我正在制作一个非常简单的网站,它将显示在办公室的电视上。index.php 页面是一个表单,它具有三个字段。表单方法是 post 并且所有内容都是正确的。
然后我在下一页上有这段代码,提交后表单指向的那个。
mysql_select_db("figs", $con);
mysql_query("UPDATE stats SET slots_sold=$_POST[slots_sold], total_figure=$_POST[total_figure], apps_sat=$_POST[apps_sat]");
mysql_close($con);
?>
问题是该表有时会更新,而有时则不是,有人知道为什么吗?这真的很简单,我认为它只是一种魅力。
您没有验证任何传递的数据。此外,我建议将 MySQLi 用于准备好的语句,以使事情更安全一些。
// create a new MySQLi object
$mysqli = new mysqli('host', 'user', 'password', 'database');
// create var for each POST array item you need
$slots_sold = $_POST['slots_sold'];
$total_figure = $_POST['total_figure'];
$apps_sat = $_POST['apps_sat'];
//check to make sure each field is set
if(isset($slots_sold) && isset($total_figure) && isset($apps_sat))
{
// prepare mysqli statement for your data
if($stmt->prepare("UPDATE stats SET `slots_sold` = ?, `total_figure` = ?, `apps_sat` = ?"))
{
// bind each variable to query, respectively (? is place holder for var)
// s = string ('sss' means three strings). i = integer if needed
$stmt->bind_param('sss', $slots_sold, $total_figure, $apps_sat);
$stmt->execute(); // execute your query
}
else
{
$stmt->error; // there was an error with the query, show the error
}
}
else
{
echo 'You did not fill out all of the fields.';
}
$stmt->close; // close mysqli connection
希望这会对您有所帮助。根据您传递的数据,我会使用 preg_match 来检查每个数据。这里有一些非常简单的正则表达式可以帮助您入门:
/[a-zA-Z ]+/ (Any letter, lowercase or uppercase including spaces atleast once)
/[a-zA-Z]+/ (Same as above, without spaces atleast once)
/[a-zA-Z0-9]+/ (Any letter, lowercase or uppercase including numbers atleast once)
/[0-9]+/ (Any number atleast once)
preg_match('/[a-zA-Z]+/', $str, $matches); // you can throw this in a for loop to check each var if they all require the same pattern
试试这个:
$sold = $_POST['slots_sold'];
$total = $_POST['total_figure'];
$app = $_POST['apps_sat'];
mysql_query("UPDATE stats SET slots_sold='$sold', total_figure='$total', apps_sat='$app'");
我也建议看看mysql PDO