堆栈内存溢出
  简体   繁体   English

发布变量值而不是变量名称

[英]Posting variable value rather than name of variable

 原文  2013-02-02 14:19:33       php/ html/ mysql/ sql/ database

问题描述

I'm trying to get the entry from a textbox code to go to a php form and have the php form send it to a database. 我试图从文本框代码中获取条目转到php表单并让php表单将其发送到数据库。 THe problem I'm having is instead of posting the textbox value it posts $code. 我遇到的问题是发布文本框值而不是发布$ code。 I'm using mysql and php. 我正在使用mysql和php。

PHP: PHP: 

<?
if( $_POST )
{
$username="***";
$password="***";
    $con = mysql_connect("***",$username,$password);

    if (!$con)
    {
        die('Could not connect: ' . mysql_error());
    }

    mysql_select_db("inmoti6_mysite", $con);

    $code = $_POST['code'];


    $code = htmlspecialchars($code); 


    $query = 'INSERT INTO `storycodes`.`storycodes` (`code`) VALUES ("$code");';


    mysql_query($query);

    echo "<h2>Thank you for your Comment!</h2>";

    mysql_close($con);
}
?>

Doubt this is the issue, but here's the html: 怀疑这是问题,但这里是html: 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Database</title>
</head>

<body>
<form id="form1" name="form1" method="post" action="/scripts/database2.php">
  <label>Code:
  <input name="code" type="text" id="code" value="" size="45" />
</label>
  <p>
    <label>
    <input type="submit" name="submit" id="submit" value="Submit" />
    </label>
  </p>
</form>
</body>
</html>

2 个解决方案

解决方案1
 2 已采纳  2013-02-02 14:23:16

You need to use double quotes for the variables to be recognized in a string, so change: 您需要使用双引号来在字符串中识别变量,因此请更改: 

$query = 'INSERT INTO `storycodes`.`storycodes` (`code`) VALUES ("$code");';

to 

$query = "INSERT INTO `storycodes`.`storycodes` (`code`) VALUES ('$code');";

You also have an sql injection problem; 你也有一个SQL注入问题; I recommend that you switch to PDO (or mysqli) with prepared statements and bound variables. 我建议您使用预准备语句和绑定变量切换到PDO(或mysqli)。 At the very least you should use mysql_real_escape_string on your variables before you insert them in the database but as you can see in the manual, the mysql_* functions are deprecated. 在将变量插入数据库之前,至少应该对变量使用mysql_real_escape_string ,但正如您在手册中看到的那样,不推荐使用mysql_*函数。

解决方案2
 0  2013-02-02 14:23:26

it doesn't post $code, you use $code as a value instead of a variable. 它不会发布$ code,你使用$ code作为值而不是变量。 problem is related to quotes. 问题与报价有关。 

$query = "INSERT INTO `storycodes`.`storycodes` (`code`) VALUES (\"$code\");";

try this one. 试试这个。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 INSERT INTO sql查询使用变量字符串而不是字段名称 - INSERT INTO sql query is using variable string rather than field name PHP对象存储在变量中作为参考,而不是值 - PHP object is being stored in variable as a reference rather than value 当名称作为变量而不是字符串文字传递时,PHP gethostbyname()返回名称而不是IP - PHP gethostbyname() returning Name instead of IP when the name is passed in as a variable rather than a string literal 网址具有可变的值,而不是可变的 - URLs to have variable value rather then just variable 在超链接中更改$ _GET变量,而不是附加它 - Change $_GET variable in a hyperlink rather than appending it 如何将cookiejar放入变量而不是文件 - How to put cookiejar into a variable rather than a file Ajax jQuery帖子发布而没有变量名 - Ajax jquery post is posting without a variable name 发布一个变量,它是表单输入的“名称” - Posting a variable which is the “name” of form input 如何分辨javascript x.value = $(&#39;‪#selectID‬option:selected&#39;)。text(); “ selectID”不是ID的名称,而是变量 - How to tell javascript x.value = $('‪#‎selectID‬ option:selected').text(); that 'selectID' is not a name of an ID but rather a variable 如何在输入字段中显示占位符名称而不是值名称 - How to show placeholder name rather than the value name in the input fiels
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM