我是新手,但得到了它,但我需要帮助。 我目前有一个名为Newkpi.php的php文件,它抓取我想要的数据库表StaffList中的所有用户,然后将它们放入一个我可以输入数据的表中。然后我按下按钮,数据被发送到另一个名为服务的表。我发现它是在表中创建记录但它不会插入任何数据,它只是放在一个空白记录中,我的代码在下面
<?php
include 'dbc.php';
page_protect();
if(!checkAdmin()) {
header("Location: myaccount.php");
exit();
}
company();
$page_limit = 10;
$stafflist = mysql_query("SELECT * FROM StaffList WHERE full_name != 'Adam Carter'
AND full_name != 'Jakata' AND branch = '$_SESSION[branch]' ");
$host = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$login_path = @ereg_replace('admin','',dirname($_SERVER['PHP_SELF']));
$path = rtrim($login_path, '/\\');
// filter GET values
foreach($_GET as $key => $value) {
$get[$key] = filter($value);
}
foreach($_POST as $key => $value) {
$post[$key] = filter($value);
}
$rs_all = mysql_query("select count(*) as total_all from StaffList") or die(mysql_error());
$rs_active = mysql_query("select count(*) as total_active from StaffList where approved='1'") or die(mysql_error());
$rs_total_pending = mysql_query("select count(*) as tot from StaffList where approved='0'");
list($total_pending) = mysql_fetch_row($rs_total_pending);
list($all) = mysql_fetch_row($rs_all);
list($active) = mysql_fetch_row($rs_active);
?>
<html>
<head>
<title>Administration Main Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="styles.css" rel="stylesheet" type="text/css">
<script language="JavaScript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script>
</head>
<body>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><br>
</tr>
<tr>
<td width="14%" valign="top"><?php
if (isset($_SESSION['user_id'])) {?>
<div class="myaccount">
<p><strong>Administration</strong></p>
<a href="CreateUser.php">Create New User</a><br>
<a href="UserEdit.php">Edit User</a><br>
</div>
<?php }
if (checkAdmin()) {
/*******************************END**************************/
?>
<?php } ?>
</td>
<td width="74%" valign="top" style="padding: 10px;">
<p><?php
?></p>
<p>
</p>
<?php
if($_POST['doSubmit'] == 'Create')
{
mysql_query("INSERT INTO Services (Staffname,ServiceAmount,ServiceDate,ForecastForNextMonth,ProductSales,ClientsThisMonth,personnelRetension, totalRetension, Colours, Cuts, PreBooking, TimeUsed)
VALUES ('$post[user_name]','$post[Serviceamount]','$post[servicedate]','$post[forecast]','$post[productsales]','$post[Clientsthismonth]','$post[Personelret]','$post[Totalret]','$post[colours]','$post[cuts]','$post[prebooking]','$post[timeused]')
") or die(mysql_error());
echo "<div class=\"msg\">New KPI's Entered</div>";
}
?>
<h3 class="titlehdr"><font color="#000050">Create New User</font></h3>
<table width="300px" border="0" align="Centre" cellpadding="2" cellspacing="0">
<tr bgcolor="#000050">
<form name="form1" method="post" action="Newkpi.php">
<td width="20px"><h3 class="Text2">Staff Member</h3></td>
<td width="20px"><h3 class="Text2">Service Amount</h3></td>
<td width="20px"><h3 class="Text2">Service Date</h3></td>
<td width="20px"><h3 class="Text2">Forecast For Next Month</h3></td>
<td width="20px"><h3 class="Text2">Product Sales</h3></td>
<td width="20px"><h3 class="Text2">Clients This Month</h3></td>
<td width="20px"><h3 class="Text2">Personel Retension</h3></td>
<td width="20px"><h3 class="Text2">Total Retension</h3></td>
<td width="20px"><h3 class="Text2">Colours</h3></td>
<td width="20px"><h3 class="Text2">Cuts</h3></td>
<td width="20px"><h3 class="Text2">Pre-Booking</h3></td>
<td width="20px"><h3 class="Text2">Time Used</h3></td>
</tr>
<?php while ($rrows = mysql_fetch_array($stafflist)) {?>
<tr>
<td name="user_name"><h3 class="Text3"><?php echo $rrows['full_name'];?></h3></td>
<td><input name="Serviceamount" type="text" size="4" id="Serviceamount"></td>
<td><h3 class="Text3"><input name="servicedate" type="text" size="4" id="servicedate"></h3></td>
<td><h3 class="Text3"><input name="forecast" type="text" size="4" id="forecast"></h3></td>
<td><h3 class="Text3"><input name="productsales" type="text" size="4" id="productsales"></h3></td>
<td><h3 class="Text3"><input name="Clientsthismonth" type="text" size="4" id="Clientsthismonth"></h3></td>
<td><h3 class="Text3"><input name="Personelret" type="text" size="4" id="Personelret"></h3></td>
<td><h3 class="Text3"><input name="Totalret" type="text" size="4" id="Totalret"></h3></td>
<td><h3 class="Text3"><input name="colours" type="text" size="4" id="colours"></h3></td>
<td><h3 class="Text3"><input name="cuts" type="text" size="4" id="cuts"></h3></td>
<td><h3 class="Text3"><input name="prebooking" type="text" size="4" id="prebooking"></h3></td>
<td><h3 class="Text3"><input name="timeused" type="text" size="4" id="timeused"></h3></td>
</tr>
<?php } ?>
</form>
</table>
<input name="doSubmit" type="submit" id="doSubmit" value="Create">
<p> </p>
<p> </p>
<p> </p>
<p> </p></td>
<td width="12%"> </td>
</tr>
</table>
</body>
</html>
愿意为此提供一些帮助
答案 0 :(得分:0)
大概你想用$_POST而不是$ post?
此外,您可能需要考虑在表上添加一些约束,假设所有为null的内容都不是所需的功能。
一旦你完成了这项工作,我就会对SQL注入的安全问题进行一些研究并检查你的传入数据,假设它不是在安全的内部网上运行。
答案 1 :(得分:0)
你的问题在于语法..
在SQL插入查询中将$ post的所有实例更改为$ _POST。我认为你还应该为每个$ _POST创建变量,因为如果你不删除引号,你将遇到语法问题。
这是一个简单的例子:
$field1 = $_POST['field1'];
$field2 = $_POST['field2'];
$field3 = $_POST['field3'];
mysql_query("INSERT INTO table (field1, field2, field3) VALUES ('$field1', '$field2', '$field3')");
答案 2 :(得分:0)
mysql_query("INSERT INTO Services (Staffname,ServiceAmount,ServiceDate,ForecastForNextMonth,ProductSales,ClientsThisMonth,personnelRetension, totalRetension, Colours, Cuts, PreBooking, TimeUsed)
VALUES ('$post[user_name]','$post[Serviceamount]','$post[servicedate]','$post[forecast]','$post[productsales]','$post[Clientsthismonth]','$post[Personelret]','$post[Totalret]','$post[colours]','$post[cuts]','$post[prebooking]','$post[timeused]')
") or die(mysql_error());
$ post [user_name]
更改为$ _POST ['user_name'];
与每个$ post []
相同直接将$ _POST传递给sql并不好,因为有人会进行sql注入。 最好先将它们分配给变量,然后传入sql中的变量