0
function ajaxFunction(){

    var ajaxRequest;  

    try{

        ajaxRequest = new XMLHttpRequest();
    } catch (e){

        try{
            ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
        } catch (e) {
            try{
                ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
            } catch (e){

                return false;
            }
        }
    }
    // Create a function that will receive data sent from the server
    ajaxRequest.onreadystatechange = function(){
        if(ajaxRequest.readyState == 4){

        //message
            var ajaxDisplay = document.getElementById('Regmessage');
            ajaxDisplay.innerHTML = ajaxRequest.responseText;


        }
    }
    var firstname = document.getElementById("firstname").value;

    var lastname = document.getElementById("lastname").value;

    var mi= document.getElementById("middle_id").value;

    var date = document.getElementById("inputField").value;

    var family =  document.getElementById("family_id").value;

    var addressv = document.getElementById("address_id").value;

    var city =  document.getElementById("city_id").value;

    var country = document.getElementById("country").value;

    var state  = document.getElementById("stateplace").value;

    var phone = document.getElementById("phonenums").value;

    var email =  document.getElementById("emailme").value;

    var insert_String = "?firstname=" + firstname + "&lastname=" + lastname + "&mi=" +

mi +"&date="+ date + "&family="+ family + "&address_id=" + addressv + "&city=" + city +  

"&country=" + country +  "&state=" + state + "&phone=" + phone + "&email=" + email ;

    ajaxRequest.open("GET", "insert.php" + insert_String, true);

    ajaxRequest.send(null); 
}

在 insert.php 我这样做是这样的

<?php

error_reporting(0);

require_once('dataconnect.php');


if(isset($_GET['submit']))
{

$firstname= filter_input(INPUT_GET,"firstname", FILTER_SANITIZE_SPECIAL_CHARS);

$firstname = $_GET['firstname'];

$lastname= filter_input(INPUT_GET,"lastname", FILTER_SANITIZE_SPECIAL_CHARS);

$lastname = $_GET['lastname'];

$mi= filter_input(INPUT_GET,"mi", FILTER_SANITIZE_SPECIAL_CHARS);

$mi = $_GET['mi'];

$date= filter_input(INPUT_GET,"date", FILTER_SANITIZE_SPECIAL_CHARS);

$date = $_GET['date'];

$familyv= filter_input(INPUT_GET,"family", FILTER_SANITIZE_SPECIAL_CHARS);

$familyv = $_GET['family'];

$addressv= filter_input(INPUT_GET,"address_id", FILTER_SANITIZE_SPECIAL_CHARS);

$addressv =$_GET['address_id'];

$city= filter_input(INPUT_GET,"city", FILTER_SANITIZE_SPECIAL_CHARS);

$city=$_GET['city'];

$country= filter_input(INPUT_GET,"country", FILTER_SANITIZE_SPECIAL_CHARS);

$country=$_GET['country'];

$state= filter_input(INPUT_GET,"state", FILTER_SANITIZE_SPECIAL_CHARS);

$state=$_GET['state'];

$state= filter_input(INPUT_GET,"phone", FILTER_SANITIZE_SPECIAL_CHARS);

$phone=$_GET['phone'];

$state= filter_input(INPUT_GET,"email", FILTER_SANITIZE_SPECIAL_CHARS);

$email=$_GET['email'];


$firstname = mysql_real_escape_string($firstname);

$lastname = mysql_real_escape_string($lastname);

$mi = mysql_real_escape_string($mi);

$date = mysql_real_escape_string($date);

$familyv = mysql_real_escape_string($familyv);

$addressv= mysql_real_escape_string($addressv);

$city = mysql_real_escape_string($city);

$country = mysql_real_escape_string($country);

$state = mysql_real_escape_string($state);

$phone = mysql_real_escape_string($phone);

$email = mysql_real_escape_string($email);
}

$reg="INSERT INTO `tokopals_db`.`robz_customers` (`firstname`, `lastname`, `mi`, `date`, 

`familymember`, `address`, `city`, `country`, `state`, `phone_num`, `email`, `id`) VALUES 

('$firstname', '$lastname', '$mi', '$date', '$familyv','$addressv', '$city', '$country', 

'$state', '$phone', '$email', NULL)";

mysql_query($reg)or die( mysql_error());



?>
4

1 回答 1

0

你有一些错别字

$state= filter_input(INPUT_GET,"phone", FILTER_SANITIZE_SPECIAL_CHARS);

$state$_GET['phone']. 此外,您始终filter_input是一个变量,然后将其重新声明为$_GET-variable。例如

// $lastname = filtered $_GET['lastname']
$lastname= filter_input(INPUT_GET,"lastname", FILTER_SANITIZE_SPECIAL_CHARS);

// $lastname = pure, unfiltered $_GET['lastname']
$lastname = $_GET['lastname'];

请尝试优化您的代码。也是为了可读性。每个语句可以写成一行:$firstname= mysql_real_escape_string(filter_input(INPUT_GET,"firstname", FILTER_SANITIZE_SPECIAL_CHARS));

它会起作用,但是当我保存它时,它们会逐个运行

你是什​​么意思。您的 AJAX 请求不起作用吗?尝试使用FirebugWebdeveloper 工具栏对其进行调试。

于 2013-06-06T08:09:38.533 回答