我的代码不会插入db

时间:2012-03-28 11:36:36

标签: php mysql

我真的没想到它不会的原因......它对我来说很好(如果没事的话,我不会在这里问)

之前发生过这种情况(参见我最近的帖子),我使用了之前项目中的代码(运行正常),但是当我尝试将它用于此特定项目时,它无法工作。我不知道为什么它不会在这个特定时间工作,因为它之前有效

有人能告诉我查询有什么问题吗?

<?php
    $hostname = "localhost"; 
    $db_user = "#"; // change to your database password
    $db_password = "#"; // change to your database password
    $database = "#"; // provide your database name
    $db_table = "#"; // leave this as is

    # STOP HERE
    ####################################################################
    # THIS CODE IS USED TO CONNECT TO THE MYSQL DATABASE
    $db = mysql_connect($hostname, $db_user, $db_password);
    mysql_select_db($database,$db);
    ?>

    <?php

    $date = date("Y-m-d H:i:s");

    $cfname = preg_replace('#[^A-Za-z0-9.,]#i', '', $_POST['cfname']);
    $cfname = strip_tags($cfname);
    $cfname = mysql_real_escape_string($cfname);
    $cfname = stripslashes($cfname);

    $clname = preg_replace('#[^A-Za-z0-9.,]#i', '', $_POST['clname']);
    $clname = strip_tags($clname);
    $clname = mysql_real_escape_string($clname);
    $clname = stripslashes($clname);

    $cname = $cfname+$clname;

    $cemail = preg_replace('#[^A-Za-z0-9@.-_ ]#i', '', $_POST['cemail']);
    $cemail = strip_tags($cemail);
    $cemail = mysql_real_escape_string($cemail);
    $cemail = stripslashes($cemail);

    $cphone = preg_replace('#[^0-9]#i', '', $_POST['cphone']);
    $cphone = strip_tags($cphone);
    $cphone = mysql_real_escape_string($cphone);
    $cphone = stripslashes($cphone);

    $caddress = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['caddress']);
    $caddress = strip_tags($caddress);
    $caddress = mysql_real_escape_string($caddress);
    $caddress = stripslashes($caddress);

    $caddress2 = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['caddress2']);
    $caddress2 = strip_tags($caddress2);
    $caddress2 = mysql_real_escape_string($caddress2);
    $caddress2 = stripslashes($caddress2);

    $cage = preg_replace('#[^0-9]#i', '', $_POST['cage']);
    $cage = strip_tags($cage);
    $cage = mysql_real_escape_string($cage);
    $cage = stripslashes($cage);

    $cnationality = preg_replace('#[^A-Za-z,]#i', '', $_POST['cnationality']);
    $cnationality = strip_tags($cnationality);
    $cnationality = mysql_real_escape_string($cnationality);
    $cnationality = stripslashes($cnationality);

    $flightno = $_POST['flightno'];
    $flightno = strip_tags($flightno);
    $flightno = mysql_real_escape_string($flightno);

    $resno = $flightno*2;

    if (isset($_REQUEST['Submit'])) {
    # THIS CODE TELL MYSQL TO INSERT THE DATA FROM THE FORM INTO YOUR MYSQL TABLE
    $sql ="INSERT INTO $db_table(cust_name,cust_email,cust_phone,cust_add,cust_add2,cust_age,cust_nationality,flight_no,resno) VALUES ('$cname','$cemail','$cphone','$caddress', '$caddress', '$caddress2', '$cage', '$cnationality', '$flightno', '$resno')";
    if($result = mysql_query($sql ,$db)) {
    echo '<meta http-equiv="refresh" content="35,search.php" />Thank you for 

    reserving your e-ticket. Your reservation number is $resno. Please keep it to 

    confirm your reservation. You can confirm your ticket by calling this number 1-

    800-NOTAREALNUMBER or you can visit our offices located in The South Pole next 

    to Willy Wonkas Chocolate Factory. Have a great day! <p><a 

    href="search.php"><small>Click here to go back</small></a></p>';
    } else {
    echo "ERROR: ".mysql_error();
    }
    } else { echo ""?>
    <form onsubmit="return validateForm()" enctype="text/plain" method="post" 

    action="" name="cusBooking">
    <table style="text-align: left; background-color: white; width: 425px; height: 

    143px;" border="0" cellpadding="1" cellspacing="3">
    <tbody>
    <tr>
    <td>
    <small>First name: </small><input type="text" name="cfname" />
    </td>
    <td>
    <small>Last name: </small><input type="text" name="clname" />
    </td>
    </tr>
    <tr>
    <td>
    <small>Email: </small><input type="text" name="cemail" />
    </td>
    <td>
    <small>Phone number: </small><input type="text" name="cphone" />
    </td>
    </tr>
    <tr>
    <td>
    <small>Address: </small><input type="text" name="caddress" />
    </td>
    <td>
    <small>Address 2: </small><input type="text" name="caddress2" />
    </td>
    </tr>
    <tr>
    <td>
    <small>Age: <input type="text" name="cage" />
    </td>
    <td>
    <small>Nationality: </small><input type="text" name="cnationality" />
    </td>
    </tr>
    <tr>
    <td>
    <input name="flightno" value='<?php echo "$flightno"?>' type="hidden">
    </td>
    <td>
    <input name="Submit" type="image" tabindex="5" src="images/flight_button.png" 

    value="Submit Your Site" />
    </td>
    </tr>
    </tbody>
    </table>
    </form>
    <?php
    }
    ?>

2 个答案:

答案 0 :(得分:1)

"INSERT INTO $db_table( 9 ITEMS ) VALUES ( 10 ITEMS)"

'$caddress'您的查询中有两次,使用参数来防止此类问题,请检查PDO

或者至少更好地格式化你的代码,所以这样的错误可以更好地显示。

答案 1 :(得分:1)

你有这个:

if (isset($_REQUEST['Submit'])) {

因此,只有表单数据(或cookie !!)具有名为Submit且具有真值的参数时,才会运行数据库插入代码。

您的表单通常不会提交这样的值,因为名为Submit的控件是图像输入(在某些浏览器中,只提交Submit.xSubmit.y(PHP将重命名)到Submit_xSubmit_y)。

您还有enctype="text/plain"

如果任何浏览器实际上支持enctype属性的值,那么它将不会以结构化格式对数据进行编码,因此不能期望PHP能够从中提取任何参数。

相关问题
最新问题