PHP MySQL查詢在Chrome中有效,但在Firefox / IE中無效
[英]Php mysql query works in chrome but not firefox/IE
問題描述
我剛剛完成我的大學作業,它在google chrome中運行良好,不幸的是,當我在firefox和IE中對其進行測試時,有一些mysql查詢無法正常工作。 下面的一個用於向數據庫中添加歌曲,它是在Chrome中執行的,但是當嘗試在firefox / IE中執行相同操作時,頁面只會刷新而沒有任何反應。 我嘗試搜索過去一個小時,但無法提出解決方案。 任何幫助,將不勝感激。
表格和輸入
if (!$edit) {
?>
<form class="inline" method="post" action="dataGridAdmin.php">
<td><input type="text" name="song" size="20"></td>
<td><input type="text" name="artist" size="20"></td>
<td>
<?php
if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
"<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
"<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
}
?>
<input type="image" src="add.png" name="addTrack" value="yes"></td>
<td><input type="image" src="search.png" name="searchMusic" value="yes"></td>
</form>
<?php
}
?>
</table>
PHP和MySQL
// do we want to add a new track?
if (isset($_POST["addTrack"]) && $_POST["addTrack"]=="yes") {
$dbQuery="insert into music values (NULL, '".$_POST["song"]."','".$_POST["artist"]."', 'Y')";
$dbResult=mysql_query($dbQuery);
}
完整檔案:
<html>
<head>
<title>Music Database Editor</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<?php
include "dbConnect.php";
session_start();
if (!(isset($_SESSION["currentUser"]))) header ("Location: adminLogin.php");
$currentUser=$_SESSION["currentUser"];
$currentUserID=$_SESSION["currentUserID"];
$dbQuery="select * from users where id='$currentUserID'";
$dbResult=mysql_query($dbQuery);
$dbRow=mysql_fetch_array($dbResult);
$adminPriv=$dbRow["admin"];
if ($adminPriv=='N') {
header ("Location: adminLogin.php");
}
// print_r($_POST); // this line can be removed after debugging
// set up page size and current page
$pageSize=10;
if (isset($_POST["thisPage"])) $thisPage=$_POST["thisPage"];
else if (isset($_GET["page"])) $thisPage=$_GET["page"];
else $thisPage=1;
// now check for database activity
// do we want to add a new track?
if (isset($_POST["addTrack"]) && $_POST["addTrack"]=="yes") {
$dbQuery="insert into music values (NULL, '".$_POST["song"]."','".$_POST["artist"]."', 'Y')";
$dbResult=mysql_query($dbQuery);
}
// do we want to modify an existing track?
if (isset($_POST["updateData"]) && $_POST["updateData"]=="yes") {
$dbQuery="update music set ".
"song='".$_POST["newSong"]."', ".
"artist='".$_POST["newArtist"]."' ".
"where id=".$_POST["id"];
$dbResult=mysql_query($dbQuery);
}
// do we want to delete a track?
if (isset($_POST["deleteTrack"]) && $_POST["deleteTrack"]=="yes") {
$dbQuery="delete from music where id=".$_POST["id"];
$dbResult=mysql_query($dbQuery);
}
// have we clicked on the edit icon?
if (isset($_POST["editTrack"]) && $_POST["editTrack"]=="yes") {
$edit=true;
$dbQuery="select * from music where id=".$_POST["id"];
$dbResult=mysql_query($dbQuery);
$dbRow=mysql_fetch_array($dbResult);
// set up the values that will appear in the edit form
$editId=$dbRow["id"];
$editSong=$dbRow["song"];
$editArtist=$dbRow["artist"];
}
else $edit=false;
// how many tracks are in the table?
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes")
$dbQuery="select count(id) from music where song like '%".$_POST["song"]."%' and got='Y'";
else
$dbQuery="select count(id) from music where got='Y'";
$dbResult=mysql_query($dbQuery);
$dbRow=mysql_fetch_array($dbResult);
$totalRows=$dbRow[0];
// adjust $thisPage if we have just deleted the only track on the previous page
if (($thisPage*$pageSize)-($pageSize-1)>$totalRows) $thisPage--;
// do we want to search for a track? track name
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
if (isset($_POST["song"]) && $_POST["song"]!="")
$likeStr="where song like '%".$_POST["song"]."%'";
if (isset($_POST["artist"]) && $_POST["artist"]!="")
$likeStr="where artist like '%".$_POST["artist"]."%'";
if (isset($_POST["song"]) && $_POST["song"]!="" && isset($_POST["artist"]) && $_POST["artist"]!="")
$likeStr="where song like '%".$_POST["song"]."%' and artist like '%".$_POST["artist"]."%'";
} else $likeStr="";
if (isset($_POST["sort"]) && $_POST["sort"]=="yes") { // are the tracks sorted?
$dbQuery="select * from music $likeStr " .
" order by ".$_POST["sortField"]." ".$_POST["sortDirection"].
" limit $pageSize offset " . ($thisPage-1)*$pageSize;
} else $dbQuery="select * from music $likeStr where got='Y' limit $pageSize offset ".($thisPage-1)*$pageSize;
$dbResult=mysql_query($dbQuery);
$numResults=mysql_num_rows($dbResult);
// which tracks are we currently displaying?
if ($numResults==0) {
$first=0; $last=0;
} else {
$first=(($thisPage-1)*$pageSize)+1;
if ($thisPage<$totalRows/$pageSize) $last=$first+($pageSize-1); else $last=$totalRows;
}
$prevPage=$thisPage-1;
$nextPage=$thisPage+1;
echo "<hr width='1300'>";
echo "<br>";
echo "<h3>Music Database Editor</h3>";
// echo "<p>$dbQuery</p>";
// display button link to previous page
if ($thisPage>1) {
echo "<form class=\"inline\" method=\"post\" action=\"dataGridAdmin.php\">".
"<input type=\"hidden\" name=\"thisPage\" value=\"$prevPage\">";
if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
"<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
"<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
}
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
"<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">";
}
echo "<input type=\"image\" src=\"previous.png\" alt=\"Previous page\">".
"</form> ";
} else echo "<img src=\"previous.png\"> ";
echo "Displaying tracks $first-$last of $totalRows ";
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes")
echo "containing '".$_POST["song"]."".$_POST["artist"]."' ";
// display button link to next page
if ($thisPage<$totalRows/$pageSize) {
echo "<form class=\"inline\" method=\"post\" action=\"dataGridAdmin.php\">".
"<input type=\"hidden\" name=\"thisPage\" value=\"$nextPage\">";
if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
"<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
"<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
}
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
"<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">";
}
echo "<input type=\"image\" src=\"next.png\" alt=\"Next page\">".
"</form> ";
} else echo "<img src=\"next.png\"> ";
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<form class=\"inline\" method=\"post\" action=\"dataGridAdmin.php\">";
if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
"<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
"<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
}
echo "<input type=\"image\" src=\"showAll.png\" alt=\"Show All\">".
"</form> ";
}
?>
<!-- now the current page of tracks -->
<table cellspacing="5">
<tr>
<!-- Sort song name -->
<th><form class="inline" method="post" action="dataGridAdmin.php">
<input type="hidden" name="sort" value="yes">
<input type="hidden" name="sortField" value="song">
<input type="hidden" name="sortDirection" value="asc">
<input type="hidden" name="thisPage" value="<?php echo $thisPage; ?>">
<?php
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
"<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">";
}
?>
<input type="image" src="sort_ascend.png" alt="Sort A-Z">
</form>
Song
<form class="inline" method="post" action="dataGridAdmin.php">
<input type="hidden" name="sort" value="yes">
<input type="hidden" name="sortField" value="song">
<input type="hidden" name="sortDirection" value="desc">
<input type="hidden" name="thisPage" value="<?php echo $thisPage; ?>">
<?php
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
"<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">";
}
?>
<input type="image" src="sort_descend.png" alt="Sort Z-A">
</form></th>
<!-- Sort artist name -->
<th><form class="inline" method="post" action="dataGridAdmin.php">
<input type="hidden" name="sort" value="yes">
<input type="hidden" name="sortField" value="artist">
<input type="hidden" name="sortDirection" value="asc">
<input type="hidden" name="thisPage" value="<?php echo $thisPage; ?>">
<?php
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
"<input type=\"hidden\" name=\"artist\" value=\"".$_POST["artist"]."\">";
}
?>
<input type="image" src="sort_ascend.png" alt="Sort A-Z">
</form>
Artist
<form class="inline" method="post" action="dataGridAdmin.php">
<input type="hidden" name="sort" value="yes">
<input type="hidden" name="sortField" value="artist">
<input type="hidden" name="sortDirection" value="desc">
<input type="hidden" name="thisPage" value="<?php echo $thisPage; ?>">
<?php
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
"<input type=\"hidden\" name=\"artist\" value=\"".$_POST["artist"]."\">";
}
?>
<input type="image" src="sort_descend.png" alt="Sort Z-A">
</form></th><th></th><th></th></tr>
<?php
while ($dbRow=mysql_fetch_array($dbResult)) {
$id=$dbRow["id"];
$song=$dbRow["song"];
$artist=$dbRow["artist"];
// are we editing a track? If so, display the form
if ($edit) {
if ($id==$_POST["id"]) {
echo "<tr><form class=\"inline\" method=\"post\" action=\"dataGridAdmin.php\">".
"<input type=\"hidden\" name=\"updateData\" value=\"yes\">".
"<input type=\"hidden\" name=\"id\" value=\"$editId\">".
"<td><input type=\"text\" name=\"newSong\" value=\"$editSong\"></td>".
"<td><input type=\"text\" name=\"newArtist\" value=\"$editArtist\"></td>".
" <input type=\"hidden\" name=\"thisPage\" value=\"$thisPage\">";
if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
"<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
"<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
}
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
"<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">";
}
echo "<input type=\"image\" src=\"edit.png\"></td>".
"<td></td></form></tr>";
} else {
echo "<tr><td>$song</td><td>$artist</td><td></td><td></td>";
}
}
// not editing, so display the tracks as text
else {
echo "<tr><td width='300'>$song</td><td width='300'>$artist</td>";
echo "<td><form class=\"inline\" method=\"post\" action=\"dataGridAdmin.php\">".
" <input type=\"hidden\" name=\"editTrack\" value=\"yes\">".
" <input type=\"hidden\" name=\"id\" value=\"$id\">".
" <input type=\"hidden\" name=\"thisPage\" value=\"$thisPage\">";
if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
"<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
"<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
}
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
"<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">";
}
echo " <input type=\"image\" src=\"edit.png\" alt=\"Edit track\">".
" </form></td>".
"<td><form class=\"inline\" method=\"post\" action=\"dataGridAdmin.php\">".
" <input type=\"hidden\" name=\"deleteTrack\" value=\"yes\">".
" <input type=\"hidden\" name=\"id\" value=\"$id\">".
" <input type=\"hidden\" name=\"thisPage\" value=\"$thisPage\">";
if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
"<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
"<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
}
if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
"<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">";
}
echo " <input type=\"image\" src=\"delete.png\" alt=\"Delete track\">".
" </form></td>".
"</tr>";
}
}
// only display the "add track" form if we are NOT currently editing
if (!$edit) {
?>
<tr>
<form class="inline" method="post" action="dataGridAdmin.php">
<td><input type="text" name="song" size="20"></td>
<td><input type="text" name="artist" size="20"></td>
<td>
<?php
if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
"<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
"<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
}
?>
<input type="image" src="add.png" name="addTrack" value="yes"></td>
<td><input type="image" src="search.png" name="searchMusic" value="yes"></td>
</form>
</tr>
<?php
}
?>
</table>
<p></br>  <a href="adminLogin.php">Logout</a>
</body>
</html>
如果有幫助,它將是這樣: http : //i57.tinypic.com/2hpmzbt.jpg
4 個解決方案
解決方案1
0 2014-05-07 13:17:24
首先,您的插入絕對沒有針對SQL注入的保護。 感謝XKCD關於Bobby Tables的開玩笑,您可以看到它詳細解釋了整個問題。
其次,我不知道問題出在哪里,因為您沒有顯示執行輸出的代碼,而是執行提交的代碼。 您的PHP塊位於提交的同一頁面還是單獨的頁面? 您是否正在使用重定向?
解決方案2
0 2014-05-07 13:19:01
嘗試升級您的php和mysql版本。 正如Abhik Chakraborty所說,PHP Mysql與瀏覽器無關! 。
解決方案3
0 2014-05-07 13:24:56
輸入類型“圖像”不支持值字段。 請參閱: http : //www.w3.org/TR/html4/interact/forms.html#h-17.4.1
相反,“圖像”輸入的值是用戶單擊圖像的坐標。 嘗試檢查是否設置了addTrack.x:
// do we want to add a new track?
if (isset($_POST["addTrack"]) && isset($_POST["addTrack.x"])) {
$dbQuery="insert into music values (NULL, '".$_POST["song"]."','".$_POST["artist"]."', 'Y')";
$dbResult=mysql_query($dbQuery);
}
正如其他人所說,您還應該閱讀SQL注入。
解決方案4
0 2014-05-07 13:33:55
我看到可能會導致問題的幾件事。 首先,就像我之前的那個家伙說的那樣,您已經准備好進行SQL注入,您要做的至少就是過濾$ _POST數據。 您也沒有提供查詢數據庫
<?php
// do we want to add a new track?
if (isset($_POST["addTrack"]) && $_POST["addTrack"]=="yes") {
$db_connection = mysqli_connect("myhost","myuser","mypassw","mydb") or die("Error " . mysqli_error($link));
//Clean the data and get it ready
$addTrack=mysqli_real_escape_string(strip_tags($db_connection,$_POST['addTrack']));
$song=mysqli_real_escape_string($db_connection,strip_tags($_POST['song']));
$artist=mysqli_real_escape_string($db_connection,strip_tags($_POST['artist']));
$dbQuery="insert into music (NULL, '$song','$artist', 'Y')";
$dbResult=mysqli_query($db_connection,$dbQuery);
if($dbResult){
//Your query worked!!
}
}
?>
PHP腳本和HTML - 這適用於Firefox和Chrome,但不適用於IE
[英]PHP Script and HTML - This works in Firefox and Chrome, but not IE
PHP 表單在 Firefox 中正常工作,但在 IE 和 Chrome 中無法正常工作
[英]PHP Form Works Correctly in Firefox, but not in IE and Chrome
通過PHP生成的CSS在Firefox中被忽略,但可在Chrome,IE8中使用
[英]CSS generated via PHP ignored in Firefox but works in Chrome, IE8
通過PHP設置Cookie在Chrome中有效,但在Firefox或IE中不起作用
[英]Setting Cookie via PHP works in Chrome but not Firefox or IE
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
查詢適用於Firefox,但不適用於ie和chrome
PHP表單可在IE中使用,但不適用於Chrome或Firefox
PHP腳本和HTML - 這適用於Firefox和Chrome,但不適用於IE
php會話無法在chrome和firefox中使用,但可以在IE中
PHP 表單在 Firefox 中正常工作,但在 IE 和 Chrome 中無法正常工作
通過PHP生成的CSS在Firefox中被忽略,但可在Chrome,IE8中使用
通過PHP設置Cookie在Chrome中有效,但在Firefox或IE中不起作用
表格適用於Chrome和IE,但不適用於Firefox
php SetCookie適用於Firefox,但不適用於IE
帶有MySQL搜索的PHP代碼在IE中中斷,但在Chrome中有效
相關標簽