Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/274.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/mysql/63.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
PHP表单数组到MySQL数据库_Php_Mysql_Arrays_Forms - Fatal编程技术网
Fatal编程技术网
  • php/
  • PHP表单数组到MySQL数据库

PHP表单数组到MySQL数据库

php mysql arrays forms

PHP表单数组到MySQL数据库,php,mysql,arrays,forms,Php,Mysql,Arrays,Forms,嗯。似乎我的PHP代码有一些问题,这让我感到困扰。到目前为止,表格一半有效,一半无效。这是代码 <?php include "cgi-bin/toplinks.php"; include "cgi-bin/charsheetarrays.php"; include "cgi-bin/dropdown.php"; include "cgi-bin/connect_to_mysql.php"; if (isset($_POST['pccharname'])){ $playerid=$

嗯。似乎我的PHP代码有一些问题,这让我感到困扰。到目前为止,表格一半有效,一半无效。这是代码

<?php
include "cgi-bin/toplinks.php"; include "cgi-bin/charsheetarrays.php"; include "cgi-bin/dropdown.php"; include "cgi-bin/connect_to_mysql.php";

if (isset($_POST['pccharname'])){
    $playerid=$_SESSION['id'];
    $pccharname=ereg_replace("[^A-Z a-z]", "", $_POST['pccharname']);
    $pcclan=$_POST['pcclan'];
    $pcfamily=$_POST['famnames'];
    $pchonor=$_POST['pchonor'];
    $pcglory=$_POST['pcglory'];
    $pcstatus=$_POST['pcstatus'];
    $pctaint=$_POST['pctaint'];
    $charconcept=ereg_replace("[^A-Z a-z]", "", $_POST['charconcept']);
    $pcmon=$_POST['pcmon'];
    $pcfamilyties=ereg_replace("[^A-Z a-z.:]", "", $_POST['pcfamilyties']);
    $pchistorytext=ereg_replace("[^A-Z a-z.:]", "", $_POST['pchistorytext']);
    $pcbelieftext=ereg_replace("[^A-Z a-z.:]", "", $_POST['pcbelieftext'])
    $pcgoalstext=ereg_replace("[^A-Z a-z.:]", "", $_POST['pcgoalstext']);
    $pchookstext=ereg_replace("[^A-Z a-z.:]", "", $_POST['pchookstext']);
    $pcstatagi=$_POST['pcstatagi'];
    $pcstatint=$_POST['pcstatint'];
    $pcstatref=$_POST['pcstatref'];
    $pcstataware=$_POST['pcstataware'];
    $pcstatstam=$_POST['pcstatstam'];
    $pcstatwill=$_POST['pcstatwill'];
    $pcstatstr=$_POST['pcstatstr'];
    $pcstatpercep=$_POST['pcstatpercep'];
    $pcstatvoid=$_POST['pcstatvoid'];
    $pcinitmodroll=$_POST['pcinitmodroll'];
    $pcinitmodkeep=$_POST['pcinitmodkeep'];
    $pcinitmodbonus=$_POST['pcinitmodbonuse'];
    $pcwoundmod=$_POST['pcwoundmod'];
    $pcarmor=$_POST['pcarmor'];
    $pctnmods=$_POST['pctnmods'];
    $pcadddisadlist=$_POST['pcaddisadlist'];
    $ssstringarr=array (ss1=>$_POST['ss0'],ss2=>$_POST['ss1'],ss3=>$_POST['ss2'],ss4=>$_POST['ss3'],ss5=>$_POST['ss4'],ss6=>$_POST['ss5'],ss7=>$_POST['ss6']);
    $ssstring=implode("~",$ssstringarr);

    for($i=0; $i<36; $i++)
    {
        $n=$i-1;
        $skillnum="skill". $n;
        $emphnum="skill". $n ."emph";
        $ranknum="skill". $n ."rank";
        $skillstringarr= array ();
        $skillemphstringarr= array ();
        $skillrankstringarr= array ();
        $skillstringarr[skillnum] = $_POST[skillnum];
        $skillemphstringarr[emphnum] = $_POST[emphnum];
        $skillrankstringarr[ranknum] = $_POST[ranknum];
    }

    $skillstring=implode("~",$skillstringarr);
    $emphstring=implode("~",$skillemphstringarr);
    $rankstring=implode("~",$skillrankstringarr);
    $pctechs=$_POST['pctechs'];
    $pcspells=$_POST['pcspells'];
    $pckata=$_POST['pckata'];
    $pckiho=$_POST['pckiho'];
    $pcworninv=$_POST['pcworninv'];
    $pcownedinv=$_POST['pcownedinv'];
    $pcnormgen=$_POST['pcnormgen'];
    $pcdamgen=$_POST['pcdamgen'];
    $pcgmnotes=$_POST['pcgmnotes'];
    $servinfolog=$_POST['servinfolog'];
    $pcdatesanc=$_POST['pcdatesanc'];
    $pcwhosanc=$_POST['pcwhosanc'];
    $pclastlogin=$_POST['pclastlogin'];
    $pcxpavail=$_POST['pccp'];

    if (($pccharname=="")||($pcclan=="---")||$famname=="---"||$famname=="Pick A Family"||($pcschool=="---")||($pcschool=="--Crab Schools--")||($pcschool=="--Crab Schools--")||($pcschool=="--Crane Schools--")||($pcschool=="--Dragon Schools--")||($pcschool=="--Lion Schools--")||($pcschool=="--Mantis Schools--")||($pcschool=="--Phoenix Schools--")||($pcschool=="--Scorpion Schools--")||($pcschool=="--Unicorn Schools--")||($pcschool=="--Imperial Schools--")||($pcschool=="--Badger Schools--")||($pcschool=="--Dragonfly Schools--")||($pcschool=="--Hare Schools--")||($pcschool=="--Monkey Schools--")||($pcschool=="--Oriole Schools--")||($pcschool=="--Ox Schools--")||($pcschool=="--Sparrow Schools--")||($pcschool=="--Tortoise Schools--")||($pcschool=="--Monk Schools--")||($pcschool=="--Ronin Schools--")||($pcschool=="--Merchant Schools")||($pcschool=="--Pick A School--"))
    {
        $errormsg = "Please correct your error";
    }else{
    $sql=mysql_query("INSERT INTO pcchars (playerid,pccharid,pccharname,pcclan,pcschool,pchonor,pcglory,pcstatus,pctaint,pchistorytext,pcbelieftext,pcgoalstext,pchookstext,charconcept,pcmon,pcfamilyties,pcstatagi,pcstatint,pcstatref,pcstataware,pcstatstam,pcstatwill,pcstatstr,pcstatpercep,pcstatvoid,pcinitmodroll,pcinitmodkeep,pcinitmodbonus,pcwoundmod,pcarmor,pctnmods,pcaddisadlist,ssstring,skillstring,emphstring,rankstring,pctechs,pcspells,pckata,pckiho,pcworninv,pcownedinv,pcgentry,damgentry,pcgmnotes,servinfolog,pcdatecreate,issanced,pcdatesanc,whosanc,pclastlogin,pcxpavail)VALUES('$playerid','$pccharid','$pccharname','$pcclan','$pcschool','$pchonor','$pcglory','$pcstatus','$pctaint','$pchistorytext','$pcbelieftext','$pcgoalstext','$pchookstext','$charconcept','$pcmon','$pcfamilyties','$pcstatagi','$pcstatint','$pcstatref','$pcstataware','$pcstatstam','$pcstatwill','$pcstatstr','$pcstatpercep','$pcstatvoid','$pcinitmodroll','$pcinitmodkeep','$pcinitmodbonus','$pcwoundmod','$pcarmor','$pctnmods','$pcaddisadlist','$ssstring','$skillstring','$emphstring','$rankstring','$pctechs','$pcspells','$pckata','$pckiho','$pcworninv','$pcownedinv','$pcgentry','$damgentry','$pcgmnotes','$servinfolog','now()','$issanced','$pcdatesanc','$whosanc','$pclastlogin','$pcxpavail')") or die (mysql_error());
    }
}else{
echo "<html><head></head><body>Please <a href='http://fiveringsonline.net/login.php'>Login</a> here. You will have to make your character again, because I haven't set it up to save.</body></html>";
}//close id set
?>

未正确引用您的变量:


$skillstringarr[skillnum] = $_POST[skillnum];
$skillemphstringarr[emphnum] = $_POST[emphnum];
$skillrankstringarr[ranknum] = $_POST[ranknum];


它们应该是:


$skillstringarr[$skillnum] = $_POST[s$killnum];
$skillemphstringarr[$emphnum] = $_POST[$emphnum];
$skillrankstringarr[$ranknum] = $_POST[$ranknum];


还请注意,您正在使用每个循环重新初始化阵列:


$skillstringarr= array ();
$skillemphstringarr= array ();
$skillrankstringarr= array ();


您应该在循环之前执行一次,以避免删除数据


与当前问题无关,但仍然相关:请注意有关SQL注入的评论。
您需要将以下代码置于for循环之外


$skillstringarr= array ();
$skillemphstringarr= array ();
$skillrankstringarr= array ();


b因为你的for循环中有这段代码,数组每次都会被重置,而你最终将一无所获,这就是为什么你的内爆会是空的


您还需要按照另一个答案中的描述正确引用变量。
PDO。学会它,热爱它。你做错了一件可怕的事。请了解。如果有人在您的表单中输入SQL代码,这将被执行(如果操作正确),并且可以读取/删除/执行任何希望对您的数据库执行的操作。。。非常危险!Byron Whitlock提到了PDO,如果正确使用它,也会解决这个问题。sohsiteadmin,@Byron Whitlock所说的是,您的代码非常SQL injection-y。在搜索窗口(或谷歌)中键入
sqlinjectionphp
。我了解sql injectiony的全部内容。这就是为什么我在生产中没有这个,谢谢。这就是我在半睡半醒的时候,脑子里乱七八糟的时候所得到的编码。