0

我正在尝试将记录插入 mysql 数据库,但字段为空白。这是我的js:

$("#submit").click(function() { 
    var product1name     = $("input#product1name").val();
    var product2name     = $("input#product2name").val();
    var product3name     = $("input#product3name").val();
    var product4name     = $("input#product4name").val();
    var product5name     = $("input#product5name").val();
    var product1quantity = $("input#product1quantity").val();
    var product2quantity = $("input#product2quantity").val();
    var product3quantity = $("input#product3quantity").val();
    var product4quantity = $("input#product4quantity").val();
    var product5quantity = $("input#product5quantity").val();

    var dataString = 'product1name='+ product1name + 'product2name=' + product2name + 'product3name=' + product3name + 'product4name=' + product4name + 'product5name=' + product5name + 'product1quantity='+ product1quantity + 'product2quantity='+ product2quantity + 'product3quantity='+ product3quantity + 'product4quantity='+ product4quantity + 'product5quantity='+ product5quantity + 'salesid='+ salesid + 'email='+ email + 'wpuseremail='+ wpuseremail;

    $.ajax({  
      type: "POST",
      url: "process.php",
      data: dataString,
      success: function(json) {  
        $('#contact_form').html("<div id='message'></div>");
        $('#message').html(json.type)
        .append(json.message)
        .hide()
        .fadeIn(1500, function() {
          $('#message').append("<img id='checkmark' src='images/check.png' />");
        });
      }
    });
    return false;

});

这是我的php:

<?php
$product1quantity = $_POST["product1quantity"];
$product2quantity = $_POST["product2quantity"];
$product3quantity = $_POST["product3quantity"];
$product4quantity = $_POST["product4quantity"];
$product5quantity = $_POST["product5quantity"];

$username = "user";
$password = "pass";
$hostname = "host"; 

$dbhandle = mysql_connect($hostname, $username, $password)
 or die("Unable to connect to MySQL");

$selected = mysql_select_db("dbname",$dbhandle)
  or die("Could not select dbname");

$result = "INSERT INTO dbname.tablename (product1name, product2name, product3name, product4name, product5name, product1quantity, product2quantity, product3quantity, product4quantity, product5quantity, id) VALUES ('', '', '', '', '', product1quantity, product2quantity, product3quantity, product4quantity, product5quantity, NULL)";
mysql_query($result);

mysql_close($dbhandle);

$response = array('type'=>'', 'message'=>'');
$response['type'] = 'success';
$response['message'] = 'Thank-You for submitting the form!';
print json_encode("success");
?>

我已经确认,当我不在 INSERT 语句中使用变量,而是使用硬编码值时,它可以工作。我的变量似乎有问题。

4

2 回答 2

3

似乎您所谓的变量前面没有 $ ..

$result = "INSERT INTO dbname.tablename (product1name, product2name, product3name,     product4name, product5name, product1quantity, product2quantity, product3quantity, product4quantity, product5quantity, id) VALUES ('', '', '', '', '', $product1quantity, $product2quantity, $product3quantity, $product4quantity, $product5quantity, NULL)";

但是请修复您的代码,因为由于 SQL 注入安全漏洞,直接从 POST 变量插入是非常危险的

您可以考虑使用准备好的语句,如 PDO 或 mySQLi

在这里阅读更多:http: //net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/

于 2013-05-14T21:33:20.090 回答
1

我认为您错过了变量 ($) 上的美元符号。

你应该写:

$result = "
    INSERT INTO dbname.tablename (
        product1name, 
        product2name, 
        product3name, 
        product4name, 
        product5name, 
        product1quantity, 
        product2quantity, 
        product3quantity, 
        product4quantity, 
        product5quantity, 
        id
    ) VALUES (
        '', 
        '', 
        '', 
        '', 
        '', 
        $product1quantity, 
        $product2quantity, 
        $product3quantity, 
        $product4quantity, 
        $product5quantity, 
        NULL
    )
";
于 2013-05-14T21:36:42.483 回答