美好的一天,每次刷新我的php文件时,即使在按下提交按钮之前,也会显示成功的警报,从而在我的数据库中显示空数据。
我需要帮助,因为没有显示警告或错误。 提前感谢您的帮助。
PHP:
session_start(
);
require 'Connect.php';
if(empty($_POST['FirstName']))
$FirstName = '';
else
$FirstName = ($_POST['FirstName']);
if(empty($_POST['LastName']))
$LastName = '';
else
$LastName = ($_POST['LastName']);
if(empty($_POST['Gender']))
$Gender = '';
else
$Gender = ($_POST['Gender']);
if(empty($_POST['UserName']))
$UserName = '';
else
$UserName = ($_POST['UserName']);
if(empty($_POST['Password']))
$Password = '';
else
$Password = ($_POST['Password']);
if(empty($_POST['reEnterPassword']))
$reEnterPassword = '';
else
$reEnterPassword = ($_POST['reEnterPassword']);
if(empty($_POST['EmailAdd']))
$EmailAdd = '';
else
$EmailAdd = ($_POST['EmailAdd']);
if(empty($_POST['reEnterEmailAdd']))
$reEnterEmailAdd = '';
else
$reEnterEmailAdd = ($_POST['reEnterEmailAdd']);
$sql = " INSERT INTO User(FirstName, LastName, UserName, Password, reEnterPassword, EmailAdd, reEnterEmailAdd)
VALUES ('$FirstName', '$LastName', '$UserName', '$Password', '$reEnterPassword', '$EmailAdd', '$reEnterEmailAdd'); ";
$result = mysql_query($sql);
if (!$result){
die('Invalid Input: ' . mysql_error().$sql);
}
else{
echo "<script> alert('Successfully Added'); </script> ";
}
?>
答案 0 :(得分:0)
它是因为您在数据库中插入空变量。
$FirstName = (isset($_POST['FirstName'])&&$_POST['FirstName']!='')?$_POST['FirstName']:die("required");
为每个变量执行此操作。然后执行您的查询。它不会添加空数据。
正如@Machavity所说,要阻止SQL injection。看看这个:
http://php.net/manual/en/ref.pdo-mysql.php
绑定您的变量,而不是直接将其插入查询中。