PHP不会发布到MySQL数据库。
[英]PHP won't POST to MySQL database.
问题描述
I've made some PHP/HTML pages for easy inserting into one of my databases. 
我制作了一些PHP / HTML页面,以便于插入到我的数据库中。 At first it seemed to work fine, but once I tried testing more, I realized that when I try to type more than one line in my textarea (see below for the code), it won't go through to the database. 最初,它似乎可以正常工作,但是当我尝试进行更多测试时,我意识到,当我尝试在textarea中键入多行代码时(请参见下面的代码),它将不会进入数据库。 I won't get any errors, but it won't be saved in the database, either. 我不会收到任何错误,但也不会保存在数据库中。 This problem also exists with the editing script I made. 我制作的编辑脚本也存在此问题。 If I try editing the textarea, it doesn't change the database. 如果我尝试编辑textarea,它不会更改数据库。
Codes are below. 代码如下。
All field types are varchar with unicode, so I can type non-english characters. 所有字段类型都是带有unicode的varchar,因此我可以键入非英语字符。 The only ones that aren't are the ID (bigint) and the content (longtext) to allow lots and lots of info (theoretically, heh). 唯一不是ID(bigint)和内容(longtext)允许大量信息(理论上是heh)。
The two for adding to the database. 这两个用于添加到数据库。 I could probably figure out the updating one, if I knew what was wrong in general... this is my first time actually using PHP and MySQL in depth so I have absolutely no clue why it isn't working. 如果我通常知道什么地方出了问题,我大概可以找出更新的地方……这是我第一次真正深入地使用PHP和MySQL,因此我完全不知道为什么它不起作用。 Thanks for your help! 谢谢你的帮助!
characteradd.php characteradd.php
<html>
<head>
<title>Character Add</title>
</head>
<body>
<div align="center">
<br>
<font style="font-size: 50px;"><b>Character Add</b></font><br>
Fill in everything with something.<br>
<br>
<form action="charinsert.php" method="post">
<table>
<tr>
<td>Name:</td><td><input type="text" name="name"><br></td>
<td>Story:</td><td><input type="text" name="story"><br></td>
</tr><tr>
<td>Deity Group?</td><td><input type="text" name="deity"><br></td>
<td>Country:</td><td><input type="text" name="country"><br></td>
</tr><tr>
<td>City:</td><td><input type="text" name="city"><br></td>
<td>Gender:</td><td><input type="text" name="gender"><br></td>
</tr><tr>
<td>Orientation:</td><td><input type="text" name="orientation"><br></td>
<td>Age:</td><td><input type="text" name="age"><br></td>
</tr><tr>
<td>Blood Type:</td><td><input type="text" name="blood"><br></td>
<td>Occupation?</td><td><input type="text" name="occupation"><br></td>
</tr><tr>
<td>Height:</td><td><input type="text" name="height"><br></td>
<td>Weight:</td><td><input type="text" name="weight"><br></td>
</tr><tr>
<td>Hair Color:</td><td><input type="text" name="hair"><br></td>
<td>Eye Color:</td><td><input type="text" name="eye"><br></td>
</tr>
<td>Race:</td><td><input type="text" name="race"><br></td>
<td>Pic Ref Preview:</td><td><input type="text" name="picpreview"><br></td>
</tr><tr>
<td>Pic Link:</td><td><input type="text" name="piclink"><br></td>
<td>Relation Link:</td><td><input type="text" name="relationlink"><br></td>
</tr><tr>
<td>Pirate Stuff</td></tr><tr>
<td>Allegiance:</td><td><input type="text" name="allegiance"><br></td>
</tr><tr>
<td>Future Stuff</td></tr><tr>
<td>Element:</td><td><input type="text" name="element"><br></td>
<td>Area:</td><td><input type="text" name="area"><br></td>
</tr><tr><td>History:</td></tr><tr>
<td colspan="4"><textarea cols="80" rows="15" name="content">
</textarea></td>
</tr>
</table>
<input type="Submit">
</form>
</div>
</body>
</html>
charinsert.php charinsert.php
<html>
<head>
<title>Character Added!</title>
</head>
<body>
<?php
$username="username";
$password="pass";
$database="obviously";
$host="notthis";
$name=$_POST['name'];
$story=$_POST['story'];
$deity=$_POST['deity'];
$country=$_POST['country'];
$city=$_POST['city'];
$gender=$_POST['gender'];
$orientation=$_POST['orientation'];
$age=$_POST['age'];
$blood=$_POST['blood'];
$occupation=$_POST['occupation'];
$height=$_POST['height'];
$weight=$_POST['weight'];
$hair=$_POST['hair'];
$eye=$_POST['eye'];
$race=$_POST['race'];
$picpreview=$_POST['picpreview'];
$piclink=$_POST['piclink'];
$rellink=$_POST['relationlink'];
$allegiance=$_POST['allegiance'];
$element=$_POST['element'];
$area=$_POST['area'];
$content=$_POST['content'];
mysql_connect($host,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query = "INSERT INTO aliz_character VALUES ('','$story','$deity','$country','$city','$name','$gender','$orientation','$age','$blood','$occupation','$rellink','$height','$weight','$hair','$eye','$picpreview','$piclink','$allegiance','$element','$area','$race','$content')";
mysql_query($query);
mysql_close();
?>
<div align="center">
Return to <a href="dtop.php">updating page</a>.
</div>
</body>
</html>
2 个解决方案
解决方案1
4 2011-07-30 07:28:37
You're not escaping any of your inputs. 您没有逃避任何输入。 Anyone can type stuff into any of those inputs to easily break the query. 任何人都可以在任何这些输入中键入内容,以轻松中断查询。 Just try putting a single quote mark ' in any of them. 只需尝试在其中任何一个中加一个单引号' 。
It's time to learn about PDO, prepared statements and parameter binding. 现在是时候了解PDO,准备好的语句和参数绑定了。
If you want to use this script as-is, call mysql_real_escape_string on every single string you put into the query. 如果您想按原样使用此脚本,请对输入到查询中的每个字符串调用mysql_real_escape_string 。
$content = mysql_real_escape_string($_POST['content']);
解决方案2
0 2011-07-30 07:39:11
与@Dan Grossman一起使用我的两分钱,您没有逃脱',而ur textarea从用户输入中获取了很多。编码...欢呼!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.