Question

我得知它工作，对不起伙计......我不应该再将$ _POST放入$ stm

以下代码是出于安全目的而收到发布值的地方，我打算放置preg_replace函数..但是它不起作用？

<?php 
if (isset($_POST['cartOutput'])) {

$customer_name = preg_replace("/[^A-Za-z0-9 ]/", '', $_POST['customer_name']);

更多代码......这可能会导致问题？我检查了我的PHP它没有过滤

<?php 
if (isset($_POST['cartOutput'])) {

$customer_name = preg_replace('/[^A-Za-z0-9 ]/', '', $_POST['customer_name']);
$tel_num = $_POST['tel_num'];
$customer_address = $_POST['customer_address'];
$error_status = false;

if (empty($_POST['customer_name'])){
echo '<a href="cart.php">Please Fill Your Name</a>';
$error_status = true;
} 
if (empty($_POST['tel_num'])){
echo '</br><a href="cart.php">Please Fill Your Contact Number</a></br>';
$error_status = true;
} 
if (empty($_POST['customer_address'])){
echo'<a href="cart.php">Please Fill Your Address</a></br>';
$error_status = true;
}

if(!$error_status) {

$sql= 'INSERT INTO orders (customer_name,tel_num,customer_address,product_name, price, quantity, date_added,customer_messages) VALUES(?,?,?,?,?,?,NOW(),?)';      

$stmt = $myConnection->prepare($sql); 
$countArray = count($_POST["item_name"]);
for ($i = 0; $i < $countArray; $i++) {
$stmt->bind_param('sssssss', $_POST['customer_name'],$_POST['tel_num'],$_POST['customer_address'], $_POST['item_name'][$i], $_POST['amount'][$i], $_POST['quantity'][$i],$_POST['customer_messages']);
$stmt->execute();
}
 ;

Answer 1

我写了一个php脚本：

$customer_name = preg_replace("/[^A-Za-z0-9 ]/", '', '!h#e$l%l^o');
var_dump($customer_name);

结果是：

string(5) "hello"

请调试您的代码以检查$_POST['customer_name']内容

Answer 2

这对我来说很好看！也许先检查customer_name是否有值？

$text = "h^&%*ello";
$new = preg_replace("/[^A-Za-z0-9 ]/", '', $text);
echo $new;

output: hello

在这里测试时http://writecodeonline.com/php/我得到了正确的结果，所以语法看起来很好！尝试确保有价值！

preg_replace函数集但不起作用

2 个答案: