[英]Posting variable value rather than name of variable
I'm trying to get the entry from a textbox code to go to a php form and have the php form send it to a database. 我试图从文本框代码中获取条目转到php表单并让php表单将其发送到数据库。 THe problem I'm having is instead of posting the textbox value it posts $code.
我遇到的问题是发布文本框值而不是发布$ code。 I'm using mysql and php.
我正在使用mysql和php。
PHP: PHP:
<?
if( $_POST )
{
$username="***";
$password="***";
$con = mysql_connect("***",$username,$password);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("inmoti6_mysite", $con);
$code = $_POST['code'];
$code = htmlspecialchars($code);
$query = 'INSERT INTO `storycodes`.`storycodes` (`code`) VALUES ("$code");';
mysql_query($query);
echo "<h2>Thank you for your Comment!</h2>";
mysql_close($con);
}
?>
Doubt this is the issue, but here's the html: 怀疑这是问题,但这里是html:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Database</title>
</head>
<body>
<form id="form1" name="form1" method="post" action="/scripts/database2.php">
<label>Code:
<input name="code" type="text" id="code" value="" size="45" />
</label>
<p>
<label>
<input type="submit" name="submit" id="submit" value="Submit" />
</label>
</p>
</form>
</body>
</html>
You need to use double quotes for the variables to be recognized in a string, so change: 您需要使用双引号来在字符串中识别变量,因此请更改:
$query = 'INSERT INTO `storycodes`.`storycodes` (`code`) VALUES ("$code");';
to 至
$query = "INSERT INTO `storycodes`.`storycodes` (`code`) VALUES ('$code');";
You also have an sql injection problem; 你也有一个SQL注入问题; I recommend that you switch to PDO (or mysqli) with prepared statements and bound variables.
我建议您使用预准备语句和绑定变量切换到PDO(或mysqli)。 At the very least you should use
mysql_real_escape_string
on your variables before you insert them in the database but as you can see in the manual, the mysql_*
functions are deprecated. 在将变量插入数据库之前,至少应该对变量使用
mysql_real_escape_string
,但正如您在手册中看到的那样,不推荐使用mysql_*
函数。
it doesn't post $code, you use $code as a value instead of a variable. 它不会发布$ code,你使用$ code作为值而不是变量。 problem is related to quotes.
问题与报价有关。
$query = "INSERT INTO `storycodes`.`storycodes` (`code`) VALUES (\"$code\");";
try this one. 试试这个。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.