';
    } else {
        // Query
        mysql_query('INSERT INTO InviteRequestDB ( Name, Email ) VALUES ( "'.$Name.'", "'.$Email.'" )') or die(mysql_error());
    }

    //Close connection to database
    mysql_close($connect);
}

?>
于 2012-06-26T18:43:20.040 回答
2

您不应该在 INSERT 查询中引用列名。('name, 'email') 应该是 (name, email)。

此外,不要将 php_mysql 扩展用于新应用程序,它已被弃用。试试 MySQLi 或 PDO。

最后编辑(大声笑),试试这个——修复了代码的多个问题: 

    if (isset($_POST['formsubmitted'])) {
        $error = array(); //Declare An Array to store any error message  

        if (empty($_POST['Name'])) { //if no name has been supplied 
            $error[] = 'Please Enter Your Name '; //add to array "error"
        } else {
            $Name = mysql_real_escape_string($_POST['Name']); //else assign it a variable
        }

        if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['Email'])) { //regular expression for email validation
            $Email = mysql_real_escape_string($_POST['Email']);
        } else {
            $error[] = 'Your EMail Address is Invalid  ';
        }
        if (empty($error)) //Send to database if no errors
            {
            mysql_query("INSERT INTO InviteRequestDB (Name, Email) VALUES ( '$Name', '$Email' )");
        }
    }

    mysql_close($connect); //Close connection to database

    foreach ($error as $key => $values) {
        echo "<li style=color:#FFF> $values </li>";
    }
于 2012-06-26T18:44:38.800 回答
1 
<?PHP
require_once('scripts/dbconnect.php');

if (!$link) { //Change $link to be your connection variable
    die("Not connected : " . mysql_error());
}

if (!$db_selected) { //Change $db_selected to be the variable you set mysql_select_db on
    die ("Can't use database : " . mysql_error());
}

if (isset($_POST['formsubmitted'])) {
    $error = array();//Declare An Array to store any error message  

    if (empty($_POST['Name'])) {//if no name has been supplied 
      $error[] = 'Please Enter Your Name ';//add to array "error"
    } else {
      $Name = mysql_real_escape_string($_POST['Name']);//else assign it a variable
    }

    if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['Email'])) { //regular expression for email validation
      $Email = mysql_real_escape_string($_POST['Email']);
    } else {
      $error[] = 'Your EMail Address is Invalid  ';
    }

    if (count($error) == 0){ //Send to database if no errors
        mysql_query("INSERT INTO `InviteRequestDB` (`Name`, `Email`) VALUES('$Name', '$Email')")or die(mysql_error());
    } else {
      foreach ($error as $key => $values) {
        echo "<li style=color:#FFF> $values </li>";
      }
    }
    mysql_close($connect); //Close connection to database
}
于 2012-06-26T18:50:37.563 回答