PHP:Textarea针对数据库表的输入验证
我正在尝试根据数据库表验证textarea输入。如果存在任何条目,则拒绝该表单。如果找不到条目,则接受表单,并将textarea输入输入到数据库表中,并且每个换行符都会转到新行 但是我遇到了麻烦,下面的脚本似乎跳过了验证部分,直接将textarea输入添加到数据库中PHP:Textarea针对数据库表的输入验证,php,mysql,validation,Php,Mysql,Validation,我正在尝试根据数据库表验证textarea输入。如果存在任何条目,则拒绝该表单。如果找不到条目,则接受表单,并将textarea输入输入到数据库表中,并且每个换行符都会转到新行 但是我遇到了麻烦,下面的脚本似乎跳过了验证部分,直接将textarea输入添加到数据库中 <?php if (isset($_GET["submit"])) { } $host = "localhost"; $user = "root"; $password = "password"; $database = "
<?php
if (isset($_GET["submit"])) {
}
$host = "localhost";
$user = "root";
$password = "password";
$database = "test";
// Establish server connection and select database
$dbh = mysqli_connect($host, $user, $password, $database);
if (mysqli_connect_errno()) {
die('Unable to connect to database ' . mysqli_connect_error());
}
else {
$text = trim($_POST['serial']);
$textAr = explode("\n", $text);
$textAr = array_filter($textAr, 'trim'); // remove any extra \r chars
foreach ($textAr as $line) {
$query = mysqli_query($dbh, "SELECT serials FROM `wp27_test6serial` WHERE `serials` = '$line'");
$result = mysqli_query($dbh, $query);
if (mysqli_num_rows($result) > 0) {
die('entry already exists');
}
else {
$query = mysqli_query($dbh, "INSERT INTO wp27_test6serial (rtxserials) VALUES ('$line')");
echo ('serials submitted');
}
}
}
您正在查询两次
$query = mysqli_query($dbh, "SELECT serials FROM `wp27_test6serial` WHERE `serials` = '$line'");
应该是
$query = "SELECT serials FROM `wp27_test6serial` WHERE `serials` = '$line'";
您的代码不受SQL注入攻击。使用准备好的语句。您要查询两次
$query = mysqli_query($dbh, "SELECT serials FROM `wp27_test6serial` WHERE `serials` = '$line'");
应该是
$query = "SELECT serials FROM `wp27_test6serial` WHERE `serials` = '$line'";
您的代码不受SQL注入攻击。使用事先准备好的陈述