【发布时间】:2016-03-25 03:59:09
【问题描述】:
我一直在使用这个确切的代码(更改变量名称),将信息输入到我的整个网站的数据库中,我从来没有遇到过问题。 这是我曾经厌倦的一次插入数据库的最多变量。数据不会插入任何错误消息。
有没有更好的方法来做到这一点?这是一个已知问题吗?
PHP
<?php
if (isset($_POST['Save'])) {
$f_name = $_POST['franchise_name'];
$f_email = $_POST['fran_email'];
$f_mangn = $_POST['mang_name'];
$f_addline_1 = $_POST['franc_address'];
$f_addline_2 = $_POST['address2'];
$f_city = $_POST['city'];
$f_pcode = $_POST['pcode'];
$f_phone = $_POST['franc_phone'];
$insert_franc_dets = "INSERT INTO Franchise_manager_account(Area_Name,Franchise_email,Fran_Fname,Fran_business_add_line1,Fran_business_add_line2,Fran_City,fran_Postcode,Fran_Contact_Num)
VALUES (?,?,?,?,?,?,?,?)
ON DUPLICATE KEY
UPDATE
Area_Name = '$f_name',
Franchise_email = '$f_email',
Fran_Fname = '$f_mangn',
Fran_business_add_line1 = '$f_addline_1',
Fran_business_add_line2 = '$f_addline_2',
Fran_City = '$f_city',
fran_Postcode = '$f_pcode',
Fran_Contact_Num = '$f_phone'";
$c = mysqli_prepare($dbc, $insert_franc_dets);
//new
// $stmt = mysqli_prepare($dbc, $insert_c);
//debugging
//$c = mysqli_prepare($dbc, $insert_franc_dets) or die(mysqli_error($dbc));
mysqli_stmt_bind_param($c,'sssssssi', $f_name, $f_email, $f_mangn, $f_addline_1, $f_addline_2, $f_city, $f_pcode, $f_phone);
/* execute query */
$execute = mysqli_stmt_execute($c);
// if inserted echo the following messges
if ($execute) {
echo "<script> alert('Addrrss Saved')</script>";
} else {
echo "<b>Oops! we have an issue </b>";
}
}
$dbc->close();
?>
HTML
<form id="franchiseDets" action ="Franchise-Details.php" method="POST">
<!-- franchise details form-->
<div class="field">
<input type="text" name="franchise_name" id="fran_name" placeholder="e.g One Delivery Leeds" pattern="[a-zA-Z]"
autofocus required tabindex="1">
<br>
<input type="email" name="fran_email" id="fran_email" placeholder="leeds@one-delivery.co.uk" required tabindex="2">
<br>
<input type="text" name="mang_name" id="name" placeholder="Joe Blogs" required tabindex="3">
<br>
<input type="text" name="franc_address" id="address1" placeholder="Address Line 1" tanindex="4">
<input type="text" name="address2" id="address2" placeholder="Address Line 2" tabindex="5">
<input type="text" name="city" id="city" placeholder="Town/City" tabindex="6">
<input type="text" name="pcode" id="pcode" placeholder="Postcode" tabindex="7">
<br>
<input type="tel" name="franc_phone" id="phone" placeholder="Customer service number" min="10" maxlength="11" pattern="[0-9]{3}[-][0-9]{4}[-][0-9]{4}"
required title="Please provide your customer service number in the following format: 000-0000-0000" tabindex="8">
<input type="submit" name="Save" value="Save">
</form>
<br>
</div>
TABLE(3 个独特元素) 会话开始();位于页面顶部。 仍在进行 sql 注入。
【问题讨论】:
标签: php mysql insert-into