0

我的目标是创建一个用于INSERT INTO testquiz(MySQL 表)的通用模板。这将用于存储来自测验者的测验结果和用户信息(姓名和电子邮件是数据库中唯一的用户输入)。我是 PHP/MySQL 的新手,感觉自己只是在磕磕绊绊。

我的问题是我无法让$_POST测验生成的值出现在数据库中。我知道这些值正在生成,因为它们将显示一个基本的回声。有一个“发送到电子邮件”功能也适用于有效的值。如果我$_POST通过取消注释第一个注释块手动为数组分配值,我可以让这段代码工作。

我在这里想念什么?

旁注:我也会接受安全建议。谢谢你。

下面的代码(省略用户特定信息):

<?php
//disable magic quotes (PHP book says it's a good idea)
if (get_magic_quotes_gpc())
{
    $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
    while (list($key, $val) = each($process))
    {
        foreach ($val as $k => $v)
        {
            unset($process[$key][$k]);
            if (is_array($v))
            {
                $process[$key][stripslashes($k)] = $v;
                $process[] = &$process[$key][stripslashes($k)];
            }
            else
            {
                $process[$key][stripslashes($k)] = striplashes($v);
            }
        }
    }
    unset($process);
}


/* //Manually declare $_POST variables (can be disabled)
$_POST['v'] = '6.5.1';
$_POST['sp'] = 80;
$_POST['psp'] = 75;
$_POST['tp'] = 80;
$_POST['sn'] = 'user';
$_POST['se'] = 'abc123@fake.com';
$_POST['qt'] = 'Test Quiz';
*/
//Assign $_POST values to static variables???
$version = $_POST['v'];
$points = $_POST['sp'];
$passing_percent = $_POST['psp'];
$gained_score = $_POST['tp'];
$username = $_POST['sn'];
$email = $_POST['se'];
$quiz_title = $_POST['qt'];

//MySQL database connection PDO
try
{
    $pdo = new PDO('mysql:host=localhost;dbname=quizresults', 'user', 'password');
    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $pdo->exec('SET NAMES "utf8"');
}
catch (PDOException $e)
{
    $error = 'Unable to connect to the database server.';
    include 'error.html.php';
    exit();
}

//Prepare input for database entry
try
{

    $sql = $pdo->prepare("INSERT INTO testquiz (version, points, passing_percent, gained_score, username, email, quiz_title, date) VALUES (:version, :points, :passing_percent, :gained_score, :username, :email, :quiz_title, CURDATE())");
    $sql->execute(array(":version" => $version, ":points" => $points, ":passing_percent" => $passing_percent, ":gained_score" => $gained_score, ":username" => $username, ":email" => $email, ":quiz_title" => $quiz_title));

    //echo for debugging purposes
    echo $version . '<br />', $points . '<br />', $passing_percent . '<br />', $gained_score . '<br />', $username . '<br />', $email . '<br />', $quiz_title . '<br />', date(DATE_ATOM);
}
catch (PDOException $e)
{
    $error = 'Error adding quiz results to database: ' . $e->getMessage();
    include 'error.html.php';
    exit();
}

//Calculate user score
$points_num = (int)$points; 
$passing_num = ((int)$passing_percent)/100 * (int)$gained_score;

//Write results to a text file
$f = fopen("result.txt", "w") or die("Error opening file 'result.txt' for writing");

fwrite($f, "--------------------------\n");
fwrite($f, "User name: ".$username."\n");
fwrite($f, "User email: ".$email."\n");
fwrite($f, "Quiz title: ".$quiz_title."\n");
fwrite($f, "Points awarded: ".$points."\n");
fwrite($f, "Total score: ".$gained_score."\n");
fwrite($f, "Passing score: ".$passing_num."\n");

if ($points_num >= $passing_num)
{
    fwrite($f, "User passes\n");
}
else
{
    fwrite($f, "User fails\n");
}

fwrite($f, "--------------------------\n"); 

if($f) 
{ 
    fclose($f); 
}

?>
4

1 回答 1

1

我不确定这是否能解决所有问题,但

$sql->execute(array(":version" => $version, ":points" => $points, ":passing_percent" => $passing_percent, ":gained_score" => $gained_score, ":username" => $username, ":email" => $email, ":quiz_title" => $quiz_title));

应该:

$sql->execute(array("version" => $version, "points" => $points, "passing_percent" => $passing_percent, "gained_score" => $gained_score, "username" => $username, "email" => $email, "quiz_title" => $quiz_title));

:从数组中删除。它仅适用于 PDO 来“命名”变量)。

于 2014-04-26T04:56:59.043 回答