-1

我一直在研究这种将 AS3 和 mySQL 连接起来的 PHP 编码......

我遇到了这个错误,我无法弄清楚这是怎么回事......如果有人可以帮助第二双眼睛,我会非常感激......

这是 PHP 的更新编码

   <?php 
if(isset($_POST['userFirstName']) && isset($_POST['userLastName']) && isset($_POST['userEmail']) && isset($_POST['userNumber']) && isset($_POST['userMsg']))
{
    $userFirstName=strip_tags($_POST['userFirstName']);
    $userLastName=strip_tags($_POST['userLastName']);
    $userEmail=strip_tags($_POST['userEmail']);
    $userNumber=strip_tags($_POST['userNumber']);
    $userMsg=strip_tags($_POST['userMsg']);

    // connect with database. 

    $username="root";
    $password="dp10aap";
    $database="b-elite-fitness";

    mysql_connect("localhost","$username","$password") or die (mysql_error());
    mysql_select_db("$database") or die (mysql_error());

    //query for inserting data in database.
    $query="INSERT INTO 'formdp' VALUES('NULL','".mysql_real_escape_string($userFirstName)."','".mysql_real_escape_string($userLastName)."','".mysql_real_escape_string($userEmail)."','".mysql_real_escape_string($userNumber)."','".mysql_real_escape_string($userMsg)."')";

    if($query_run=mysql_query($query))
    {
        echo'Data inserted.';
    } else {
        die(mysql_error());
        }
}
?>

这是我的 AS3 编码....

processing_mc.visible = false;

function checkComplete(evt:MouseEvent):void {

    // Create A new URLVariables instance to store the variable
    var phpVars:URLVariables = new URLVariables();

    // Create a variable (e.g. candidate) to send
    phpVars.userFirstName = firstname_txt.text;
    phpVars.userLastName = lastname_txt.text;
    phpVars.userNumber = number_txt.text;
    phpVars.userEmail = email_txt.text; 
    phpVars.userMsg = msg_txt.text;

    // Create a new URLRequest instance sending data to "ascom01.php"
    var myRequest:URLRequest = new URLRequest("form.php");
    // Send data using the POST method
    myRequest.method = URLRequestMethod.POST;

    var loader:URLLoader = new URLLoader();
    loader.load(myRequest);

loader.addEventListener(Event.COMPLETE, response);
function response(e:Event):void
{
    trace(loader.data);
}

if(!firstname_txt.length) {
status_txt.text = "Please enter your first name";
} else if(!lastname_txt.length) {
status_txt.text = "Please enter your last name";
} else if (!email_txt.length) {
status_txt.text = "Please enter your email";
} else if (!number_txt.length) {
status_txt.text = "Please enter your phone number";
} else {

}

}
// handler for the PHP script completion and return of status
function completeHandler(event:Event):void {

processing_mc.visible = false;
firstname_txt.text = "";
lastname_txt.text = "";
email_txt.text = "";
number_txt.text = "";
msg_txt.text = "";

status_txt.text = event.target.data.return_msg;
}

// Add event listener for submit button click
submit_btn.addEventListener(MouseEvent.CLICK, checkComplete);

我遇到的问题是,一旦我点击发送按钮,数据将不会发送......有什么想法吗?

4

4 回答 4

1

给你试试这个。

    mysql_query("INSERT INTO formdp 
      (firstname, lastname, email, number, message)  VALUES('".$userFirstName['firstname']."','".$userLastName['lastname']."','".$userEmail['email']."','".$userNumber['number']."','".$userMsg['message']."')") 
     or die (mysql_error());
     mysql_close();

* 如果id 是 auto_increment 你不必在 id 中插入值。

于 2013-03-10T22:09:49.860 回答
0

在双引号字符串中使用数组时,需要将它们放入{}

mysql_query("INSERT INTO formdp 
  (id ,firstname, lastname, email, number, message)     
  VALUES(NULL,'{$userFirstName['firstname']}','{$userLastName['lastname']}','{$userEmail['email']}','{$userNumber['number']}','{$userMsg['message']}')")

但是,在我看来,这些数组无论如何都不存在,而且您也对其他事情感到困惑。可能您只想:

mysql_query("INSERT INTO formdp 
  (id ,firstname, lastname, email, number, message)     
  VALUES(NULL,'$userFirstName','$userLastName','$userEmail','$userNumber','$userMsg')")

然而,这仍然具有 SQL 注入的潜力。正确的代码是:

<?php

$username="root";
$password="dp10aap";
$database="b-elite-fitness";

mysql_connect("localhost","$username","$password") or die (mysql_error());
mysql_select_db("$database") or die (mysql_error());

if(isset($_POST['userFirstName'])){ $userFirstName = mysql_real_escape_string($_POST['userFirstName']); }
if(isset($_POST['userLastName'])){ $userLastName = mysql_real_escape_string($_POST['userLastName']); }
if(isset($_POST['userEmail'])){ $userEmail = mysql_real_escape_string($_POST['userEmail']); }
if(isset($_POST['userNumber'])){ $userNumber = mysql_real_escape_string($_POST['userNumber']); }
if(isset($_POST['userMsg'])){ $userMsg = mysql_real_escape_string($_POST['userMsg']); }



mysql_query("INSERT INTO formdp 
    (id ,firstname, lastname, email, number, message) 
    VALUES(NULL,'$userFirstName','$userLastName','$userEmail','$userNumber','$userMsg')") 
or die (mysql_error());

请注意,当未提供一个或多个变量时,它仍然无法处理这种情况。

于 2013-03-10T22:09:02.370 回答
0 
<?php 
if(isset($_POST['userFirstName'])) && isset($_POST['userLastName']) && isset($_POST['userEmail']) && isset($_POST['userNumber']) && isset($_POST['userMsg']))
{
    $userFirstName=strip_tags($_POST['userFirstName']);
    $userLastName=strip_tags($_POST['userLastName']);
    $userEmail=strip_tags($_POST['userEmail']);
    $userNumber=strip_tags($_POST['userNumber']);
    $userMsg=strip_tags($_POST['userMsg']);

    // connect with database. 

    $username="root";
    $password="dp10aap";
    $database="b-elite-fitness";

    mysql_connect("localhost","$username","$password") or die (mysql_error());
    mysql_select_db("$database") or die (mysql_error());

    //query for inserting data in database.
    $query="INSERT INTO `formdp` VALUES('NULL','".mysql_real_escape_string($userFirstName)."','".mysql_real_escape_string($userLastName)."','".mysql_real_escape_string($userEmail)."','".mysql_real_escape_string($userNumber)."','".mysql_real_escape_string($userMsg)."')";

    if($query_run=mysql_query($query))
    {
        echo'Data inserted.';
    } else {
        die(mysql_error());
        }


}
?>

看看上面的代码。
建议:
尽量避免在代码中使用 mysql_* 函数,因为它已被贬值。因此,尝试使用 mysqli_* 或面向对象的方法。

于 2013-03-10T22:42:51.003 回答
0

您的查询中有冲突的引号,请尝试:

mysql_query("INSERT INTO formdp
    (id ,firstname, lastname, email, number, message)
    VALUES(
            NULL,
        '".$userFirstName['firstname']."',
        '".$userLastName['lastname']."',
        '".$userEmail['email']."',
        '".$userNumber['number']."',
        '".$userMsg['message']."'
    )
")
or die (mysql_error());
于 2013-03-10T22:22:36.847 回答