PHP表单赢得';t插入MYSQL
有很多这样的错误,但这一个是我的 我有一个PHP票务类型的表单,我想将信息插入MYSQL数据库 以下是PHP表单:PHP表单赢得';t插入MYSQL,php,html,mysql,database,forms,Php,Html,Mysql,Database,Forms,有很多这样的错误,但这一个是我的 我有一个PHP票务类型的表单,我想将信息插入MYSQL数据库 以下是PHP表单: <html lang="en" dir="ltr"> <head> <meta charset="utf-8"> <title></title> </head> <body> <form name="ticket-form" id="ticket-form"
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8">
<title></title>
</head>
<body>
<form name="ticket-form" id="ticket-form" action="get_response.php" method="POST">
<p>Please provide your first name: <input type="text" name="firstName" id="firstName" placeholder="John" required></p>
<p>Please provide your last name: <input type="text" name ="lastName" id="lastName" placeholder="Smith" required></p>
<p>Please indicate if you are a company or a contractor:
<input type="radio" name="clientType" id="clientType" value="company">Company
<input type="radio" name="clientType" id="clientType" value="contractor" checked>Contractor</p>
<p>Please provide an email address: <input type="email" name="email" id="email" placeholder="John123@example.com"><br></p>
<p>Please provide a phone number if you'd prefer: <input type="text" name="number" id="number" max="13" placeholder="07654321234"><br></p>
<p>Please detail your query, going in to as much detail as possible: </p>
<textarea name="query" id="query" rows="8" cols="80" placeholder="Please detail the nature of your issue, going in to as much detail as possible."></textarea><br><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
<?php
$servername = "xxxxx";
$username = "xxxxx";
$password = "xxxxx";
$dbname = "tickets";
$conn = mysqli_connect($servername, $username, $password, $dbname);
if($conn->connect_error){
die("Connection failed: " . $conn->connect_error);
} ?>
[Fri Nov 01 12:24:51.342604 2019] [mpm_event:notice] [pid 673:tid 140589056359360] AH00489: Apache/2.4.38 (Ubuntu) configured -- resuming normal operations
[Fri Nov 01 12:24:51.343298 2019] [core:notice] [pid 673:tid 140589056359360] AH00094: Command line: '/usr/sbin/apache2'
我试着在常规的MacOSX操作系统中重新制作表单,效果很好。无论是虚拟机、它与现代OSX软件的通信方式,还是某些个人配置,似乎都存在根本性的问题。虽然我可以在Linux命令行中连接到mysql,但它无法通过表单工作 在安装MS SQL Server时,我有20分钟的空闲时间,因此可以快速重构代码,以利用
准备好的语句来减轻SQL注入攻击。它没有经过测试,所以可能会有一些我忽略的小错误,但我希望它会被证明是有用的
<?php
$status=false;
if( $_SERVER['REQUEST_METHOD']=='POST' ){
$errors=array();
$args=array(
'firstName' => FILTER_SANITIZE_STRING,
'lastName' => FILTER_SANITIZE_STRING,
'clientType' => FILTER_SANITIZE_STRING,
'email' => FILTER_SANITIZE_STRING,
'query' => FILTER_SANITIZE_STRING,
'number' => FILTER_SANITIZE_STRING
);
foreach( array_keys( $args ) as $field ){
if( !isset( $_POST[ $field ] ) ) $errors[]=sprintf( 'The field "%s" is not set', $field );
}
foreach( $_POST as $field => $value ){
if( !in_array( $field, array_keys( $args ) ) )$errors[]=sprintf( 'Unknown field "%s"', $field );
}
if( empty( $errors ) ){
$_POST=filter_input_array( INPUT_POST, $args );
extract( $_POST );
require_once 'config.php';
require_once 'index.php';
$sql='insert into `tickets`
( `first_name`, `second_name`, `client_type`, `email_address`, `phone_number`, `query` )
values
( ?, ?, ?, ?, ?, ? )';
$stmt=$conn->prepare( $sql );
if( !$stmt )$errors[]='The SQL Prepared Statement failed';
$stmt->bind_param('ssssss', $firstName, $lastName, $clientType, $email, $query, $number );
$stmt->execute();
$status=$conn->affected_rows;
}
}
?>
<html lang='en' dir='ltr'>
<head>
<meta charset='utf-8'>
<title></title>
</head>
<body>
<form name='ticket-form' method='POST'>
<?php
if( $_SERVER['REQUEST_METHOD']=='POST' ){
if( !empty( $errors ) ){
printf( '<pre>%s</pre>',print_r($errors,true) );
} else {
if( $status ){
echo "
<p>Thank you for your email!</p>
<p> We aim to respond to your query as soon as possible.
Please allow 2 business days for a response and check spam folders.</p>";
}
}
}
?>
<label>Please provide your first name: <input type='text' name='firstName' placeholder='John' required></label>
<label>Please provide your last name: <input type='text' name ='lastName' placeholder='Smith' required></label>
<label>
Please indicate if you are a company or a contractor:
<input type='radio' name='clientType' value='company'>Company
<input type='radio' name='clientType' value='contractor' checked>Contractor
</label>
<label>Please provide an email address: <input type='email' name='email' id='email' placeholder='John123@example.com'></label>
<label>Please provide a phone number if you'd prefer: <input type='text' name='number' id='number' max='13' placeholder='07654321234'></label>
<label>
Please detail your query, going in to as much detail as possible:
<textarea name='query' rows='8' cols='80' placeholder='Please detail the nature of your issue, going in to as much detail as possible.'></textarea>
</label>
<input type='submit' />
</form>
</body>
</html>
您对SQL注入持开放态度,应该立即解决脚本面临的风险。使用。连绳子都不安全!您在web服务器日志中看到了什么错误?因此它正在插入,但插入了空值?请打开错误报告,然后报告错误-您还需要通过进行一些调试来帮助我们。请给我们看一下var\u dump($\u POST)
、var\u dump($first\u name)
、以及var\u dump($sql)
,谢谢,谢谢。请注意,我请求的问题仍然没有解决。表单本身发布得很好,所以我认为您的问题可能存在于其他地方,但连接很好,只有表单不起作用,对不起。在get\u response.php
putexit(print\r($\u POST,1))的顶部或类似代码开始调试。启用错误报告您可能需要检查的一件事是所需的文件是否确实正确包含。-<代码>变量转储(获取包含的文件())
php get_response.php
[Fri Nov 01 12:24:51.342604 2019] [mpm_event:notice] [pid 673:tid 140589056359360] AH00489: Apache/2.4.38 (Ubuntu) configured -- resuming normal operations
[Fri Nov 01 12:24:51.343298 2019] [core:notice] [pid 673:tid 140589056359360] AH00094: Command line: '/usr/sbin/apache2'
<?php
$status=false;
if( $_SERVER['REQUEST_METHOD']=='POST' ){
$errors=array();
$args=array(
'firstName' => FILTER_SANITIZE_STRING,
'lastName' => FILTER_SANITIZE_STRING,
'clientType' => FILTER_SANITIZE_STRING,
'email' => FILTER_SANITIZE_STRING,
'query' => FILTER_SANITIZE_STRING,
'number' => FILTER_SANITIZE_STRING
);
foreach( array_keys( $args ) as $field ){
if( !isset( $_POST[ $field ] ) ) $errors[]=sprintf( 'The field "%s" is not set', $field );
}
foreach( $_POST as $field => $value ){
if( !in_array( $field, array_keys( $args ) ) )$errors[]=sprintf( 'Unknown field "%s"', $field );
}
if( empty( $errors ) ){
$_POST=filter_input_array( INPUT_POST, $args );
extract( $_POST );
require_once 'config.php';
require_once 'index.php';
$sql='insert into `tickets`
( `first_name`, `second_name`, `client_type`, `email_address`, `phone_number`, `query` )
values
( ?, ?, ?, ?, ?, ? )';
$stmt=$conn->prepare( $sql );
if( !$stmt )$errors[]='The SQL Prepared Statement failed';
$stmt->bind_param('ssssss', $firstName, $lastName, $clientType, $email, $query, $number );
$stmt->execute();
$status=$conn->affected_rows;
}
}
?>
<html lang='en' dir='ltr'>
<head>
<meta charset='utf-8'>
<title></title>
</head>
<body>
<form name='ticket-form' method='POST'>
<?php
if( $_SERVER['REQUEST_METHOD']=='POST' ){
if( !empty( $errors ) ){
printf( '<pre>%s</pre>',print_r($errors,true) );
} else {
if( $status ){
echo "
<p>Thank you for your email!</p>
<p> We aim to respond to your query as soon as possible.
Please allow 2 business days for a response and check spam folders.</p>";
}
}
}
?>
<label>Please provide your first name: <input type='text' name='firstName' placeholder='John' required></label>
<label>Please provide your last name: <input type='text' name ='lastName' placeholder='Smith' required></label>
<label>
Please indicate if you are a company or a contractor:
<input type='radio' name='clientType' value='company'>Company
<input type='radio' name='clientType' value='contractor' checked>Contractor
</label>
<label>Please provide an email address: <input type='email' name='email' id='email' placeholder='John123@example.com'></label>
<label>Please provide a phone number if you'd prefer: <input type='text' name='number' id='number' max='13' placeholder='07654321234'></label>
<label>
Please detail your query, going in to as much detail as possible:
<textarea name='query' rows='8' cols='80' placeholder='Please detail the nature of your issue, going in to as much detail as possible.'></textarea>
</label>
<input type='submit' />
</form>
</body>
</html>