【问题标题】:empty or not empty allow to insert using php空或非空允许使用php插入
【发布时间】:2018-04-28 03:00:16
【问题描述】:
If($_POST){
    $validator = array ('success' => false,  'message' => array());
    $a = $_POST['name'];
    $b = $_POST['sex'];
    $c = isset ($_POST['national'])?$_POST['national']:0;

    $sql="INSERT INTO tblstudent VALUES('$a','$b','$c')";
    $query=$connect->query($sql);

    if($query ===true){
        $validator['success'] = true;
        $validator['message '] = "added";
    }else{
        $validator['success'] = false;
        $validator['message '] = "error";

        //close connection 
        $connect->close ();

        Echo json_encode($validator);
    }

变量$c可以输入也可以不输入。如果$c 为空,我想将其设置为=0。上面的代码不起作用。问题是变量$c

【问题讨论】:

  • 您在 sql 字符串的末尾错过了"
  • 由于" 引号丢失,您看到代码颜色了吗?
  • 我认为你的列和值映射有问题。
  • 您很容易受到该代码的 SQL 注入攻击。阅读准备好的语句的使用

标签: php jquery html mysqli


【解决方案1】:

您在sql 语句中缺少",我还用if 迭代替换了$c 赋值三元运算符,以便您可以轻松分解代码,并使用准备好的语句转换代码以防止sql注入攻击

If($_POST)
{
$validator = array ('success' => false,  'message' => array());
$a = $_POST['name'];
$b = $_POST['sex'];

if(isset($_POST['national']))
{
c=$_POST['national'];
}
else
{
c=0;
}

$sql=$connect->prepare("INSERT INTO tblstudent VALUES(?,?,?)";
$sql->bind_param("sss",$a,$b,$c);

if($sql->execute())
{
    $validator['success'] = true;
    $validator['message '] = "added";
}else{
    $validator['success'] = false;
    $validator['message '] = "error";

    //close connection 
    $connect->close ();

    Echo json_encode($validator);
}

【讨论】:

    【解决方案2】:

    当您使用$connect->query 时,您没有添加" 来结束您的sql 查询并且没有在查询中传递列名。尝试如下,

    <?php
    if(isset($_POST) && array_filter($_POST)){
        $validator = array ('success' => false,  'message' => array());
        if(!empty($_POST['name']) && !empty($_POST['sex'])){
            $name = $connect->real_escape_string($_POST['name']);
            $sex = $connect->real_escape_string($_POST['sex']);
            $national = ($_POST['national']) ? $connect->real_escape_string($_POST['national']) : 0;        
            $sql = "INSERT INTO `tblstudent` (`name`,`sex`,`national`) VALUES('{$name}','{$sex}','{$national}')";       
            $validator = ($connect->query($sql)) ? array('success' => true, 'message' => 'added') : array('success' => false, 'message' => 'error');        
        }else{
            $validator = array ('success' => false,  'message' => 'error');
        }    
        $connect->close();
        echo json_encode($validator);
        exit();
    }
    ?>
    

    【讨论】:

      猜你喜欢
      • 2020-01-17
      • 1970-01-01
      • 2016-05-21
      • 2020-02-07
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2011-04-26
      • 1970-01-01
      相关资源
      最近更新 更多